Lucene search
K

25 matches found

Malwarebytes
Malwarebytes
added 2026/05/26 1:7 p.m.14 views

Fake software on GitHub and SourceForge distribute Deno RAT

During our threat hunting activities, we found fake installers and plugins impersonating popular software including ChatGPT, Claude, AutoTune, and Kontakt on GitHub and SourceForge distributing a Deno backdoor known as DinDoor. Attackers are using compromised YouTube channels to distribute links ...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/20 11:38 a.m.6 views

That “job brief” on Google Forms could infect your device

We've identified a campaign using business-related lures, such as job interviews, project briefs, and financial document, to distribute malware, including the PureHVNC Remote Access Trojan RAT. It's not the malware that's new, but how the attack starts. Instead of the usual phishing email or fake...

6AI score
Exploits0
Trellix
Trellix
added 2026/03/11 12:0 a.m.6 views

Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution

Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution By Madhini Muralidharan · March 11, 2026 Traditional malware campaigns rely heavily on dropping executable files to disk—artifacts that defenders can scan, quarantine, and analyze with signature-based security tools. Mode...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/08/21 4:25 p.m.11 views

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA...

6.2AI score
Exploits0
HackRead
HackRead
added 2025/02/04 4:47 p.m.9 views

New ValleyRAT Malware Variant Spreading via Fake Chrome Downloads

Morphisec uncovers a new ValleyRAT malware variant with advanced evasion tactics, multi-stage infection chains, and novel delivery methods…...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/01/06 11:10 a.m.10 views

FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices

An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised devices. "Disguised as a fake 'Telegram Premium' app, it is distributed through a...

7.1AI score
Exploits0
HackRead
HackRead
added 2024/12/10 6:51 p.m.8 views

Black Basta Ransomware Uses MS Teams, Email Bombing to Spread Malware

The Black Basta ransomware group is using advanced social engineering tactics and a multi-stage infection process to target organizations...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/11/06 1:59 p.m.15 views

Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

Cybersecurity researchers are warning that a command-and-control C&C framework called Winos is being distributed within gaming-related applications like installation tools, speed boosters, and optimization utilities. "Winos 4.0 is an advanced malicious framework that offers comprehensive...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/10 5:35 a.m.19 views

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime CLR to dynamically load and run PowerShell commands, thereby creating a PowerShell...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/22 4:47 p.m.43 views

North Korean Hackers Weaponize Fake Research to Deliver RokRAT Backdoor

Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/02 9:21 a.m.37 views

Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign

The Iranian nation-state actor known as MuddyWater has been linked to a new spear-phishing campaign targeting two Israeli entities to ultimately deploy a legitimate remote administration tool from N-able called Advanced Monitoring Agent. Cybersecurity firm Deep Instinct, which disclosed details o...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/23 6:33 a.m.48 views

Over a Dozen Malicious npm Packages Target Roblox Game Developers

More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token Grabber on systems belonging to Roblox developers. The ongoing campaign, first detected on August...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/10 12:22 p.m.50 views

New TOITOIN Banking Trojan Targeting Latin American Businesses

Businesses operating in the Latin American LATAM region are the target of a new Windows-based banking trojan called TOITOIN since May 2023. "This sophisticated campaign employs a trojan that follows a multi-staged infection chain, utilizing specially crafted modules throughout each stage," Zscale...

9.8CVSS7.1AI score0.85689EPSS
Exploits10
The Hacker News
The Hacker News
added 2023/06/01 6:58 a.m.31 views

N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT

Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that's employed by the North Korean state-sponsored actor known as ScarCruft. "RokRAT is a sophisticated remote access trojan RAT that has been observed as a critical component within the attack chain, enablin...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/01 6:58 a.m.5 views

N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT

Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that's employed by the North Korean state-sponsored actor known as ScarCruft. "RokRAT is a sophisticated remote access trojan RAT that has been observed as a critical component within the attack chain, enablin...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/02 6:54 a.m.3 views

North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains

The North Korean threat actor known as ScarCruft started experimenting with oversized LNK files as a delivery route for RokRAT malware as early as July 2022, the same month Microsoft began blocking macros across Office documents by default. "RokRAT has not changed significantly over the years, bu...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/29 12:0 p.m.40 views

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEPMAVERICK by Securonix, also...

0.7AI score
Exploits0
hivepro
hivepro
added 2022/06/23 9:9 a.m.15 views

ToddyCat exploits unknown vulnerability in Microsoft Exchange servers to targets entities in Europe and Asia

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary ToddyCat, an APT group is deploying web shells by exploiting an unknown vulnerability in the Microsoft Exchange Servers. They are initiating a multi-stage infection that aims at governmental bodies in Europe and...

3.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/02/03 10:49 a.m.35 views

New SEO Poisoning Campaign Distributing Trojanized Versions of Popular Software

An ongoing search engine optimization SEO poisoning attack campaign has been observed abusing trust in legitimate software utilities to trick users into downloading BATLOADER malware on compromised machines. "The threat actor used 'free productivity apps installation' or 'free software developmen...

1.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/28 3:30 p.m.61 views

Researchers Warn of Facefish Backdoor Spreading Linux Rootkits

Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different...

0.9AI score
Exploits0
Rows per page
Query Builder