7 matches found
New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack
Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOWREACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access. "The infection chain follows a...
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
Cisco Talos is actively tracking an ongoing campaign targeting users in Ukraine with malicious LNK files, which run a PowerShell downloader, since at least November 2024. The file names use Russian words related to the movement of troops in Ukraine as a lure. The PowerShell downloader contacts...
New Botnet Malware 'Horabot' Targets Spanish-Speaking Users in Latin America
Spanish-speaking users in Latin America have been at the receiving end of a new botnet malware dubbed Horabot since at least November 2020. "Horabot enables the threat actor to control the victim's Outlook mailbox, exfiltrate contacts' email addresses, and send phishing emails with malicious HTML...
A deep dive into Saint Bot, a new downloader
This post was authored by Hasherezade with contributions from Hossein Jazi and Erika Noerenberg In late March 2021, Malwarebytes analysts discovered a phishing email with an attached zip file containing unfamiliar malware. Contained within the zip file was a PowerShell script masquerading as a li...
Threat Roundup for Jan. 11 to Jan. 18
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 11 and Jan. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting
A new PowerShell downloader dubbed sLoad is making the rounds, sporting impressive reconnaissance tactics and a penchant for geofencing, which indicate increasing sophistication when it comes to targeting efforts. First spotted in May 2018, sLoad typically delivers the Ramnit banking trojan but h...
Suspicious Powershell Downloader
Many campaigns are known to use Powershell downloaders. A remote attacker could convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system...