Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware

In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware. The company behind the software said a company that had recently purchased...

SecTopRAT bundled in Chrome installer distributed via Google Ads

Criminals are once again abusing Google Ads to trick users into downloading malware. Ironically, this time the bait is a malicious ad for Google Chrome, the world's most popular browser. Victims who click the ad land on a fraudulent Google Sites page designed as a intermediary portal, similar to...

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response

The Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub, where attackers leveraged the platform's release infrastructure to deliver malware such as SectopRAT, Vidar, and Cobeacon...

Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware

Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical...

Bing ad for NordVPN leads to SecTopRAT

Most of the malicious search ads we have seen have originated from Google, but threat actors are also abusing other search engines. Microsoft Bing is probably the second best target due to its close ties to the Windows ecosystem and Edge browser. In this blog post, we look at a very recent...

LummaC Stealer Enlists Amadey Bot to Unleash SectopRAT

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fresh approach to spreading SectopRAT has surfaced. This method involves distributing the SectopRAT payload by utilizing the Amadey bot, which is sourced from the LummaC stealer. To receive real-time...