Tag: 2024-12-11

The XLab threat detection system uncovered an advanced PHP trojan named Glutton, which has been active for over a year without detection. Glutton targets both legitimate businesses and cybercriminal operations, infiltrating popular PHP frameworks like ThinkPHP and Laravel. It employs modular compon…

Team82 analyzed a sample of IOCONTROL, a custom-built IoT/OT malware used by Iran-affiliated attackers to target Israel and U.S.-based devices. The malware affects various IoT and SCADA/OT devices, including IP cameras, routers, PLCs, HMIs, and firewalls from multiple vendors. IOCONTROL is believed…

A sophisticated Mishing campaign delivers malware to Android devices, enabling credential theft from banking, cryptocurrency, and critical applications. The campaign uses phishing domains to distribute a new variant of the Antidot banking trojan, dubbed AppLite Banker. Attackers pose as recruiters,…

This analysis delves into a Windows rootkit loader for the FK_Undead malware family, known for intercepting user network traffic through proxy manipulation. The loader, signed with a valid Microsoft certificate, installs itself as a system service and employs various evasion techniques. It download…

Zloader, a modular Trojan based on Zeus source code, has introduced new features in version 2.9.4.0 to enhance its anti-analysis capabilities and resilience against detection. Key updates include a custom DNS tunnel protocol for C2 communications, an interactive shell supporting over a dozen comman…

The Head Mare hacktivist group has escalated its campaign against Russian targets using the PhantomCore backdoor. The group employs deceptive ZIP archives containing malicious LNK files and executables disguised as archive files to deploy PhantomCore. This C++-compiled backdoor, which replaces earl…

The latest version of Zloader (2.9.4.0) introduces significant enhancements to its capabilities. Key features include a custom DNS tunnel protocol for C2 communications, an interactive shell supporting various commands, and updated anti-analysis techniques. The malware's distribution has become mor…

A sophisticated phishing campaign targeted a U.K.-based insurance company, using a compromised CEO's email account from a major shipping company. The attack involved a malicious PDF link hosted on AWS, leading to a fake Microsoft authentication page. The threat actor employed tactics like deletion …

A critical zero-day vulnerability in Cleo's managed file transfer software is being actively exploited by hackers to breach corporate networks and steal data. The flaw affects Cleo LexiCom, VLTrader, and Harmony products, allowing unrestricted file upload and downloads leading to remote code execut…