Tag: data theft

53 Attack Reports | 0 Vulnerabilities

Attack reports

EmEditor Homepage Download Button Served Malware for 4 Days

Between December 19-22, 2025, EmEditor's official website suffered a security breach, causing the main download button to serve malicious software. The fake installer, signed by WALSHAM INVESTMENTS LIMITED, contained infostealer malware targeting login credentials, browser history, and VPN settings…
infostealer
cryptocurrency
data theft
browser extension
digital signature
2025-12-30
emeditor
website compromise
Published: December 30, 2025
Downloadable IOCs: 1

ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading

A ValleyRAT campaign is targeting job seekers through email, disguising itself as a Foxit PDF reader and using DLL side-loading for initial system access. The campaign exploits job seekers' eagerness by using recruitment-related lures in archive files. The attack employs sophisticated techniques, i…
social engineering
data theft
valleyrat
dll side-loading
remote access trojan
job seekers
2025-12-03
foxit pdf reader
Published: December 3, 2025
Downloadable IOCs: 25

New Tools and Techniques of ToddyCat APT

The ToddyCat APT group has evolved its methods to gain covert access to corporate email. The report details their use of PowerShell-based TomBerBil for extracting browser data, TCSectorCopy for copying Outlook OST files, and attempts to steal OAuth tokens from Microsoft 365 processes. These tools a…
apt
tomberbil
powershell
data theft
browser
oauth
outlook
2025-11-21
email
xstreader
tcsectorcopy
sharptokenfinder
Published: November 21, 2025
Downloadable IOCs: 0

Cavalry Werewolf hacker group attacks Russian state institutions

A Russian government organization was targeted by the Cavalry Werewolf hacker group, aiming to collect confidential information and network data. The attack began with phishing emails containing malware disguised as documents. The group utilized various tools including backdoors, trojans, and modif…
phishing
data theft
backdoors
network infiltration
russian government
reverse-shell
open-source tools
2025-11-07
trojan.packed2.49708
telegram api
backdoor.shellnet.2
backdoor.reverseshell.10
backdoor.tunnel.41
trojan.inject5.57968
bat.downloader.1138
trojan.siggen31.54011
backdoor.shellnet.1
trojan.filespynet.5
backdoor.reverseproxy.1
backdoor.rshell.169
backdoor.siggen2.5463
trojan.packed2.49862
Published: November 7, 2025
Downloadable IOCs: 27

UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud

A Chinese-speaking cybercrime group, UAT-8099, is targeting high-value Internet Information Services (IIS) servers for search engine optimization fraud and data theft. The group focuses on reputable servers in India, Thailand, Vietnam, Canada, and Brazil, affecting universities, tech firms, and tel…
data theft
cobalt strike
cybercrime
badiis
chinese-speaking
web shells
seo fraud
2025-10-02
iis servers
Published: October 2, 2025
Downloadable IOCs: 80

SVG Phishing hits Ukraine with Amatera Stealer, PureMiner

A phishing campaign targeting Ukrainian government entities uses malicious SVG files to initiate an infection chain. The attack begins with emails containing SVG attachments that redirect victims to a download site. A CHM file is then used to execute a remote HTA loader, which delivers two malware …
phishing
data theft
ukraine
cryptomining
fileless
chm
svg
amatera stealer
pureminer
countloader
2025-09-26
hta loader
Published: September 26, 2025
Downloadable IOCs: 0

Shai-Hulud worm infects npm packages

A self-propagating malware called Shai-Hulud has infected over 500 npm packages, including one with over two million weekly downloads. The worm steals sensitive data, exposes private repositories, and hijacks victim credentials to spread further. It executes when an infected package is installed, c…
worm
data-theft
npm
github
supply-chain-attack
package-infection
shai-hulud
2025-09-25
self-propagating
Published: September 25, 2025
Downloadable IOCs: 0

Malicious PyPI Packages Deliver SilentSync RAT

Two malicious Python packages, sisaws and secmeasure, were discovered in the Python Package Index (PyPI) repository. These packages, created by the same author, deliver a Remote Access Trojan (RAT) called SilentSync. The RAT is capable of remote command execution, file exfiltration, screen capturin…
rat
python
typosquatting
supply chain
data theft
remote access
pypi
data-exfiltration
supply-chain-attack
browser-data-theft
2025-09-18
silentsync
2025-09-19
python packages
Published: September 19, 2025
Downloadable IOCs: 0

Cyber Criminal Groups Compromising Salesforce Instances for Data Theft and Extortion

Two cyber criminal groups, UNC6040 and UNC6395, are targeting organizations' Salesforce platforms for data theft and extortion. UNC6040 uses social engineering, particularly voice phishing, to gain access to Salesforce accounts. They trick employees into granting access or sharing credentials, then…
social engineering
data theft
extortion
vishing
oauth
salesforce
2025-09-15
api exfiltration
shinyhunters
Published: September 15, 2025
Downloadable IOCs: 59

Widespread Data Theft Targets Salesforce Instances via Salesloft Drift - Hunting pulse

A widespread data theft campaign, conducted by UNC6395, targeted Salesforce customer instances through compromised OAuth tokens associated with the Salesloft Drift application. The actor systematically exported large volumes of data from numerous corporate Salesforce instances, focusing on harvesti…
supply chain
data theft
credential harvesting
salesforce
2025-09-08
oauth tokens
salesloft drift
Published: September 8, 2025
Linked vulnerabilities : CVE-2025-53690
Downloadable IOCs: 8

Interlock Ransomware Targeting Businesses

The Interlock ransomware group has been actively targeting businesses and critical infrastructures in North America and Europe since September 2024. Their ransomware employs AES-256-GCM encryption with RSA-4096 key protection, leveraging the OpenSSL library for efficient file encryption. The malwar…
ransomware
data theft
europe
interlock
file encryption
code obfuscation
2025-08-29
openssl
north america
aes-256-gcm
rsa-4096
Published: August 29, 2025
Downloadable IOCs: 0

Underground Ransomware Being Distributed Worldwide

The Underground ransomware gang is conducting global attacks against companies across various countries and industries. First identified in July 2023, the group resurfaced in May 2024 with a new Dedicated Leak Site. Their targets include multinational corporations from diverse sectors, with annual …
ransomware
data theft
encryption
2025-08-27
underground ransomware
striping method
global attacks
Published: August 27, 2025
Downloadable IOCs: 0

Clickfix on macOS: AppleScript Stealer, Terminal Phishing, and C2 Infrastructure

A sophisticated phishing campaign targeting macOS users employs a technique called Clickfix, which tricks victims into running terminal commands that execute malicious AppleScript. This script steals sensitive data including browser profiles, crypto wallets, and personal files. The attackers use fa…
phishing
data theft
macos
clickfix
c2 infrastructure
applescript
2025-08-22
cryptowallet
terminal commands
Published: August 22, 2025
Downloadable IOCs: 0

Uncovering a Web3 Interview Scam

A Ukrainian Web3 team's interview process involved cloning a GitHub repository containing malicious components. Analysis revealed the project replaced a legitimate dependency with a malicious NPM package, rtk-logger@1.11.5. This package collected sensitive data, including cryptocurrency wallet info…
malware
cryptocurrency
data theft
github
web3
2025-08-13
redux-ace
rtk-logger
npm package
interview scam
Published: August 13, 2025
Downloadable IOCs: 0

Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem

SentinelLABS and Beazley Security uncovered a series of infostealer campaigns delivering the Python-based PXA Stealer. The malware, which first appeared in late 2024, has evolved to incorporate sophisticated anti-analysis techniques and a hardened command-and-control infrastructure. Over 4,000 uniq…
python
infostealer
data theft
credential harvesting
telegram
2025-08-04
pxa stealer
Published: August 4, 2025
Downloadable IOCs: 5

Spear Phishing Campaign Delivers VIP Keylogger via Email Attachment

A sophisticated spear phishing campaign has been identified, distributing the VIP keylogger through email attachments. The malware is delivered via a ZIP file containing a malicious executable disguised as a PDF. Once executed, an AutoIt script drops two encrypted files, which are then decrypted an…
obfuscation
data theft
exfiltration
persistence
autoit
process hollowing
spear phishing
2025-07-30
vip keylogger
Published: July 30, 2025
Downloadable IOCs: 1

The Solidity Language open-source package was used in a $500,000 crypto heist

A blockchain developer in Russia lost $500,000 in crypto assets due to a malicious Solidity Language extension for Cursor AI IDE. The fake extension, downloaded 54,000 times, appeared higher in search results than the legitimate one due to ranking algorithms. It installed malware that allowed remot…
screenconnect
cryptocurrency
data theft
developers
open-source
quasar
blockchain
2025-07-11
heur:trojan-psw.msil.purelogs.gen
vmdetector
solidity
cursor ai
malicious extension
2025-07-16
Published: July 16, 2025
Linked vulnerabilities : CVE-2024-3721
Downloadable IOCs: 0

Malicious Loan App Removed from iOS and Google Play App Store Posed Severe Risks to Users

A SpyLoan application called 'RapiPlata' was identified on a victim's device, having been downloaded by over 150,000 users from both Google Play and Apple App Store. The app, which ranked in the top 20 finance category in Colombia, had extensive access to sensitive user data, including SMS messages…
data theft
financial fraud
mobile security
2025-06-20
spyloan
app store security
préstamo rápido
rapiplata
sms scanning
predatory lending
Published: June 20, 2025
Downloadable IOCs: 18

Fog Ransomware: Unusual Toolset Used in Recent Attack

A financial institution in Asia was targeted by Fog ransomware in May 2025, using an atypical toolset including legitimate employee monitoring software and open-source pentesting tools. The attackers deployed Syteca, GC2, Adaptix, and Stowaway, which are uncommon in ransomware attacks. They remaine…
espionage
data theft
persistence
lateral movement
CVE-2024-40711
fog ransomware
fog
asia
2025-06-12
unusual toolset
employee monitoring software
financial institution
pentesting tools
2025-06-17
Published: June 17, 2025
Linked vulnerabilities : CVE-2024-40711 (CVSS 9.8)
Downloadable IOCs: 0

APT carries out attacks with data theft and crypto miner deployment

Librarian Ghouls, an APT group targeting entities in Russia and the CIS, has been conducting a campaign involving targeted phishing emails with malicious archives. The attackers use legitimate third-party software and scripts to establish remote access, steal credentials, and deploy an XMRig crypto…
apt
phishing
xmrig
russia
data theft
crypto mining
2025-06-09
legitimate tools
cis
industrial targets
Published: June 9, 2025
Downloadable IOCs: 55

Danabot: Analyzing a fallen empire

ESET Research shares insights into Danabot, an infostealer recently disrupted by law enforcement. The malware, tracked since 2018, evolved from a banking trojan to a versatile tool for data theft and malware distribution. Operated as a malware-as-a-service, Danabot offered features like data steali…
infostealer
lockbit
data theft
darkgate
zloader
botnet
lumma stealer
matanbuchus
cybercrime
danabot
latrodectus
malware-as-a-service
smokeloader
banking trojan
systembc
buran
rescoms
recordbreaker
ursnif
2025-05-23
2025-05-25
nonransomware
proxy servers
crisis
c&c infrastructure
malware-as-service
Published: May 25, 2025
Downloadable IOCs: 1

Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

A campaign targeting the Google Chrome Web Store has deployed over 100 malicious browser extensions masquerading as legitimate tools like VPNs, AI assistants, and crypto utilities. These extensions, while offering some promised functionality, secretly connect to threat actor infrastructure to steal…
data theft
browser security
malicious domains
chrome extensions
2025-05-22
google web store
remote script execution
cookie stealing
vpn impersonation
Published: May 22, 2025
Downloadable IOCs: 25

Lumma Stealer is Out... of business!

A coordinated action led by Microsoft's Digital Crimes Unit, with participation from Bitsight and other partners, has successfully dismantled the operational capabilities of Lumma Stealer (LummaC2), a prominent information stealer operating since late 2022. The operation involved seizing over 1,000…
lummac2
data theft
redline
malware-as-a-service
information stealer
2025-05-21
lummac
infrastructure takedown
multi-tiered c2
Published: May 21, 2025
Downloadable IOCs: 1091

Hidden Threats of Dual-Function Malware Found in Chrome Extensions

An unknown threat actor has been creating malicious Chrome browser extensions since February 2024, using fake websites to lure users into installing them. These extensions have dual functionality, appearing to work as intended while also connecting to malicious servers to steal user data and execut…
data theft
code execution
2025-05-21
traffic manipulation
lure websites
chrome extensions
api endpoints
Published: May 21, 2025
Downloadable IOCs: 100

Pentagon Stealer: Go and Python Malware Targeting Crypto

Pentagon Stealer is an evolving malware threat that exists in both Python and Golang versions. It primarily targets browser credentials, cookies, crypto wallet data, and messaging app tokens. The malware exploits browser debug modes to bypass encryption and injects into crypto wallets to steal sens…
python
cryptocurrency
data theft
stealer
purecrypter
go
blx stealer
vilsa stealer
2025-04-30
wallet injection
1312 stealer
browser exploitation
pentagon stealer
acab stealer
Published: April 30, 2025
Downloadable IOCs: 19

Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns

A Windows .lnk file vulnerability, ZDI-CAN-25373, has been extensively exploited by state-sponsored and cybercriminal groups. The vulnerability allows hidden command execution through crafted shortcut files, exposing organizations to data theft and cyber espionage risks. Nearly 1,000 malicious .lnk…
apt
espionage
windows
vulnerability
data theft
zero-day
lnk
raspberry robin
command execution
2025-03-18
shortcut
Published: March 18, 2025
Downloadable IOCs: 851

New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated macOS malware that infects Xcode projects. This latest version features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. The malware steals and exfiltrates files, system …
obfuscation
data theft
persistence
macos
modular
2025-03-11
xcsset
xcode
digital wallets
Published: March 11, 2025
Downloadable IOCs: 31

SPYLEND: The Android App Available on Google Play Store: Enabling Financial Cyber Crime & Extortion

A sophisticated Android malware called SpyLend, disguised as a 'Finance Simplified' app, is targeting Indian users through the Google Play Store. The app leverages location-based targeting to display unauthorized loan applications, enabling predatory lending, blackmail, and extortion. It has rapidl…
malware
android
data theft
extortion
india
financial
2025-02-22
google play store
spylend
loan apps
Published: February 22, 2025
Downloadable IOCs: 0

NOVA - A Well-Forgotten Stealer

This intelligence report discusses a recent cyber threat targeting Russian companies. The attackers are employing a fork of a popular stealer malware, known as NOVA, to steal data from these organizations. The report highlights the resurgence of an older malware strain that has been modified and re…
data theft
stealer
2025-01-31
nova
Published: January 31, 2025
Downloadable IOCs: 0

Protecting Against the Exploited CVEs in the Cleo Data Theft Attacks

The Clop ransomware group has exploited critical vulnerabilities in Cleo's managed file transfer software, specifically CVE-2024-50623 and CVE-2024-55956. These vulnerabilities allow unrestricted file upload/download and execution of arbitrary commands. Imperva has observed over 1 million exploitat…
ransomware
powershell
data theft
extortion
persistence
CVE-2024-50623
CVE-2024-55956
2025-01-22
clop
file transfer
Published: January 22, 2025
Downloadable IOCs: 2

APT-C-26 (Lazarus) continues to upgrade its attack weapons, using Electron programs to target the cryptocurrency industry

The APT-C-26 (Lazarus) group has been observed using Electron-packaged malicious programs disguised as cryptocurrency trading tools to target individuals in the cryptocurrency industry. The attack involves a multi-stage process, including the use of poisoned open-source projects, obfuscated malicio…
cryptocurrency
data theft
electron
2025-01-22
uniswapsniperbot
Published: January 22, 2025
Downloadable IOCs: 0

Analysis of the attack activities of APT-C-26 (Lazarus) using weaponized IPMsg software

The Lazarus group, a highly active APT organization, has been observed weaponizing the IPMsg installer for attacks. When executed, the malicious installer releases the official IPMsg version 5.6.18.0 to deceive users while activating a malicious DLL in memory. This DLL connects to a remote control …
backdoor
apt
social engineering
data theft
c2 communication
2025-01-02
ipmsg
dll64.dll
loader1.dll
att_loader_dll.dll
weaponized installer
Published: January 2, 2025
Downloadable IOCs: 3

New Cleo zero-day RCE flaw exploited in data theft attacks

A critical zero-day vulnerability in Cleo's managed file transfer software is being actively exploited by hackers to breach corporate networks and steal data. The flaw affects Cleo LexiCom, VLTrader, and Harmony products, allowing unrestricted file upload and downloads leading to remote code execut…
data theft
zero-day
CVE-2024-50623
rce
termite
cleo
lexicom
2024-12-11
vltrader
cleo harmony
Published: December 11, 2024
Downloadable IOCs: 0

Life on a crooked RedLine: Analyzing the infamous infostealer's backend

This article provides an in-depth analysis of RedLine Stealer, a notorious information-stealing malware. The research focuses on previously undocumented backend modules and the control panel used by affiliates. Key findings include the identification of over 1,000 unique IP addresses hosting RedLin…
infostealer
data theft
meta stealer
cybercrime
malware-as-a-service
redline stealer
2024-11-17
control panel
windows communication framework
backend analysis
Published: November 17, 2024
Downloadable IOCs: 0

North Korean remote workers landing jobs in the West

North Korean threat actors are utilizing Contagious Interview and WageMole campaigns to secure remote employment in Western countries, evading financial sanctions. The Contagious Interview campaign has been updated with improved script obfuscation and multi-platform support, targeting over 100 devi…
social engineering
cryptocurrency
data theft
beavertail
contagious interview
invisibleferret
2024-11-06
wagemole
sanctions evasion
remote work
job fraud
Published: November 6, 2024
Downloadable IOCs: 56

Attempts to disrupt Russian businesses with MetaStealer

A previously unknown threat actor, Venture Wolf, has been targeting Russian businesses since November 2023. The group uses multiple loaders to deliver MetaStealer, a malware that focuses on manufacturing, construction, IT, and telecommunications industries. The campaign involves disseminating archi…
obfuscation
phishing
data theft
injection
redline
metastealer
stealers
2024-11-05
loaders
Published: November 5, 2024
Downloadable IOCs: 20

Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack

A sophisticated malware campaign targeting cryptocurrency enthusiasts has been uncovered, utilizing multiple attack vectors including a malicious Python package on PyPI and deceptive GitHub repositories. The multi-stage malware, disguised as cryptocurrency trading tools, aims to steal sensitive dat…
supply-chain
cryptocurrency
data-theft
social-engineering
pypi
github
2024-11-04
multi-stage
gui
cryptoaitools
Published: November 4, 2024
Downloadable IOCs: 2

Rat King: How the Android Trojan CraxsRAT Steals User Data

CraxsRAT, an Android trojan, has been targeting Russian and Belarusian users since summer 2024. It masquerades as legitimate apps like government services, antivirus software, and telecom operators. The malware spreads through social engineering tactics, prompting users to download malicious APK fi…
espionage
social engineering
android
data theft
trojan
financial fraud
remote access
craxsrat
2024-10-31
Published: October 31, 2024
Downloadable IOCs: 0

Over 10 Million Personal And Corporate Devices Infected By Information Stealers

A significant increase in data-stealing malware infections has been observed, with nearly 10 million devices compromised in 2023, marking a 643% rise over three years. Cybercriminals are using sophisticated distribution methods, including malvertising and YouTube comment spam. On average, 50.9 logi…
data theft
credential theft
redline
cybercrime
vidar
malware-as-a-service
lumma
amos
information stealers
2024-10-22
raccoon
vidar/acr
kral stealer
Published: October 22, 2024
Downloadable IOCs: 0

YUNIT STEALER

Yunit Stealer is a sophisticated malware targeting sensitive user data through credential theft and system manipulation. It employs advanced evasion techniques to bypass security measures, maintaining persistence on compromised systems. The malware performs comprehensive data extraction, including …
cryptocurrency
data theft
2024-10-07
gaming
credential extraction
yunit stealer
Published: October 7, 2024
Downloadable IOCs: 0

VILSA STEALER

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…
cryptocurrency
data theft
exfiltration
persistence
anti-analysis
2024-10-07
vilsa stealer
browser credentials
Published: October 7, 2024
Downloadable IOCs: 3

Unicorn: New Spy Scripts Steal Data from Russian Companies

A new malware campaign targeting Russian energy companies, factories, and electronic component suppliers has been detected. The malware, distributed via email attachments or Yandex Disk links, uses RAR archives containing LNK files to download and execute malicious HTA files. These files create VBS…
data theft
2024-09-20
unicorn
Published: September 20, 2024
Downloadable IOCs: 2

Stone Wolf employs Meduza Stealer to hack Russian companies

A malicious campaign by a group called Stone Wolf has been targeting Russian companies using phishing emails impersonating a legitimate industrial automation provider. The attackers aim to deliver Meduza Stealer, a commercial malware available on underground forums. The campaign involves sending an…
phishing
data theft
meduza stealer
2024-09-02
industrial automation
russian companies
Published: September 2, 2024
Downloadable IOCs: 41

Report on Ukraine government attack campaign

Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed around prisoners of war, containing links to download an archive named 'spysok_kursk.zip'. This archive contained a CHM file with JavaScript code that launched an obfusca…
malware
powershell
data theft
ukraine
exfiltration
government
spectr
2024-08-23
firmachagent
Published: August 23, 2024
Downloadable IOCs: 33

Strikes with commercial malware against organizations in Kazakhstan

BI.ZONE experts have been monitoring the activities of a threat group called Bloody Wolf since late 2023. This group targets organizations in Kazakhstan using STRRAT, a commercial malware known as Strigoi Master. The attackers employ phishing emails posing as communications from government agencies…
phishing
data theft
remote access
2024-08-01
strrat
strigoi master
Published: August 1, 2024
Downloadable IOCs: 10

LummaC2 Malware Abusing the Game Platform 'Steam'

The report investigates LummaC2, an infostealer malware actively distributed under the guise of illegal software. It highlights LummaC2's tactics of utilizing encrypted strings and abusing legitimate websites like Steam to acquire command-and-control (C2) domains. The malware steals sensitive user …
lummac2
infostealer
data theft
vidar
2024-07-26
Published: July 26, 2024
Downloadable IOCs: 21

Fake Microsoft Teams for Mac delivers Atomic Stealer

A malvertising campaign lures Mac users into downloading a counterfeit Microsoft Teams installer containing Atomic Stealer, a data-stealing malware. The campaign uses advanced filtering techniques, compromised ad accounts, and decoy pages to deliver unique payloads that bypass security measures. Up…
malvertising
data theft
stealer
macos
adware
2024-07-12
atomic stealer
Published: July 12, 2024
Downloadable IOCs: 6

New Ransomware Operator Volcano Demon Serving Up LukaLocker

A cybersecurity firm has encountered a new ransomware organization, dubbed Volcano Demon, responsible for recent attacks involving an encryptor called LukaLocker. The malware encrypts victims' files with the .nba extension and was successful in compromising Windows workstations and servers after ha…
ransomware
data-theft
2024-07-03
lukalocker
Published: July 3, 2024
Downloadable IOCs: 3

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion

An extensive cybercriminal campaign led by a threat actor codenamed UNC5537 has compromised numerous Snowflake customer database instances with the intent of data theft and extortion. The threat actor exploited stolen customer credentials, predominantly obtained through infostealer malware infectio…
data theft
extortion
2024-06-12
snowflake
unc5537
Published: June 12, 2024
Downloadable IOCs: 48

Crimeware report: Acrid, ScarletStealer and Sys01 stealers

This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, …
malware
stealer
data-theft
cybercrime
2024-05-22
acrid
scarletstealer
crimeware
sys01
newb
Published: May 22, 2024
Downloadable IOCs: 5

Distribution of DanaBot Malware via Word Files Detected

This analysis examines the infection process of the DanaBot malware, distributed through sophisticated spam emails containing malicious Word documents. The documents leverage external links to download and execute macro files, which subsequently fetch and run the DanaBot payload. The infection chai…
malware
evasion
data theft
spam
2024-05-09
macros
danabot
2024-05-14
2024-05-10
Published: May 14, 2024
Downloadable IOCs: 0

Ransomware Roundup (April 29, 2024)

This concise report provides insights into the evolving ransomware landscape, covering the KageNoHitobito and DoNex variants. It analyzes their infection vectors, victimology, attack methods, and associated indicators of compromise (IoCs). The report also highlights Fortinet's protections against t…
ransomware
windows
data theft
ransom
darkrace
donex
encryption
kagenohitobito
Published: April 29, 2024
Downloadable IOCs: 7

Fletchen Stealer: An Information Stealer with Sophisticated Anti-Analysis Measures

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…
stealer
exfiltration
persistence
anti-analysis
data-theft
fletchen stealer
Published: April 29, 2024
Downloadable IOCs: 13
Click here to see more Attack Reports