Tag: backdoor
-
PLAYFULGHOST backdoor supports multiple information stealing features
PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution. The PLAYFULGHOST backdoor shares functionality with Gh0st RAT whose source code was publicly released in…
-
PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps
Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution.The backdoor, according to Google’s Managed Defense team, shares functional overlaps with a known remote administration tool referred to as Gh0st RAT, which had its source First…
-
North Korea actors use OtterCookie malware in Contagious Interview campaign
North Korea-linked threat actors are using the OtterCookie backdoor to target software developers with fake job offers. North Korea-linked threat actors were spotted using new malware called OtterCookie as part of the Contagious Interview campaign that targets software developer community with fake job offers. The Contagious Interview campaign was first detailed by Palo Alto Networks…
-
New ‘OtterCookie’ malware used to backdoor devs in fake job offers
North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-ottercookie-malware-used-to-backdoor-devs-in-fake-job-offers/
-
Cloud Atlas Deploys VBCloud backdoor in Latest Cyber Espionage Campaign
The notorious cyber-espionage group Cloud Atlas, active since 2014, has been observed leveraging a new arsenal in its ongoing campaigns against Eastern Europe and Central Asia, according to a detailed... First seen on securityonline.info Jump to article: securityonline.info/cloud-atlas-deploys-vbcloud-backdoor-in-latest-cyber-espionage-campaign/
-
Best of 2024: An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections
… Read more » First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2024/12/an-accidental-discovery-of-a-backdoor-likely-prevented-thousands-of-infections-2/
-
North Korean hackers spotted using new tools on employees of ‘nuclear-related’ org
Researchers at Kaspersky said they found the Lazarus Group using “a complex infection chain that included multiple types of malware, such as a downloader, loader, and backdoor, demonstrating the group’s evolved delivery and improved persistence methods.”]]> First seen on therecord.media Jump to article: therecord.media/lazarus-group-new-tools-kaspersky
-
4 Wege zu neuer Cyberabwehrstärke
Tags: ai, antivirus, application-security, backdoor, cio, cloud, crypto, cyberattack, cybersecurity, data-breach, ddos, detection, hacker, iot, phishing, RedTeam, reverse-engineering, tool, vulnerabilityAnurag Goyal ist Head of Cybersecurity beim Plattformanbieter RedDoorz. Darüber hinaus hat er sich auch als Sicherheitsforscher und Ethical Hacker einen Namen gemacht. Anurag Goyal 3. Red Teaming Red Teaming stellt einen dynamischen und umfassenden Ansatz dar, um die Cyberresilienz von Organisationen zu bewerten und zu optimieren. Dabei simulieren Security-Profis ausgeklügelte Cyberattacken und ahmen dazu…
-
Tax-Themed Campaign Exploits Windows MSC Files to Deliver Stealthy Backdoor
The Securonix Threat Research team has uncovered a sophisticated phishing campaign named FLUX#CONSOLE, leveraging tax-related lures and the use of Windows MSC (Microsoft Management Console) files to deploy a stealthy... First seen on securityonline.info Jump to article: securityonline.info/tax-themed-campaign-exploits-windows-msc-files-to-deliver-stealthy-backdoor/
-
Mandiant traces Cleo file-transfer exploits back to October
The threat intelligence firm observed deployment of backdoors, but has not seen mass data theft thus far. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/mandiant-cleo-exploits-october/736042/
-
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024.The attacks, which culminated in the deployment of a new modular backdoor…
-
Thai Police Systems Under Fire From ‘Yokai’ Backdoor
Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/thai-police-systems-yokai-backdoor
-
That cheap webcam? HiatusRAT may be targeting it, FBI warns
Webcams have been a key part of business and home offices everywhere, especially since the COVID pandemic hit. But they are not often high-quality products, especially if used only sporadically, as many consumers and remote workers are content with a cheap one from China. This not only causes regular hardware problems, but it can also be…
-
Winnti-Like ‘Glutton’ Backdoor Targets Cybercriminals
Malware Exploits Cybercrime Ecosystem for Profit. Hackers are using a variant of a backdoor that’s the hallmark of a Chinese threat actor suspected of ties to Beijing in order to target the cybercriminal underground. The malware t shares near-complete similarity with a backdoor exclusively used by the Winnti Group. First seen on govinfosecurity.com Jump to…
-
Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks
A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan.Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn’t obtain the original email used to…
-
DLL Side-Loading Strikes Again: Yokai Backdoor Bypasses Security
Cybersecurity researchers from Netskope have uncovered a new side-loaded backdoor, dubbed Yokai, targeting Thai officials through decoy documents and a legitimate application. This campaign highlights the continued use of DLL... First seen on securityonline.info Jump to article: securityonline.info/dll-side-loading-strikes-again-yokai-backdoor-bypasses-security/
-
Cyber Criminals Exploit Windows Management Console to Deliver Backdoor Payloads
A recent campaign dubbed FLUX#CONSOLE has come to light, leveraging Microsoft Common Console Document (.MSC) files to infiltrate systems with backdoor malware. The campaign showcases the growing sophistication of phishing techniques and the exploitation of lesser-known Windows features. The FLUX#CONSOLE Campaign The FLUX#CONSOLE campaign has been identified as a multi-stage attack with sinister objectives. By using MSC files, threat actors…
-
Winnti-Like Glutton Backdoor Targets Cybercriminals
Malware Exploits Cybercrime Ecosystem for Profit. Hackers are using a variant of a backdoor that’s the hallmark of a Chinese threat actor suspected of ties to Beijing in order to target the cybercriminal underground. The malware t shares near-complete similarity with the a backdoor exclusively used by the Winnti Group. First seen on govinfosecurity.com Jump…
-
Novel Glutton backdoor deployed by Winnti hackers
First seen on scworld.com Jump to article: www.scworld.com/brief/novel-glutton-backdoor-deployed-by-winnti-hackers
-
PHP backdoor looks to be work of Chinese-linked APT group
Known as Glutton, researchers at QiAnXin’s XLab believe Winnti is responsible for the malware. First seen on cyberscoop.com Jump to article: cyberscoop.com/glutton-php-backdoor-winnti-apt-41-china/
-
Cleo MFT Zero-Day Exploits Are About to Escalate, Analysts Warn
Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/cleo-mft-zero-day-exploits-escalate-analysts-warn
-
New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP
Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa.QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti…
-
The Zero-Detection PHP Backdoor Glutton Exposed
A discovery by XLab has detailed Glutton, a stealthy PHP backdoor targeting both traditional organizations and the cybercrime ecosystem itself. According to XLab’s analysis, Glutton represents a new generation of... First seen on securityonline.info Jump to article: securityonline.info/the-zero-detection-php-backdoor-glutton-exposed/
-
Winnti hackers target other threat actors with new Glutton PHP backdoor
The Chinese Winnti hacking group is using a new PHP backdoor named ‘Glutton’ in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/winnti-hackers-target-other-threat-actors-with-new-glutton-php-backdoor/
-
Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques
Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai.”The target of the threat actors were Thailand officials based on the nature of the lures,” Nikhil Hegde, senior engineer for Netskope’s Security Efficacy team, told The Hacker News.…
-
Cleo MFT Zero-Day Exploits Are About Escalate, Analysts Warn
Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/cleo-mft-zero-day-exploits-escalate-analysts-warn