Tag: keylogging

9 Attack Reports | 0 Vulnerabilities

Attack reports

Evolving Snake Keylogger Variant

A new variant of Snake Keylogger, identified as AutoIt/Injector.GTY!tr, has been detected by FortiSandbox v5.0. This malware has attempted over 280 million infections, primarily targeting China, Turkey, Indonesia, Taiwan, and Spain. Snake Keylogger steals sensitive information from popular web brow…
credential theft
autoit
keylogging
snake keylogger
process hollowing
2025-02-20
fortisandbox
ai detection
404 keylogger
paix
Published: February 20, 2025
Downloadable IOCs: 3

XWorm Cocktail: A Mix of PE data with PowerShell Code

A malicious file discovered on VirusTotal triggered a PowerShell rule, leading to the investigation of two closely related files identified as 'data files' but named as executables. The files contain a mix of PowerShell code, binary data, and obfuscated text. Analysis revealed characteristics of XW…
obfuscation
xworm
evasion
powershell
persistence
keylogging
virustotal
deobfuscation
2025-02-19
Published: February 19, 2025
Downloadable IOCs: 3

End-of-Year PTO: Days Off and Data Exfiltration with Formbook

A phishing campaign disguised as an end-of-year leave approval notice has been intercepted by the Cofense Phishing Defense Center. The malicious email, masquerading as HR communication, tricks recipients into clicking a link that leads to the deployment of FormBook malware. The email contains red f…
phishing
autoit
credential harvesting
formbook
keylogging
data exfiltration
process injection
2024-12-06
holiday-themed
Published: December 6, 2024
Downloadable IOCs: 0

XWorm: Analyzing New Infection Tactics With Old Payload

A recent malware campaign utilizes a multi-stage infection chain starting with a LNK file that lures victims into opening an invoice in a web browser. The attack involves PowerShell commands, batch files, and Python scripts to download and execute the XWorm payload. The infection process includes d…
xworm
python
powershell
keylogging
lnk file
shellcode injection
multi-stage infection
2024-12-04
Published: December 4, 2024
Downloadable IOCs: 0

TaxOff: You've Got a Backdoor...

A sophisticated threat group named TaxOff has been discovered targeting Russian government agencies. The group uses phishing emails with legal and financial themes to deliver the Trinper backdoor, a multithreaded C++ malware with advanced features. Trinper employs STL containers, custom serializati…
espionage
phishing
keylogging
2024-12-03
code injection
russian government
trinper backdoor
Published: December 3, 2024
Downloadable IOCs: 11

DarkComet RAT: Technical Analysis of Attack Chain

This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
rat
evasion
persistence
keylogging
privilege escalation
command and control
remote access trojan
2024-10-23
darkcomet
Published: October 23, 2024
Downloadable IOCs: 1

The trojan horse that wanted to fly

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
phishing
remote access
banking trojan
brazil
keylogging
mobile malware
2024-09-02
device takeover
hook
rocinante
ermac
Published: September 2, 2024
Downloadable IOCs: 4

BlankBot: A new Android banking trojan

A new Android banking trojan called BlankBot has been discovered. Discovered by Intel 471 researchers in July 2024, BlankBot primarily targets Turkish users through impersonated utility apps. With a range of malicious capabilities like customer injections, keylogging, screen recording, and remote c…
android
trojan
banking
keylogging
2024-08-06
blankbot
Published: August 6, 2024
Downloadable IOCs: 0

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan dubbed 'CarnavalHeist'. The malware employs common tactics like financial-themed spam emails, Delphi-based DLLs, overlay attacks, and input capture techniques like keylogging and screen capture. Ho…
trojan
banking
2024-05-31
brazil
keylogging
overlay
access_pc_client.dll
carnavalheist
Published: May 31, 2024
Downloadable IOCs: 61
Click here to see more Attack Reports