Tag: 2024-07-31

On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …

This analysis examines a recent malware campaign involving a dropper dubbed Gh0stGambit, which is employed to retrieve and execute encrypted payloads, specifically a variant of the notorious Gh0st Remote Access Trojan (RAT). The report details the multi-stage infection process, including the use of…

An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon executio…

At Cyfirma, this report offers a comprehensive analysis of Mint Stealer, an information-stealing malware operating within a malware-as-a-service (MaaS) framework. Mint Stealer targets sensitive data and uses sophisticated techniques to evade detection. This in-depth study explores Mint Stealer's ev…