PurpleFox Adds New Backdoor That Uses WebSockets

In September 2021, the Trend Micro Managed XDR MDR team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability CVE-2021-1732 and optimized rootkit capabilities leveraged in their attac...

Beware- FontOnLake Rootkit Malware Attacking Linux Systems

By Deeba Ahmed According to ESET's researchers, components of FontOnLake malware are divided into three groups: Trojamized app, Rootkit, and Backdoor. This is a post from HackRead.com Read the original post: Beware- FontOnLake Rootkit Malware Attacking Linux Systems...

Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems

Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that's engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server. The malware family,...

Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users

A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems. Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky,...

A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit

Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table WPBT affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. "These flaws make every Windows system...

Microsoft Signed Malware That Spreads Through Gaming

Microsoft signed a driver being distributed within gaming environments that turned out to be a malicious network filter rootkit. G DATA malware analyst Karsten Hahn first noticed the rootkit, publicly posting the find on June 17 and simultaneously reaching out to Microsoft. Hahn noted that the co...

Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware

Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control C2 servers located in China. The driver, called "Netfilter," is said to target gaming environments,...

Microsoft signed a driver called Netfilter, turns out it contained malware

By Habiba Rashid Microsoft signed off a driver, Netfilter, for Windows that contains rootkit malware and has been circulating mainly amongst the gaming community. This is a post from HackRead.com Read the original post: Microsoft signed a driver called Netfilter, turns out it contained malware...

A New Program for Your Peloton – Whether You Like It or Not | McAfee Blogs

ARCHIVED STORY A New Program for Your Peloton – Whether You Like It or Not Sam Quinn · JUN 15, 2021 Executive Summary For those that are not familiar with Peloton, it is a brand that has combined high end exercise equipment with cutting-edge technology. Its products are equipped with a large tabl...

R77-Rootkit - Fileless Ring 3 Rootkit With Installer And Persistence That Hides Processes, Files, Network Connections, Etc...

Ring 3 rootkit r77 is a ring 3 Rootkit that hides following entities from all processes: Files, directories, junctions, named pipes, scheduled tasks Processes CPU usage Registry keys & values Services TCP & UDP connections It is compatible with Windows 7 and Windows 10 in both x64 and x86 edition...

Red-Detector - Scan Your EC2 Instance To Find Its Vulnerabilities Using Vuls.io

Scan your EC2 instance to find its vulnerabilities using Vuls https://vuls.io/en/. Audit your EC2 instance to find security misconfigurations using Lynis https://cisofy.com/solutions/lynis. Scan your EC2 instance for signs of a rootkit using Chkrootkit http://www.chkrootkit.org/. Requirements 1...

New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations

An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018. Called 'Moriya,' the malware is a "passive backdoor which allows attackers to inspec...

Operation TunnelSnake

Windows rootkits, especially those operating in kernel space, are pieces of malware infamous for their near absolute power in the operating system. Usually deployed as drivers, such implants have high privileges in the system, allowing them to intercept and potentially tamper with core I/O...

WinPmem - The Multi-Platform Memory Acquisition Tool

The WinPmem memory acquisition driver and userspace WinPmem has been the default open source memory acquisition driver for windows for a long time. It used to live in the Rekall project, but has recently been separated into its own repository. Copyright This code was originally developed within...

Perkiler malware turns to SMB brute force to spread

Researchers at Guardicore have identified a new infection vector being used by the Perkiler malware where internet-facing Windows machines are breached through SMB password brute force. Perkiler is a complex Windows malware with rootkit components that is dropped by the Purple Fox exploit kit EK...

Purple Fox Malware Targets Windows Machines With New Worm Capabilities

A malware that has historically targeted exposed Windows machines through phishing and exploit kits has been retooled to add new “worm” capabilities. Purple Fox, which first appeared in 2018, is an active malware campaign that until recently required user interaction or some kind of third-party...

Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers

Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a "novel spreading technique via indiscriminate port...

Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers

Purple Fox , a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a "novel spreading technique via indiscriminate port...

New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke , the...

Glassdoor: Dom XSS Rootkit on [https://www.glassdoor.com/]

The report was vulnerable to DOM-based XSS via sc.keyword on https://www.glassdoor.com/Job/jobs.htm?sc.keyword=test and got resolved by another report 1064892. Thanks, @4peace for your submission...