Tag: powershell

Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting

Sep 9, 2025 4:08 PM

Tags: access, attack, awareness, credentials, crypto, data, defense, detection, exploit, github, google, macOS, malware, microsoft, password, powershell, service, software, vpn, windows

GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python

Sep 5, 2025 10:20 PM

Tags: malware, powershell

Pro tip, don’t install PowerShell commands without approval First seen on theregister.com Jump to article: www.theregister.com/2025/09/05/clickfix_castlerat_malware/
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

Sep 5, 2025 5:20 PM

Tags: access, framework, group, malware, powershell, service, threat

The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT.”Available in both Python and C variants, CastleRAT’s core functionality consists of collecting system information, downloading and executing additional payloads, and executing commands via CMD and PowerShell,” Recorded Future Insikt Group First seen on…
Cryptohack Roundup: El Salvador Splits Bitcoin Reserve

Sep 4, 2025 6:20 PM

Tags: android, attack, crypto, india, malware, powershell

Also: PowerShell-Based Cryptojacking Attack, a Malvertising Campaign. This week, El Salvador split its bitcoin reserve, an Indian court jailed cops for crypto kidnapping, a PowerShell-based cryptojacking attack, a malvertising campaign targeted Android users, a Venus Protocol hack, malware hid in npm packages using smart contracts for evasion and Bunni DEX exploit. First seen on govinfosecurity.com…
NoisyBear Exploits ZIP Files for PowerShell Loaders and Data Exfiltration

Sep 4, 2025 4:20 PM

Tags: cyber, data, espionage, exploit, phishing, powershell, threat

The threat actor known as NoisyBear has launched a sophisticated cyber-espionage effort called Operation BarrelFire, using specially designed phishing lures that imitate internal correspondence to target Kazakhstan’s energy sector, particularly workers of the state oil and gas major KazMunaiGas. Security researchers at Seqrite Labs first observed the campaign in April 2025 and noted its rapid…
Microsoft Teams Abused in Cyberattack Delivering PowerShell-Based Remote Access Malware

Aug 29, 2025 12:24 PM

Tags: access, cyber, cyberattack, cybercrime, defense, email, exploit, malware, microsoft, network, powershell, social-engineering, threat, unauthorized, windows

In a concerning development for enterprise security, cybercriminals have begun exploiting Microsoft Teams”, long trusted as an internal messaging and collaboration tool”, to deliver PowerShell-based malware and gain unauthorized remote access to Windows systems. By impersonating IT support personnel and leveraging social engineering, these threat actors bypass traditional email filters and network defenses, striking directly…
New ClickFix Attack Deploys Fake BBC News Page and Fake Cloudflare Verification to Deceive Users

Aug 19, 2025 6:54 PM

Tags: attack, cyber, cybersecurity, exploit, malicious, powershell

Cybersecurity researchers have uncovered a novel ClickFix attack variant that impersonates trusted BBC news content while leveraging counterfeit Cloudflare Turnstile verification interfaces to coerce users into executing malicious PowerShell commands. This campaign, detailed in recent analyses from sources like Cybersecurity News and ESET, exploits user familiarity with legitimate web security protocols to deliver a range…
USB Malware Campaign Spreads Cryptominer Worldwide

Aug 18, 2025 6:54 PM

Tags: attack, malware, powershell

A multi-stage attack delivered via USB devices has been observed installing cryptomining malware using DLL hijacking and PowerShell First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/usb-malware-spreads-cryptominer/
Hackers Exploit ClickFix Technique to Compromise Windows and Run PowerShell Commands

Aug 11, 2025 9:12 PM

Tags: access, attack, corporate, cyber, data, exploit, fortinet, hacker, infrastructure, powershell, threat, windows

Threat actors have begun a geographically focused campaign against Israeli infrastructure and corporate entities in a sophisticated cyber incursion discovered by Fortinet’s FortiGuard Labs. Delivered exclusively through Windows systems via PowerShell scripts, the attack chain enables remote access, facilitating data exfiltration, persistent surveillance, and lateral movement within compromised networks. Classified as high severity, this operation…
UAC-0099 Tactics, Techniques, Procedures and Attack Methods Revealed

Aug 11, 2025 5:12 PM

Tags: attack, cyber, defense, email, espionage, government, malicious, military, phishing, powershell, spear-phishing, tactics, threat, ukraine

UAC-0099, a persistent threat actor active since at least 2022, has conducted sophisticated cyber-espionage operations against Ukrainian government, military, and defense entities, evolving its toolkit across three major campaigns documented in CERT-UA alerts from June 2023, December 2024, and August 2025. Initially relying on the PowerShell-based LONEPAGE loader delivered via spear-phishing emails with malicious attachments…
Silent Watcher Targets Windows Systems, Steals Data via Discord Webhooks

Aug 11, 2025 3:12 PM

Tags: cyber, cybersecurity, data, malware, powershell, threat, tool, windows

K7 Labs investigated the Cmimai Stealer, a Visual Basic Script (VBS)-based infostealer that surfaced in June 2025 and uses PowerShell and native Windows scripting to secretly exfiltrate data. This is a recent development in the cybersecurity environment. This malware, first highlighted in a tweet, operates as a lightweight threat actor tool that circumvents execution policies,…
How Machine Learning Detects Living off the Land (LotL) Attacks

Aug 7, 2025 10:11 PM

Tags: attack, cyber, cybercrime, malware, powershell, software, tool, windows

Elite cybercriminals prefer LotL attacks because they’re incredibly hard to spot. Instead of deploying obvious malware, attackers use the same trusted tools that an IT team relies on daily, such as PowerShell, Windows Management Instrumentation (WMI) and various integrated utilities on almost every computer. When attackers use legitimate system tools, traditional security software thinks everything…
The role of the cybersecurity PM in incident-driven development

Jul 25, 2025 7:27 PM

Tags: control, cybersecurity, data, powershell, theft, threat, tool, update

From PowerShell abuse to USB data theft, modern threats hit fast”, and hard.vSee how security-minded PMs are responding with real-time controls, smarter policies, and tools like ThreatLocker Patch Management. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-role-of-the-cybersecurity-pm-in-incident-driven-development/
Malicious LNK File Posing as Credit Card Security Email Steals User Data

Jul 23, 2025 9:12 PM

Tags: authentication, credit-card, cyber, data, email, exploit, finance, malicious, powershell, threat

Threat actors have deployed a malicious LNK file masquerading as a credit card company’s security email authentication pop-up to pilfer sensitive user information. The file, named >>card_detail_20250610.html.lnk,
ClickFix-Attacken bedrohen Unternehmenssicherheit

Jul 8, 2025 4:34 PM

Tags: access, apple, awareness, cyberattack, detection, endpoint, exploit, intelligence, Internet, linux, mail, malware, microsoft, open-source, phishing, powershell, ransomware, social-engineering, spam, threat, tool, windows

Cyberkriminelle greifen immer häufiger auf ClickFix-Angriffe zurück.Weniger bekannt als Phishing ist die Social-Engineering-Methode ClickFix. Ziel solcher Attacken ist es, die Opfer dazu zu bewegen, bösartige Befehle in Tools wie PowerShell oder die Windows-Eingabeaufforderung einzufügen. Die Angriffe beginnen in der Regel, nachdem ein Benutzer eine kompromittierte oder bösartige Website besucht oder einen betrügerischen Anhang oder Link…
Video-Tipp #71: Harden Windows Security – Windows 11 härten mit PowerShell-Modul ‘Harden Windows Security”

Jul 8, 2025 11:34 AM

Tags: powershell, windows

First seen on security-insider.de Jump to article: www.security-insider.de/harden-windows-security-tool-tipps-a-a07c534dead5f34edae6082e2dfa3270/
Microsoft to Remove PowerShell 2.0 from Windows 11 Due to Security Risks

Jul 7, 2025 1:34 PM

Tags: cyber, microsoft, powershell, risk, windows

Microsoft has announced a significant change for Windows 11 users: the removal of Windows PowerShell 2.0, a legacy scripting platform, from upcoming builds. This move, first revealed in the Windows 11 Insider Preview Build 27891 released to the Canary Channel, is part of the company’s ongoing efforts to enhance system security and streamline the operating…
Microsoft finally bids farewell to PowerShell 2.0

Jul 6, 2025 5:34 AM

Tags: microsoft, powershell, tool, windows

Venerable command line tool to depart Windows First seen on theregister.com Jump to article: www.theregister.com/2025/07/04/microsoft_finally_bids_farewell_to/
Sixfold surge of ClickFix attacks threatens corporate defenses

Jul 2, 2025 7:34 PM

Tags: access, attack, control, corporate, defense, detection, email, endpoint, incident response, malicious, powershell, tool, training

Countermeasures: ClickFix attacks often bypass many security tools because the approach relies on user interaction. Training users to recognize suspicious prompts and avoid copying and running code from untrusted sources is a critical first step in defending against the growing threat.Tightening up technical controls such as endpoint protection, web filtering, and email security technologies to…
PowerShell überwachen so geht’s

Jul 1, 2025 6:34 AM

Tags: access, cloud, cyberattack, detection, hacker, login, mail, microsoft, monitoring, powershell, tool, windows

Wird PowerShell nicht richtig überwacht, ist das Security-Debakel meist nicht weit.Kriminelle Hacker setzen mitunter auf raffinierte Techniken, um sich über ausgedehnte Zeiträume in den Netzwerken von Unternehmen einzunisten und still und heimlich sensible Daten oder Logins abzugreifen. Dabei missbrauchen die Cyberkriminellen in vielen Fällen auch vom jeweiligen Zielunternehmen freigegebene Tools, um sich initial Zugang zu…
Beware of Trending TikTok Videos Promoting Pirated Apps That Deliver Stealer Malware

Jun 28, 2025 12:34 PM

Tags: ai, attack, cyber, malicious, malware, microsoft, powershell, social-engineering, software, windows

A sophisticated social engineering campaign has surfaced on TikTok, leveraging the platform’s massive user base and algorithmic reach to distribute information-stealing malware, specifically Vidar and StealC. Identified by Trend Research, this attack uses potentially AI-generated videos to deceive users into executing malicious PowerShell commands under the guise of activating pirated software like Windows OS, Microsoft…
Microsoft-Lücke ermöglicht E-Mail-Versand ohne Authentifizierung

Jun 27, 2025 2:36 PM

Tags: access, authentication, ciso, cyberattack, data, defense, dkim, dmarc, exploit, framework, hacker, infrastructure, mail, microsoft, phishing, powershell, qr, risk, tool, usa, vulnerability, zero-day

Drucker und Scanner werden dank einer Schwachstelle in der Microsoft 365 Direct Send-Funktion zunehmend zu Mitteln für Hacker, um Phishing-Angriffe durchzuführen.Das Forensik-Team von Varonis hat eine Schwachstelle entdeckt, die es internen Geräten wie Druckern ermöglicht, E-Mails ohne Authentifizierung zu versenden. Dem Bericht zufolgewurde die Lücke bereits genutzt, um mehr als 70 Unternehmen, vorwiegend in den…
Don’t trust that email: It could be from a hacker using your printer to scam you

Jun 27, 2025 5:36 AM

Tags: authentication, control, credentials, data, defense, dkim, dmarc, email, endpoint, exploit, framework, hacker, infrastructure, iot, login, mail, microsoft, monitoring, network, phishing, powershell, qr, risk, scam, tactics, tool, vulnerability, zero-day

tenantname.mail.protection.outlook.com, and companies’ internal email address formats can be trivial to figure out or easy to scrape from public sources or social media. Once an attacker has the domain and a valid email address, they are able to send emails that appear to come from inside the organization.In the campaign observed by Varonis’ forensics experts,…
APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine

Jun 24, 2025 12:35 PM

Tags: attack, computer, cyber, malware, powershell, russia, threat, ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two new malware families dubbed BEARDSHELL and COVENANT.BEARDSHELL, per CERT-UA, is written in C++ and offers the ability to download and execute PowerShell scripts, as…
North Korean Hackers Weaponize GitHub Infrastructure to Distribute Malware

Jun 23, 2025 4:35 PM

Tags: attack, cyber, cybersecurity, github, group, hacker, infrastructure, malicious, malware, north-korea, powershell, threat

Cybersecurity researchers have uncovered a sophisticated spearphishing campaign orchestrated by the North Korean threat group Kimsuky, leveraging GitHub as a critical piece of attack infrastructure to distribute malware since March 2025. This operation, identified through analysis of a malicious PowerShell script posted on X, showcases an alarming abuse of legitimate platforms like GitHub and Dropbox…
PowerShell Loaders Use In-Memory Execution to Evade Disk-Based Detection

Jun 20, 2025 7:35 PM

Tags: china, computer, cyber, detection, powershell, threat

A recent threat hunting session has revealed a sophisticated PowerShell script, named y1.ps1, hosted in an open directory on a Chinese server (IP: 123.207.215.76). First detected on June 1, 2025, this script operates as a shellcode loader, employing advanced in-memory execution techniques to bypass traditional disk-based detection mechanisms. The discovery, attributed to Shenzhen Tencent Computer…
Azure Misconfiguration Lets Attackers Take Over Cloud Infrastructure

Jun 20, 2025 3:35 PM

Tags: access, attack, cloud, control, cyber, infrastructure, microsoft, powershell, tool

A recent security analysis has revealed how a chain of misconfigurations in Microsoft Azure can allow attackers to gain complete control over an organization’s cloud infrastructure, from initial access to full tenant takeover. The attack path, demonstrated using real-world tools and PowerShell scripts, highlights the urgent need for organizations to harden their Azure deployments and…