Malicious code in pretty-logger-utils (npm)

pretty-logger-utils is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper...

New ClickFix wave infects users with hidden malware in images and fake Windows updates

Several researchers have flagged a new development in the ongoing ClickFix campaign: Attackers are now mimicking a Windows update screen to trick people into running malware. ClickFix campaigns use convincing lures, historically “Human Verification” screens, and now a fake “Windows Update” splash...

Your Shipment Notification is Now a Malware Dropper

Forcepoint X-Labs reports a surge in sophisticated email attacks using obfuscated JavaScript and steganography to deliver dangerous RATs and info-stealers like Formbook and Agent Tesla. Learn how to defend against the threat...

YushuTechUnitreeGo1

Based on the provided code, it appears to be a Windows executable file PE file that has been modified to contain a malicious payload. The file is likely a malware dropper or a backdoor that allows remote access to the compromised system. The code is written in C and uses various techniques to eva...

Black Basta-Linked Attackers Target Users with SystemBC Malware

An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC. "The initial lure being utilized by the threat actors remain...

Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware

The NuGet repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with cryptocurrency stealer malware. The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down. "The packages...

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index PyPI repository that are designed to drop malware on compromised developer systems. The packages – named colorslib versions 4.6.11 and 4.6.12, httpslib versions 4.6.9 and 4.6.11, and libhttps version...

Millions of Attacks Target Tatsu Builder Plugin

The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and was publicly disclosed on March 24, 2022 by an independent security researcher. The issue is present in vulnerable...

EXOCET - AV-evading, Undetectable, Payload Delivery Tool

EXOCET is superior to Metasploit's "Evasive Payloads" modules as EXOCET uses AES-256 in GCM Mode Galois/Counter Mode. Metasploit's Evasion Payloads uses a easy to detect RC4 encryption. While RC4 can decrypt faster, AES-256 is much more difficult to ascertain the intent of the malware. However, i...

New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks

A threat actor presumed to be of Chinese origin has been linked to a series of 10 attacks targeting Mongolia, Russia, Belarus, Canada, and the U.S. from January to July 2021 that involve the deployment of a remote access trojan RAT on infected systems, according to new research. The intrusions ha...

Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America

Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims. Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary...

Google Play Harbors Malware-Laced Apps Bent on Spying

A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers. The malware is part of a campaign aimed at lifting victims’ financial information, but which also...

Double Vision: Stealthy Malware Dropper Delivers Dual RATs

A newly discovered initial-stage malware dropper has been discovered sneaking by antivirus products, with the ultimate goal of delivering a double-pronged whammy of RevengeRAT and WSH RAT payloads onto targeted Windows machines. A FortiGuard Labs team recently captured a sample file that had been...

Emotet is back after a summer break

By Colin Grady, William Largent, and Jaeson Schultz. Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world's most dangerous botnets and malware droppers-for-hire. The malware payloads dropped by Emotet serve to more fully monetize their attacks, and ofte...

Dr0p1t-Framework 1.3.2.1 - A Framework That Creates An Advanced FUD Dropper With Some Tricks

Have you ever heard about trojan droppers ? In short dropper is type of malware that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks. Features + Generated executable properties: The executable size is smaller...

Locky Ransomware Roars Back to Life Via Necurs Botnet

Cybercriminals behind the Locky ransomware and Necurs botnet are back in business. Last Friday researchers spotted both delivering nearly 35,000 emails in just a few hours, the first major Locky campaign researchers have seen in months, according to Cisco Talos. Researchers warn the latest Locky...

VulnCheck KEV: CVE-2006-0009

Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJMDROPPER.BH and Trojan.PPDropper.E in...