Lucene search
K

23 matches found

Packet Storm News
Packet Storm News
added 2026/05/26 12:0 a.m.16 views

Anonymous YARA Rules Are Not Anonymous

YARA rules are widely shared across threat intelligence communities to enable collective defence against malware. This practice implicitly assumes that removing metadata e.g., author fields sufficiently protects the identity of contributing organisations. To assess the validity of this assumption...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/05 12:0 a.m.7 views

Rethinking and Exploring String-Based Malware Family Classification in the Era of LLMs and RAG

Malware Family Classification MFC aims to identify the fine-grained family e.g., GuLoader or BitRAT to which a potential malware sample belongs, in contrast to malware detection or sample classification that predicts only an Yes/No. Accurate family identification can greatly facilitate automated...

6.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/06/23 3:55 p.m.11 views

A Deep Dive into a Modular Malware Family

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/14 6:55 a.m.34 views

Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT

A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT. The activity, detected by SEQRITE in December 2024, targeted Indian entities und...

7.9AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/18 12:0 a.m.304 views

Backdoor.Win32.BlackAngel.13 MVID-2024-0695 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/d1523df44da5fd40df92602b8ded59c8.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.BlackAngel.13 Vulnerability: Unauthenticated Remote Command Execution Description...

7.4AI score
Exploits0
Trellix
Trellix
added 2024/06/03 12:0 a.m.6 views

DarkGate again but... Improved?

DarkGate again but... Improved? By Ernesto Fernández Provecho · June 3, 2024 Executive summary During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans RATs by malicious actors. However, this momentum also required...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/02/09 4:32 p.m.81 views

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the...

8.4CVSS7.9AI score0.78376EPSS
Exploits32
The Hacker News
The Hacker News
added 2023/07/26 7:8 a.m.29 views

Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets

A new malware family called Realst has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system. Written in the Rust programming language, the malware is distributed in the form of...

6.6AI score
Exploits0
Securelist
Securelist
added 2023/06/05 10:0 a.m.29 views

Satacom delivers browser extension that steals cryptocurrency

Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/06 8:11 a.m.42 views

FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection

An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware. "The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for...

Exploits0
Securelist
Securelist
added 2022/12/08 10:0 a.m.33 views

DeathStalker targets legal entities with new Janicab variant

Just to clarify, the above subheading isnt a normal quote, but a message that Janicab malware attempted to decode in its newest use of YouTube dead-drop resolvers DDRs. While hunting for less common Deathstalker intrusions that use the Janicab malware family, we identified a new Janicab variant...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/08/01 12:0 a.m.404 views

Backdoor.Win32.Destrukor.20 MVID-2022-0627 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/c790749f851d48e66e7d59cc2e451956B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Destrukor.20 Vulnerability: Unauthenticated Remote Command Execution...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/10 9:43 p.m.19 views

North Korean APT targets US healthcare sector with Maui ransomware

State-sponsored North Korean threat actors have been targeting the US Healthcare and Public Health HPH sector for the past year using the Maui ransomware, according to a joint cybersecurity advisory CSA from the FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Department of the...

Exploits0
The Hacker News
The Hacker News
added 2022/07/08 10:50 a.m.29 views

Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign

A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the "extensions are...

1.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/04/13 4:0 p.m.110 views

Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware

As announced today, Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. We used our research into this threat to enrich our protection technologies and ensure this infrastructure could no longer be...

9.3CVSS0.8878EPSS
Exploits2
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/04/13 4:0 p.m.108 views

Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware

As announced today, Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. We used our research into this threat to enrich our protection technologies and ensure this infrastructure could no longer be...

9.3CVSS0.8878EPSS
Exploits2
Microsoft Secure
Microsoft Secure
added 2022/02/02 5:0 p.m.31 views

The evolution of a Mac trojan: UpdateAgent’s progression

Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was observed distributing...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/12/23 11:36 p.m.25 views

Dridex affiliate dresses up as Scrooge

Threat actors are hoping to catch a few more victims before they leave work for the Christmas holidays. The recent malicious spam campaigns malspam we and others have observed appear to have been created by someone who wants to play Scrooge and add onto peoples already heightened state of anxiety...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2021/08/19 8:19 p.m.111 views

InkySquid State Actor Exploiting Known IE Bugs

The InkySquid advanced persistent threat APT group, which researchers have linked to the North Korean government, was caught launching watering hole attacks against a South Korean newspaper using known Internet Explorer vulnerabilities. New analysis from Volexity reported its team of researchers...

8.8CVSS8.9AI score0.81103EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2020/12/14 4:34 p.m.46 views

New Windows Trojan Steals Browser Credentials, Outlook Files

Researchers have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities– from collecting browser credentials to targeting Outlook files. The trojan, called PyMicropsia due to it being built with Python has been...

Exploits0References6
Rows per page
Query Builder