Today > | 1 Medium vulnerabilities - You can now download lists of IOCs here!
21 attack reports | 0 vulnerabilities
A critical zero-day vulnerability in Cleo's managed file transfer software is being actively exploited by hackers to breach corporate networks and steal data. The flaw affects Cleo LexiCom, VLTrader, and Harmony products, allowing unrestricted file upload and downloads leading to remote code execut…
This article provides an in-depth analysis of RedLine Stealer, a notorious information-stealing malware. The research focuses on previously undocumented backend modules and the control panel used by affiliates. Key findings include the identification of over 1,000 unique IP addresses hosting RedLin…
North Korean threat actors are utilizing Contagious Interview and WageMole campaigns to secure remote employment in Western countries, evading financial sanctions. The Contagious Interview campaign has been updated with improved script obfuscation and multi-platform support, targeting over 100 devi…
A previously unknown threat actor, Venture Wolf, has been targeting Russian businesses since November 2023. The group uses multiple loaders to deliver MetaStealer, a malware that focuses on manufacturing, construction, IT, and telecommunications industries. The campaign involves disseminating archi…
A sophisticated malware campaign targeting cryptocurrency enthusiasts has been uncovered, utilizing multiple attack vectors including a malicious Python package on PyPI and deceptive GitHub repositories. The multi-stage malware, disguised as cryptocurrency trading tools, aims to steal sensitive dat…
CraxsRAT, an Android trojan, has been targeting Russian and Belarusian users since summer 2024. It masquerades as legitimate apps like government services, antivirus software, and telecom operators. The malware spreads through social engineering tactics, prompting users to download malicious APK fi…
A significant increase in data-stealing malware infections has been observed, with nearly 10 million devices compromised in 2023, marking a 643% rise over three years. Cybercriminals are using sophisticated distribution methods, including malvertising and YouTube comment spam. On average, 50.9 logi…
Yunit Stealer is a sophisticated malware targeting sensitive user data through credential theft and system manipulation. It employs advanced evasion techniques to bypass security measures, maintaining persistence on compromised systems. The malware performs comprehensive data extraction, including …
A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…
A new malware campaign targeting Russian energy companies, factories, and electronic component suppliers has been detected. The malware, distributed via email attachments or Yandex Disk links, uses RAR archives containing LNK files to download and execute malicious HTA files. These files create VBS…
A malicious campaign by a group called Stone Wolf has been targeting Russian companies using phishing emails impersonating a legitimate industrial automation provider. The attackers aim to deliver Meduza Stealer, a commercial malware available on underground forums. The campaign involves sending an…
Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed around prisoners of war, containing links to download an archive named 'spysok_kursk.zip'. This archive contained a CHM file with JavaScript code that launched an obfusca…
BI.ZONE experts have been monitoring the activities of a threat group called Bloody Wolf since late 2023. This group targets organizations in Kazakhstan using STRRAT, a commercial malware known as Strigoi Master. The attackers employ phishing emails posing as communications from government agencies…
The report investigates LummaC2, an infostealer malware actively distributed under the guise of illegal software. It highlights LummaC2's tactics of utilizing encrypted strings and abusing legitimate websites like Steam to acquire command-and-control (C2) domains. The malware steals sensitive user …
A malvertising campaign lures Mac users into downloading a counterfeit Microsoft Teams installer containing Atomic Stealer, a data-stealing malware. The campaign uses advanced filtering techniques, compromised ad accounts, and decoy pages to deliver unique payloads that bypass security measures. Up…
A cybersecurity firm has encountered a new ransomware organization, dubbed Volcano Demon, responsible for recent attacks involving an encryptor called LukaLocker. The malware encrypts victims' files with the .nba extension and was successful in compromising Windows workstations and servers after ha…
An extensive cybercriminal campaign led by a threat actor codenamed UNC5537 has compromised numerous Snowflake customer database instances with the intent of data theft and extortion. The threat actor exploited stolen customer credentials, predominantly obtained through infostealer malware infectio…
This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, …
This analysis examines the infection process of the DanaBot malware, distributed through sophisticated spam emails containing malicious Word documents. The documents leverage external links to download and execute macro files, which subsequently fetch and run the DanaBot payload. The infection chai…
This concise report provides insights into the evolving ransomware landscape, covering the KageNoHitobito and DoNex variants. It analyzes their infection vectors, victimology, attack methods, and associated indicators of compromise (IoCs). The report also highlights Fortinet's protections against t…
This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…