Tag: 2024-06-28

A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclea…

This analysis discusses SpyMax, a Remote Access Trojan (RAT) that targets Android devices and specifically aims at obtaining data from Telegram users. It employs phishing techniques to trick victims into installing a malicious application disguised as the legitimate Telegram app. Once installed, Sp…

In March 2024, the cybersecurity firm Zscaler observed a new activity from Kimsuky, a North Korean state-sponsored hacker group. They employed a malicious Google Chrome extension named 'TRANSLATEXT' specifically crafted to steal email addresses, usernames, passwords, cookies, and capture browser sc…

This report details the multi-stage loading technique utilized by the threat actor Water Sigbin to deliver the PureCrypter loader and XMRig cryptocurrency miner. The actor exploits vulnerabilities in Oracle WebLogic servers, employing fileless execution tactics like DLL reflective and process injec…

While cryptocurrency and blockchain have lost mainstream attention, cybercriminals continue to exploit these technologies through various scams like memecoins, rug pulls, and unregulated social media platforms. This report also highlights the SneakyChef threat actor's ongoing campaign targeting gov…