AsyncRAT's Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe

Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT , which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. "AsyncRAT has cemented its place as a cornerstone of modern malware an...

LLMalMorph: on the Feasibility of Generating Variant Malware Using Large-Language-Models

Large Language Models LLMs have transformed software development and automated code generation. Motivated by these advancements, this paper explores the feasibility of LLMs in modifying malware source code to generate variants. We introduce LLMalMorph, a semi-automated framework that leverages...

New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks

The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including...

INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure

INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 information-stealing malware variants. The joint action, codenamed Operation Secure, took place between January and April 2025, and involved law enforcement agencies...

Adapting Novelty Towards Generating Antigens for Antivirus Systems

It is well known that anti-malware scanners depend on malware signatures to identify malware. However, even minor modifications to malware code structure results in a change in the malware signature thus enabling the variant to evade detection by scanners. Therefore, there exists the need for a...

300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide

As part of the latest "season" of Operation Endgame, a coalition of law enforcement agencies have taken down about 300 servers worldwide, neutralized 650 domains, and issued arrest warrants against 20 targets. Operation Endgame, first launched in May 2024, is an ongoing law enforcement operation...

Trojan.Win32.DarkGateLoader MVID-2024-0685 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/afe012ed0d96abfe869b9e26ea375824.txt Contact: [email protected] Media: x.com/malvuln Threat: Trojan.Win32.DarkGateLoader multi variants Vulnerability: Arbitrary Code Execution Description:...

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

Cybersecurity researchers have shed more light on a remote access trojan RAT known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. "Deuterbear, while similar to Waterbear in many ways, shows...

Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances

Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway ESG appliances to deploy backdoors on a "limited number" of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides within a third-party and...

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamp...

Increased Truebot Activity Infects U.S. and Canada Based Networks

SUMMARY The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, the Multi-State Information Sharing and Analysis Center MS-ISAC, and the Canadian Centre for Cyber Security CCCS are releasing this joint Cybersecurity Advisory CSA in response to cyber...

CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants

Today, the Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigations FBI, the Multi-State Information Sharing and Analysis Center MS-ISAC, and the Canadian Centre for Cyber Security CCCS released a joint Cybersecurity Advisory CSA, Increased Truebot Activity Infects...

Bad Actors Are Maximizing Remote Everything

The rise of remote work and learning opened new opportunities for many people – as we’ve seen by the number of people who have moved to new places or adapted to “workcations.” Cybercriminals are taking advantage of the same opportunities – just in a different way. Evaluating the prevalence of...

Threat landscape for industrial automation systems, H2 2021

2021 is the second year we have spent living and working in the pandemic. By 2021 everyone got used to pandemic limitations – industrial organization employees and IT security professionals and threat actors. If we compare the numbers from 2020 and 2021, we see that 2021 looks more stable,...

Potential cybersecurity impacts of Russia’s invasion of Ukraine

On Thursday night, Russia launched a military invasion of its neighbor and former Soviet Union member Ukraine, drawing a broad rebuke from international leaders, along with significant protest from the Russian public. The toll of human life from this war is unknown, and, like the many internation...

New Malware Used by SolarWinds Attackers Went Undetected for Years

The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent...

2021 Attacker Dwell Time Trends and Best Defenses

Cyberattacks have shifted from the usual smash-and-grab type of heists to stealthier campaigns where hackers silently camp out on networks for long periods, stealing anything they can get their hands on. Called attacker dwell time, this is part of an adversarial approach that has become even more...

TAU Threat Analysis: Relations to Hakbit Ransomware

See part one of TAU's Hakbit Ransomware analysis here. Many blue team defenders out there will attest to the fact that ransomware is on the rise, and that ransomware doesn’t appear to be going away any time soon. Ransomware is only one of the numerous types of commodity-based emerging threats whi...

Microsoft Outlook Users Targeted By Gamaredon's New VBA Macro

The Gamaredon threat group has given its post-compromise toolset a facelift with the addition of a new Visual Basic for Applications VBA macro. The VBA macro leverages compromised victims’ Microsoft Outlook email accounts to send spear-phishing emails to their contacts – rapidly widening the...

North Korean Malicious Cyber Activity

The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Department of Defense DoD have identified three malware variants—COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH—used by the North Korean government. In addition, U.S. Cyber Command has released...