Tag: powershell
-
ViperSoftX Malware Used by Threat Actors to Steal Sensitive Information
The AhnLab Security Intelligence Center (ASEC) has recently issued a detailed report confirming the persistent distribution of ViperSoftX malware by threat actors, with notable impact on users in South Korea and beyond. First identified by Fortinet in 2020, ViperSoftX is a sophisticated PowerShell-based malware designed to infiltrate infected systems, execute remote commands, and steal sensitive…
-
Neuer Infostealer tarnt sich mit gefälschtem CAPTCHA
Security-Analysten warnen vor einer neuartigen Malware-Kampagne: EDDIESTEALER nutzt überzeugend inszenierte CAPTCHA-Köder, um Nutzer zur Ausführung gefährlicher PowerShell-Befehle zu verleiten. Ziel ist es, Zugangsdaten, Krypto-Wallets und Browserdaten abzugreifen. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/neuer-infostealer-tarnt-sich-mit-gefaelschtem-captcha/
-
ViperSoftX Malware Enhances Modularity, Stealth, and Persistence Techniques
The cybersecurity landscape witnessed the emergence of new PowerShell-based malware samples circulating in underground forums and threat-hunting communities, marking a significant evolution of the notorious ViperSoftX stealer. This updated variant, building on its 2024 predecessor, showcases remarkable advancements in modularity, stealth, and persistence mechanisms, posing a heightened threat to cryptocurrency users and enterprises. Detailed analysis…
-
Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack
Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware.The DomainTools Investigations (DTI) team said it identified “malicious multi-stage downloader Powershell scripts” hosted on lure websites that masquerade as Gitcode and DocuSign.” First…
-
Interlock and the Kettering Ransomware Attack: ClickFix’s Persistence
Tags: access, attack, breach, captcha, ciso, computer, control, credentials, cyberattack, data, data-breach, detection, endpoint, exploit, group, healthcare, HIPAA, incident response, injection, malicious, mobile, network, phishing, powershell, ransom, ransomware, risk, saas, service, technology, threat, tool, vulnerabilityIn healthcare, every minute of downtime isn’t just a technical problem”Š”, “Šit’s a patient safety risk. CNN recently reported that Kettering Health, a major hospital network in Ohio, was hit by a ransomware attack. According to CNN, the Interlock ransomware group claimed responsibility, sending a chilling reminder that healthcare remains a prime target for this particular…
-
Windows 11 24H2: PowerShell AppLocker/WDAC Script Enforcement Monate kaputt
Ich greife mal, aus gegebenem Anlass, ein Thema auf, was mir Anfang Mai 2025 unter die Augen gekommen ist. Administratoren haben festgestellt, dass das PowerShell Script Enforcement im AppLocker/WDAC über Monate kaputt war. Sollte inzwischen aber mit der PowerShell 7.6 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/02/windows-11-24h2-powershell-applocker-wdac-script-enforcement-monate-kaputt/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 47
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape 60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents Inside a VenomRAT Malware Campaign Fake Google Meet Page Tricks Users into Running PowerShell Malware…
-
Hackers Use AI-Generated Videos on TikTok to Spread Info-Stealing Malware
TrendMicro has uncovered a sophisticated campaign where threat actors are exploiting TikTok to distribute information-stealing malware. By leveraging AI-generated videos posing as tutorials for unlocking pirated software, cybercriminals trick unsuspecting viewers into executing malicious PowerShell commands. These commands download dangerous malware strains such as Vidar and StealC, designed to harvest sensitive data from infected systems.…
-
PureHVNC RAT Uses Fake Job Offers and PowerShell to Evade Security Defenses
A new and highly evasive malware campaign delivering the PureHVNC Remote Access Trojan (RAT) has been identified by Netskope Threat Labs, showcasing a complex multi-layer infection chain designed to bypass modern security defenses. This campaign, active in 2024, leverages fake job offers from well-known global brands like Bershka, Fragrance Du Bois, John Hardy, and Dear…
-
Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools
Tags: ai, chatgpt, cisco, cybercrime, intelligence, malware, openai, powershell, ransomware, threat, toolFake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero.”CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim’s system,” Cisco Talos researcher Chetan…
-
Fake software activation videos on TikTok spread Vidar, StealC
Crooks use TikTok videos with fake tips to trick users into running commands that install Vidar and StealC malware in ClickFix attacks. Cybercriminals leverage AI-generated TikTok videos in ClickFix attacks to spread Vidar and StealC malware, reports Trend Micro. These videos trick users into running PowerShell commands disguised as software activation steps for tools like…
-
Scarcity signals: Are rare activities red flags?
Talos analyzed six months of PowerShell network telemetry and found that rare domains are over three times more likely to be malicious compared to frequently contacted ones. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/scarcity-signals-are-rare-activities-red-flags/
-
Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine
Tags: access, advisory, api, authentication, cctv, cloud, computer, container, credentials, cve, cybersecurity, data, detection, email, exploit, flaw, government, hacker, identity, infrastructure, Internet, login, malicious, malware, mfa, military, network, ntlm, office, open-source, password, phishing, powershell, russia, service, software, threat, tool, ukraine, vulnerabilityCredential guessing and spearphishing: The attackers used brute-force credential guessing techniques, also known as password spraying, to gain initial access to accounts. This was complemented with targeted phishing emails that directed recipients to fake login pages for government entities or Western cloud email providers. These phishing pages were stored on free web hosting services or…
-
How Identity Plays a Part in 5 Stages of a Cyber Attack
Tags: access, attack, authentication, breach, cloud, computer, container, control, credentials, cyber, data, data-breach, detection, endpoint, exploit, group, iam, identity, intelligence, malicious, malware, mfa, microsoft, monitoring, password, powershell, ransomware, risk, technology, threat, tool, vulnerabilityWhile credential abuse is a primary initial access vector, identity compromise plays a key role in most stages of a cyber attack. Here’s what you need to know, and how Tenable can help. Identity compromise plays a pivotal role in how attackers move laterally through an organization. Credential abuse is the top initial access vector,…
-
BadSuccessor: Unpatched Microsoft Active Directory attack enables domain takeover
Tags: access, attack, authentication, computer, container, control, credentials, group, microsoft, network, password, powershell, service, updatemsDS-DelegatedMSAState, which indicates whether the migration process is unknown, in progress, or completed; msDS-ManagedAccountPrecededByLink, which indicates the superseded account; and msDS-GroupMSAMembership, which indicates which principals (users, groups, and computers) can authenticate as the account.Once migration to a dMSA account is complete, any machine that authenticates as the superseded service account will receive from Domain Controller…
-
Ransomware-Bande BlackBasta hat neuen Malware-Favoriten
Modularität für verschiedene Zwecke: Die Malware Skitnet verfügt über separate Plug-ins umAnmeldeinformationen zu sammeln,Berechtigungen auszuweiten,sich im Netzwerk lateral zu bewegen undRansomware bereitzustellen.Sie nutzt die Programmiersprachen Rust und Nim, um eine verdeckte Reverse Shell über das DNS-Protokoll zu realisieren. Dadurch ist eine unauffällige C2-Kommunikation möglich.Zusätzlich verwendet Skitnet Verschlüsselung, manuelles Mapping und dynamische API-Auflösung, um nicht entdeckt…
-
Kimsuky APT Group Deploys PowerShell Payloads to Deliver XWorm RAT
Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by the notorious Kimsuky Advanced Persistent Threat (APT) group, deploying intricately crafted PowerShell payloads to deliver the XWorm Remote Access Trojan (RAT). This operation showcases the group’s advanced tactics, leveraging encoded scripts and multi-stage attack chains to infiltrate systems, bypass traditional security mechanisms, and establish covert…
-
Skitnet malware: The new ransomware favorite
Tags: access, api, awareness, cybersecurity, data, detection, dns, encryption, malware, phishing, powershell, programming, ransomware, risk, rust, tool, trainingMalware employs advanced obfuscation: According to a Prodaft description, Skitnet uses Rust and Nim programming languages to execute a stealthy reverse shell over DNS, which is a method of covert C2 Communication using the DNS protocol instead of HTTP or other typical channels.Additionally, the malware leverages encryption, manual mapping, and dynamic API resolution to evade…
-
Investigating Cobalt Strike Beacons Using Shodan: A Researcher’s Guide
Security researcher has revealed a robust method for gathering threat intelligence on Cobalt Strike beacons using Shodan and PowerShell, filling the gap left by the popular @cobaltstrikebot Twitter account that went offline in June 2023. The technique allows security professionals to independently collect valuable configuration data from active Cobalt Strike servers, specifically focusing on beacon…
-
Überwachungsrichtlinien in Active Directory implementieren – Defender for Identity mit der PowerShell verwalten
First seen on security-insider.de Jump to article: www.security-insider.de/defender-for-identity-mit-der-powershell-verwalten-a-2d15a74f331ec8fadd08e2fcb0990e22/
-
Fileless PowerShell Loader Deploys Remcos RAT
Attack Chain Uses LNK Files, MSHTA and Memory Injection. PowerShell is becoming hackers’ new favorite tool since they can load code directly into computer memory and evade traditional file-based detection methods, warn security researchers. A combination of LNK-MSHTA-PowerShell offers a stealthy and effective path to execution. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/fileless-powershell-loader-deploys-remcos-rat-a-28420
-
New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads
A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through a highly sophisticated phishing-based attack. Cybersecurity researchers have uncovered a multi-stage infection chain that begins with a deceptive PDF document titled “Pay Adjustment.” This document lures victims into downloading a malicious ZIP file hosted on Netlify, a popular web hosting platform.…
-
Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT.”Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents,” Qualys security researcher Akshay Thorve said in a technical report. “The attack chain leverages…