Jul 01, 2023Ravie LakshmananEndpoint Security / Malware Researchers have pulled back the curtain on an updated version of an Apple macOS malware called RustBucket that comes with improved capabilities to establish persistence and avoid detection by security software. "This variant of RustBucket, a malware family that targets macOS systems, adds persistence capabilities not … [Read more...] about New ‘RustBucket’ Malware Variant Targeting macOS Users
Targeting
New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies
Jun 10, 2023Ravie LakshmananCyber Attack / Malware Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER. "SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory manipulation, and token impersonation … [Read more...] about New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies
New GobRAT Remote Access Trojan Targeting Linux Routers in Japan
May 29, 2023Ravie LakshmananLinux / Network Security Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center (JPCERT/CC) said in a report … [Read more...] about New GobRAT Remote Access Trojan Targeting Linux Routers in Japan
New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets
A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. "It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility," Trend Micro said … [Read more...] about New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets
RTM Locker’s First Linux Ransomware Strain Targeting NAS and ESXi Hosts
Apr 27, 2023Ravie LakshmananLinux / Endpoint Security The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leaked source code," Uptycs … [Read more...] about RTM Locker’s First Linux Ransomware Strain Targeting NAS and ESXi Hosts
Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions
Apr 13, 2023Ravie LakshmananMalware / Cyber Attack The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in attacks targeting the Indian education sector using a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to target military and government entities in the … [Read more...] about Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions
Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials
The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government, SentinelOne said in a report … [Read more...] about Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials
New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic
Mar 09, 2023Ravie LakshmananCryptojacking / Threat Detection, The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with successful exploitation of susceptible Oracle WebLogic servers to download a PowerShell … [Read more...] about New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic
Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques
Mar 01, 2023Ravie LakshmananCryptocurrency / Cyber Attack Cryptocurrency companies are being targeted as part of a new campaign that delivers a remote access trojan called Parallax RAT. The malware "uses injection techniques to hide within legitimate processes, making it difficult to detect," Uptycs said in a new report. "Once it has been successfully injected, attackers can … [Read more...] about Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques
Researchers Warn of ReverseRAT Backdoor Targeting Indian Government Agencies
Feb 21, 2023Ravie LakshmananCyber Threat / Cyber Attack A spear-phishing campaign targeting Indian government entities aims to deploy an updated version of a backdoor called ReverseRAT. Cybersecurity firm ThreatMon attributed the activity to a threat actor tracked as SideCopy. SideCopy is a threat group of Pakistani origin that shares overlaps with another actor called … [Read more...] about Researchers Warn of ReverseRAT Backdoor Targeting Indian Government Agencies