Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been...

Malicious Package

Overview react-svg-bundler is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package...

Malicious Package

Overview react-svg-helper-fast is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this...

Malicious code in postcss-loader-sagitta-dynamo-altair (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c1bd822a752ca9487e572499a5598de7969ee9e78acd72d6c1fdc286859d9f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in github.com/shadowybulk/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 80a941bac0303482eb50ebe17fbfa05f22640a3932940be16100c6a1c0357a04 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to deploy loader malware on Linux and Apple macOS systems. "The threat actor has published at least seven packages impersonating widely used Go libraries,...

Dark web threats and dark market predictions for 2025

Review of last year's predictions The number of services providing AV evasion for malware cryptors will increase We continuously monitor underground markets for the emergence of new "cryptors," which are tools specifically designed to obfuscate the code within malware samples. The primary purpose...

Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version

A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. "These enhancements aim to increase the malware's stealthiness, thereby remaining undetected for longer periods of time," Zscaler ThreatLabz...

HijackLoader Evolves: Researchers Decode the Latest Evasion Methods

The threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to be increasingly used by other threat actors to deliver additional payloads and tooling. "The malware developer used a standard process hollowing technique coupl...

New JinxLoader Targeting Users with Formbook and XLoader Malware

A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader. The disclosure comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences th...

Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry

An advanced persistent threat APT actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an...

Bronze Starlight uses loader malware to deploy ransomware

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Bronze Starlight, a Chinese APT, is deploying ransomware LockFile, AtomSilo, Rook, Night Sky, and Pandora via the HUI loader malware to carry out double extortion...

This Week in Security News - November 19, 2021

This week, learn about how the QAKBOT Loader malware has evolved its techniques and strategies over time. Also, read about the most recent initiative by the legislation to further cybersecurity protection...

Lazarus Group Surfaces with Advanced Malware Framework

The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems. Kaspersky researchers uncovered a series of attacks utilizing MATA so-called because the malware authors themselves call...

‘Highly Competitive' Buer Loader Emerges in Underground Markets

A previously undocumented modular loader has emerged as a lucrative tool for cybercriminals in a variety of campaigns. Researchers say the “highly competitive” loader, dubbed Buer, is intended for use by actors seeking a turn-key, off-the-shelf solution. Researchers say they have spotted the load...

Malware Loader ‘Brushaloader’ Grows More Menacing

The tenacious loader malware called Brushaloader is growing more menacing, showing no signs of abatement despite best efforts by security professionals. First identified in June 2018, the Brushaloader malware is now more pervasive, stealthy and growing in popularity faster than ever before. New...