Tag: 2024-06-27

A novel, in-the-wild code execution technique leveraging Microsoft Management Console files (MSC) has been identified by Elastic Security researchers and was first spotted in the wild in June 2016 and is currently being investigated by VirusTotal.

A malicious Chinese entity acquired control over the popular Polyfill JS open-source project and has been injecting malware into over 100,000 websites that embed the polyfill.io content delivery network. The malware redirects mobile users to a fraudulent sports betting site hosted on a domain imper…

A security intelligence report describing a new malware distribution technique where malicious code is dynamically generated for each download attempt, evading detection through unique hash values. The malware, termed 'InnoLoader', disguises itself as legitimate software installers, executing a com…

A cybersecurity analysis has identified a malicious operation involving the distribution of a downloader, dubbed DBatLoader or ModiLoader, through CMD files disguised as innocuous files. The campaign leverages phishing emails containing compressed CMD files that, when executed on English-language W…

P2Pinfect is a sophisticated malware that utilizes a peer-to-peer botnet for command and control. Initially appearing dormant, it has evolved to deploy ransomware and cryptominer payloads. The malware spreads via exploiting Redis and limited SSH capabilities. A recent update introduced a new ransom…

ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked a popular legitimate package, react-aws-s3-typescript, designed to facilitate file uploads to Amazon S3 Buckets. Initially, the package appeared benign, but a later versi…