Nov 07, 2023NewsroomEndpoint Security / Malware A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. "The GootLoader group's introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2 such as … [Read more...] about New GootLoader Malware Variant Evades Detection and Spreads Rapidly
spreads
FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection
Feb 06, 2023Ravie LakshmananMalvertising / Data Safety An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware. "The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for terminating processes," … [Read more...] about FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection
RedLine stealer spreads on YouTube disguised as game cheats
The video game market, with its 3.2-billion-strong audience worldwide, attracts every kind of business under the sun. All sorts of computer devices specially created for gamers are already par for the course, but it went beyond that a long time ago. These days, there is gaming furniture, gaming drinks, gaming you-name-it. Is it any wonder that cybercriminals do not stand idly … [Read more...] about RedLine stealer spreads on YouTube disguised as game cheats
Raspberry Robin: Highly Evasive Worm Spreads over External Disks
Introduction During our threat hunting exercises in recent months, we’ve started to observe a distinguishing pattern of msiexec.exe usage across different endpoints. As we drilled down to individual assets, we found traces of a recently discovered malware called Raspberry Robin. The RedCanary Research Team first coined the name for this malware in their blog post, and Sekoia … [Read more...] about Raspberry Robin: Highly Evasive Worm Spreads over External Disks
TeaBot Android Banking Malware Spreads Again Through Google Play Store Apps
An Android banking trojan designed to steal credentials and SMS messages has been observed once again sneaking past Google Play Store protections to target users of more than 400 banking and financial apps, including those from Russia, China, and the U.S. "TeaBot RAT capabilities are achieved via the device screen's live streaming (requested on-demand) plus the abuse of … [Read more...] about TeaBot Android Banking Malware Spreads Again Through Google Play Store Apps
Malware That Spreads Via Xcode Projects Now Targeting Apple’s M1-based Macs
A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware … [Read more...] about Malware That Spreads Via Xcode Projects Now Targeting Apple’s M1-based Macs
IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
Cisco Blogs / Security / Threat Research / IndigoDrop spreads via military-themed lures to deliver Cobalt Strike By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents (maldocs) to spread Cobalt Strike beacons containing full-fledged RAT capabilities. These maldocs use malicious macros to … [Read more...] about IndigoDrop spreads via military-themed lures to deliver Cobalt Strike