NiceRAT Malware Targets South Korean Users via Cracked Software

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector...

Threat Round up for January 13 to January 20

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Jan. 13 and Jan. 20. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

Threat Roundup for September 16 to September 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 16 and Sept. 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

Threat Roundup for August 26 to September 2

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 26 and Sept. 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

2021 Top Malware Strains

Summary Immediate Actions You Can Take Now to Protect Against Malware: • Patch all systems and prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication MFA. • Secure Remote Desktop Protocol RDP and other risky services. • Make offline backups of your data. • Provi...

Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware

Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter that's being purchased by cyber criminals to deliver remote access trojans RATs and information stealers. "The loader is a .NET executable obfuscated with SmartAssembly and makes use of...

Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign

Cyberattackers are abusing Amazon Web Services AWS and Azure Cloud services to deliver a trio of remote access trojans RATs, researchers warned – all aimed at hoovering up sensitive information from target users. According to an analysis from Cisco Talos, threat actors have been pushing out...

Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware

Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans RATs such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. The spear-phishing attacks, whi...

Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure

By Chetan Raghuprasad and Vanja Svajcer. Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting user's information. According to Cisco Secure product telemetry, the victims of this campaign are primarily distributed across the...

Malware Makers Using ‘Exotic’ Programming Languages

Malware authors are increasingly using rarely spotted programming languages such as Go, Rust, Nim and DLang in order to create new tools and to hinder analysis, researchers have found. Use of those four languages is escalating in the number of malware families being identified, according to a...

Novel Email-Based Campaign Targets Bloomberg Clients with RATs

A new email-based campaign by an emerging threat actor aims to spread various remote access trojans RATs to a very specific group of targets who use Bloomberg’s industry-based services. Cisco Talos Intelligence researchers discovered the campaign, dubbing it and its perpetrator “Fajan,” and...

NanoCore RAT Scurries Past Email Defenses with .ZIPX Tactic

A spate of malicious emails with attachments delivering the NanoCore remote access trojan RAT is evading anti-malware and email scanners by abusing the .ZIPX file format. That’s according to researchers at Trustwave, who found that the campaign is effectively hiding a malicious executable by givi...

Threat Source newsletter for April 30, 2020

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Our newest research post focuses on the Aggah campaign. Threat actors are pushing Aggah to victims via malicious Microsoft Word document...

MalConfScan - Volatility Plugin For Extracts Configuration Data Of Known Malware

MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function ...

Threat Roundup for September 13 to September 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 13 and Sept. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

Malspam Emails Blanket LokiBot, NanoCore Malware With ISO Files

An ongoing spam campaign has been spotted using ISO disk image file attachments to disguise various information-stealing trojans, including LokiBot and NanoCore. Researchers said that they first spotted the malware-laced spam emails being distributed in April 2019. Spam sent to victims claim to b...

Bot Roundup: Avalanche, Kronos, NanoCore

It's been a busy few weeks in cybercrime news, justifying updates to a couple of cases we've been following closely at KrebsOnSecurity. In Ukraine, the alleged ringleader of the Avalanche malware spam botnet was arrested after eluding authorities in the wake of a global cybercrime crackdown there...

Hacker Who Never Hacked Anyone Gets 33-Month Prison Sentence

A hacker who was arrested and pleaded guilty last year—not because he hacked someone, but for creating and selling a remote access trojan that helped cyber criminals—has finally been sentenced to serve almost three years in prison. Taylor Huddleston, 26, of Hot Springs, Arkansas, pleaded guilty i...

Developer of NanoCore RAT that targeted Canada, US & Steam jailed

By Waqas The developer of NanoCore RAT remote access Trojan has been sentenced This is a post from HackRead.com Read the original post: Developer of NanoCore RAT that targeted Canada, US & Steam jailed...