Today > 3 Critical | 26 High | 35 Medium | 9 Low vulnerabilities - You can now download lists of IOCs here!
9 attack reports | 0 vulnerabilities
A new variant of Snake Keylogger, identified as AutoIt/Injector.GTY!tr, has been detected by FortiSandbox v5.0. This malware has attempted over 280 million infections, primarily targeting China, Turkey, Indonesia, Taiwan, and Spain. Snake Keylogger steals sensitive information from popular web brow…
A malicious file discovered on VirusTotal triggered a PowerShell rule, leading to the investigation of two closely related files identified as 'data files' but named as executables. The files contain a mix of PowerShell code, binary data, and obfuscated text. Analysis revealed characteristics of XW…
A phishing campaign disguised as an end-of-year leave approval notice has been intercepted by the Cofense Phishing Defense Center. The malicious email, masquerading as HR communication, tricks recipients into clicking a link that leads to the deployment of FormBook malware. The email contains red f…
A recent malware campaign utilizes a multi-stage infection chain starting with a LNK file that lures victims into opening an invoice in a web browser. The attack involves PowerShell commands, batch files, and Python scripts to download and execute the XWorm payload. The infection process includes d…
A sophisticated threat group named TaxOff has been discovered targeting Russian government agencies. The group uses phishing emails with legal and financial themes to deliver the Trinper backdoor, a multithreaded C++ malware with advanced features. Trinper employs STL containers, custom serializati…
This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
A new Android banking trojan called BlankBot has been discovered. Discovered by Intel 471 researchers in July 2024, BlankBot primarily targets Turkish users through impersonated utility apps. With a range of malicious capabilities like customer injections, keylogging, screen recording, and remote c…
Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan dubbed 'CarnavalHeist'. The malware employs common tactics like financial-themed spam emails, Delphi-based DLLs, overlay attacks, and input capture techniques like keylogging and screen capture. Ho…