Tag: infection
-
Spear-Phishing Campaign Abuses Argentine Federal Court Rulings to Deliver Covert RAT
Seqrite Labs has uncovered a sophisticated spear-phishing campaign targeting Argentina’s judicial sector with a multi-stage infection chain designed to deploy a stealthy Rust-based Remote Access Trojan (RAT). The campaign primarily targets Argentina’s judicial institutions, legal professionals, justice-adjacent government bodies, and academic legal organizations. Attackers abuse legitimate Argentine federal court rulings specifically, preventive detention review documents…
-
PDFSIDER Malware Actively Exploited to Evade Antivirus and EDR Defenses
Security researchers have identified a sophisticated backdoor malware variant, PDFSIDER, that leverages DLL side-loading to evade endpoint detection and response (EDR) systems. The threat demonstrates advanced persistent threat (APT) tradecraft, combining evasion mechanisms with encrypted command-and-control capabilities to maintain covert access on compromised systems. PDFSIDER’s infection chain originates through spear-phishing campaigns delivering ZIP archives containing…
-
Predator Spyware Sample Indicates ‘Vendor-Controlled’ C2
Researchers detailed how Intellexa, Predator’s owner, uses failed deployments and thwarted infections to strengthen its commercial spyware and generate more effective attacks. First seen on darkreading.com Jump to article: www.darkreading.com/mobile-security/predator-spyware-sample-vendor-controlled-c2
-
PowerShell-Driven Multi-Stage Windows Malware Using Text Payloads
Security researchers have identified a sophisticated multi-stage malware campaign dubbed SHADOW#REACTOR that chains together obfuscated Visual Basic Script (VBS) execution, resilient PowerShell stagers, text-only payload delivery mechanisms, and .NET Reactorprotected in-memory loaders to deploy Remcos RAT while evading detection and analysis reliably. Initial infection begins when users execute a malicious VBS script, typically delivered through…
-
SHADOW#REACTOR Campaign Uses Text-Only Staging to Deploy Remcos RAT
SHADOW#REACTOR is a multi-stage Windows malware campaign that stealthily deploys the Remcos RAT using complex infection techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/shadowreactor-text-staging-remcos/
-
New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack
Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access.”The infection chain follows a tightly orchestrated execution path: an obfuscated VBS launcher executed via wscript.exe invokes a First seen on…
-
CloudEyE MaaS Downloader and Cryptor Infects Over 100,000 Users Globally
ESET Research has uncovered a significant surge in CloudEye malware detections, with a 30-fold increase in the second half of 2025. The security firm detected more than 100,000 infection attempts over the six months, signaling a widespread threat affecting organizations globally. CloudEyE operates as a Malware-as-a-Service (MaaS) downloader and cryptor designed to conceal and deploy…
-
Threat Actors Abuse Trusted Business Infrastructure to Host Infostealers
In a disturbing evolution of the cybercrime landscape, a self-sustaining cycle of infection has emerged in which victims of malware are being unwillingly conscripted into the ranks of attackers. New research from the Hudson Rock Threat Intelligence Team, in collaboration with the newly released ClickFix Hunter platform, reveals that a significant portion of domains hosting…
-
APT36 Targets Indian Government Systems Using Malicious Windows LNK Files
A sophisticated cyber-espionage operation attributed to APT36, also known as Transparent Tribe, has been identified targeting Indian governmental, academic, and strategic entities through weaponized Windows shortcut files designed to evade detection and establish persistent remote access. The Pakistan-aligned threat actor deployed a deceptive LNK-based infection chain that leverages trusted system binaries and fileless execution techniques…
-
Cloud Atlas Exploits Office Vulnerabilities to Execute Malicious Code
The Cloud Atlas threat group, active since 2014, continues to pose a significant risk to organizations in Eastern Europe and Central Asia through sophisticated attacks leveraging legacy Microsoft Office vulnerabilities. Security researchers have documented the group’s expanded arsenal and evolving infection chains deployed throughout the first half of 2025, revealing previously undescribed implants and attack…
-
Phantom Stealer Targeting Users to Steal Sensitive Data
Sophisticated malware employs a multi-stage infection chain and advanced evasion techniques to exfiltrate sensitive information. Phantom, a sophisticated stealer malware variant, is conducting targeted attacks to harvest sensitive data from infected systems, including passwords, browser cookies, credit card information, and cryptocurrency wallet credentials. Security researchers have identified Version 3.5 of the malware, which employs a…
-
Phantom Stealer Targeting Users to Steal Sensitive Data
Sophisticated malware employs a multi-stage infection chain and advanced evasion techniques to exfiltrate sensitive information. Phantom, a sophisticated stealer malware variant, is conducting targeted attacks to harvest sensitive data from infected systems, including passwords, browser cookies, credit card information, and cryptocurrency wallet credentials. Security researchers have identified Version 3.5 of the malware, which employs a…
-
Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery
A human rights lawyer from Pakistan’s Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa’s Predator spyware, Amnesty International said in a report.The link, the non-profit organization said, is a “Predator attack attempt based on the technical…
-
Intellexa remotely accessed Predator spyware customer systems, investigation finds
It was one of a trio of reports about the spyware vendor over the course of a day, with additional evidence about further infections among the findings. First seen on cyberscoop.com Jump to article: cyberscoop.com/intellexa-remotely-accessed-predator-spyware-customer-systems-investigation-finds/
-
Predator spyware uses new infection vector for zero-click attacks
The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed “Aladdin” that compromised specific targets when simply viewing a malicious advertisement. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/predator-spyware-uses-new-infection-vector-for-zero-click-attacks/
-
GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services.The activity, observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technical First…
-
Dissecting a new malspam chain delivering Purelogs infostealer
The AISI Research Center’s Cybersecurity Observatory publishes the report >>Dissecting a new malspam chain delivering Purelogs infostealer
-
New ClickFix attacks use fake Windows Update screens to fool employees
Run dialog box, Windows Terminal, or Windows PowerShell. This leads to the downloading of scripts that launch malware.Two new tactics are used in the latest ClickFix campaign, says Huntress:the use since early October of a fake blue Windows Update splash page in full-screen, displaying realistic “Working on updates” animations that eventually conclude by prompting the user to…
-
Russian-linked Malware Campaign Hides in Blender 3D Files
Morphisec has observed a new operation embedding StealC V2 malware in Blender project files, targeting users via 3D assets and launching a multi-stage infection chain First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-malware-blender-3d-files/
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
NDSS 2025 Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse
SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Runze Zhang (Georgia Institute of Technology), Mingxuan Yao (Georgia Institute of Technology), Haichuan Xu (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Jeman Park (Kyung Hee University), Brendan Saltaformaggio (Georgia Institute of Technology) ———– PAPER Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote…