Malicious code in nolimit-x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc9b808348f8faf797b0aedc8863482566b3d4a244c20c65f2e65632627a87bd The package places 40+ heavily obfuscated JavaScript files 0xNNNNNN hex-mangled identifiers throughout inside a hidden .ad/ directory at the tarball...

MAL-2026-4621 Malicious code in nolimit-x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc9b808348f8faf797b0aedc8863482566b3d4a244c20c65f2e65632627a87bd The package places 40+ heavily obfuscated JavaScript files 0xNNNNNN hex-mangled identifiers throughout inside a hidden .ad/ directory at the tarball...

purplex

Other Stores...

Insecure Deserialization

typo3/cms is vulnerable to Insecure Deserialization. The vulnerability is due to the execution of source code from Phar files when they are invoked. Due to missing sanitization of user input, attackers can upload obfuscated Phar files "bundle.txt" and manipulate URLs in TYPO3 backend forms to...

LimeRAT Malware Analysis: Extracting the Config

Remote Access Trojans RATs have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it...

Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon

THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in the...

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

ManageEngine ADSelfService Plus has been abused in the wild due to a zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An APT actor is attempting to exploit a zero-day vulnerability in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution that poses a high risk to critical infrastructure companies,...

Applied YARA training Q&A

Introduction On August 31, 2021 we ran a joint webinar between VirusTotal and Kaspersky, with a focus on YARA rules best practices and real world examples. If you didnt have the chance to watch the webinar live, you can see it as a recording on Brighttalk: Applied YARA training. During the webina...

Threat Analysis Unit (TAU) Threat Intelligence Notification: SatanCryptor Ransomware

In early January 2020, a new ransomware named ‘SatanCryptor’ was discovered. After it performs file encryption, it will drop a ransom note named “ SATAN CRYPTOR .hta” and append ‘.satan’ as a file extension to the encrypted files. In addition, SatanCryptor will delete itself after the execution t...

Using legitimate tools to hide malicious code

The authors of malware use various techniques to circumvent defensive mechanisms and conceal harmful activity. One of them is the practice of hiding malicious code in the context of a trusted process. Typically, malware that uses concealment techniques injects its code into a system process, e.g...