Lucene search
K

20 matches found

The Hacker News
The Hacker News
added 2026/01/14 2:18 p.m.11 views

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/19 3:52 p.m.44 views

Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners

Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans RATs like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in...

9.8CVSS8.1AI score0.99987EPSS
Exploits64
HackRead
HackRead
added 2025/01/03 11:8 a.m.14 views

NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Researchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar RAT onto developer systems...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/01/02 7:45 a.m.7 views

Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems. The heavily...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/09 12:24 p.m.18 views

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan RAT referred to as Quasar RAT since June 2024. "Attacks have originated with phishing emails impersonating the...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/02 3:36 a.m.36 views

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers' Systems

Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in the open-source ecosystem to deliver malware. "By mimicking the popular 'noblox.js' library, attackers...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/12 3:9 p.m.5 views

Malicious code in discord-api-ts (npm)

This package is considered malicious because it contains a heavily obfuscated postinstall.js script with multiple stages of payload execution, resulting in the delivery of QuasarRAT. This allows command and control by a malicious actor. --- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/07/10 5:35 a.m.19 views

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime CLR to dynamically load and run PowerShell commands, thereby creating a PowerShell...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/02 4:54 a.m.31 views

Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors

The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government vertica...

7.3AI score
Exploits0
hivepro
hivepro
added 2023/10/24 2:19 p.m.17 views

Quasar RAT Utilizes DLL Side-Loading to Evade Detection

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Quasar RAT is an open-source remote access trojan that has been used by cybercriminals and threat actors for various malicious purposes. The use of DLL side-loading is a sophisticated technique that allo...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/23 7:58 a.m.41 views

Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar

The open-source remote access trojan known as Quasar RAT has been observed leveraging DLL side-loading to fly under the radar and stealthily siphon data from compromised Windows hosts. "This technique capitalizes on the inherent trust these files command within the Windows environment," Uptycs...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/22 4:58 p.m.40 views

MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans

A new phishing campaign codenamed MULTISTORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. "The attack chain ends with the victim machine infected with multiple unique RAT remote access trojan malware instances, su...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/03 3:3 p.m.5 views

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT,...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/05 2:55 p.m.47 views

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics an...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/21 4:47 p.m.47 views

Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware

The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems. In an attack chain detected by Trustwave SpiderLabs researchers, an invoice-themed ZIP file lure was foun...

0.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/07/29 5:54 p.m.34 views

New Qualys Research Report: Evolution of Quasar RAT

The Qualys Threat Research Team continues to inform enterprise cybersecurity teams of emerging threats that could impact their business. These threat intelligence reports summarize individual threat exploits and provide practical recommendations for protecting against them. In this free research...

0.2AI score
Exploits0
hivepro
hivepro
added 2022/02/24 4:54 a.m.27 views

Chinese APT group targets financial institutions in the campaign “Operation Cache Panda”

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Chinese threat actor APT10 conducted a series of large-scale supply chain attacks that exclusively targeted the financial software systems of Taiwanese financial institutions from the end of November 2021 until the middle of...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/02/22 8:11 a.m.41 views

Chinese Hackers Target Taiwan's Financial Trading Sector with Supply Chain Attack

An advanced persistent threat APT group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan's financial sector. The attacks are said to have first commenced at the end of November 2021, with the intrusions attributed to a...

1AI score
Exploits0
ThreatPost
ThreatPost
added 2019/05/27 2:11 p.m.95 views

Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders

The Chinese-language cyber-espionage group known as APT10 has apparently added to its malware bag of tricks, with two never-before-seen malware loader variants used in April campaigns against government and private organizations in Southeast Asia. Also, the campaigns featured modified versions of...

1.5AI score
Exploits0References6
Malwarebytes
Malwarebytes
added 2018/09/26 5:13 p.m.1397 views

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

A variant of a remote code execution vulnerability with Internet Explorer's scripting engine known as CVE-2018-8373 patched last August has been found in the wild. Looking at the IOCs posted by our colleagues at TrendMicro, we recognized the infrastructure serving this exploit. The same static...

7.6CVSS0.4AI score0.87814EPSS
Exploits9
Rows per page
Query Builder