Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal

During our monitoring of Agenda ransomware activities, we uncovered campaigns that made use of the SmokeLoader malware and a new loader we've named NETXLOADER...

Ukraine’s largest bank PrivatBank Targeted with SmokeLoader malware

UAC-0006, a financially motivated threat actor, targets PrivatBank customers with advanced phishing attacks. CloudSEK's research reveals malicious emails…...

Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 CVSS score: 7.0, allows remote attackers to circumvent mark-of-the-web MotW protections and execute arbitrary code in the context of the curre...

SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan

Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. "SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide ran...

PT-2024-10268

Name of the Vulnerable Software and Affected Versions 7-Zip versions prior to 24.09 Description This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability, as the targ...

PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland

Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems. The intrusion set, which stretches from April 2022 to July 2023,...

CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine

An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine CERT-UA. The emails, per the agency, are sent using compromised accounts and come with a ZIP...

Kraken botnet bypass Windows Defender to steal crypto wallet data

By Deeba Ahmed Kraken botnet utilizes SmokeLoader malware, and its operators have already been raking in around $3,000 per month. ZeroFox… This is a post from HackRead.com Read the original post: Kraken botnet bypass Windows Defender to steal crypto wallet data...