Tag: keylogging

13 Attack Reports | 0 Vulnerabilities

Attack reports

Newly Registered Domains Distributing SpyNote Malware

Cybercriminals are employing deceptive websites on newly registered domains to distribute AndroidOS SpyNote malware. These sites imitate the Google Chrome install page on the Google Play Store, tricking users into downloading SpyNote, a powerful Android remote access trojan. SpyNote is used for sur…
rat
phishing
android
spynote
remote access
keylogging
data exfiltration
spymax
google play store
2025-04-10
apk dropper
androidos
2025-04-15
Published: April 15, 2025
Downloadable IOCs: 0

Operation Sea Elephant: The Dying Walrus Wandering the Indian Ocean

The CNC group, with South Asian origins, has been targeting domestic teachers, students, and research institutions. Their operation, named 'sea elephant', aims to spy on scientific research achievements in the ocean field. The group employs various tactics, including spear-phishing emails, IM softw…
steganography
keylogging
south asia
usb propagation
file stealing
2025-04-10
sogou_pinyinupdater.exe
scientific espionage
tericerit.exe
srclogsys.exe
cachestore.exe
github api
konlinesetupupdate_xa.exe
ocean research
windowassistance.exe
huaweihisuiteservice64.exe
filecoauthx86.exe
aliyun_updater64.exe
youdaogui.exe
mscleanup64.exe
windowsfilters.exe
qaxreporter.exe
Published: April 10, 2025
Downloadable IOCs: 0

APT Targets South Korea with Deceptive PDF Lures

The Kimsuky APT group, also known as Black Banshee, has been actively targeting South Korean government entities using evolving tactics. Two distinct campaigns were uncovered, both utilizing government-themed PDF documents as lures. The infection chain begins with a phishing email containing a mali…
obfuscation
apt
phishing
south korea
keylogging
lnk file
data exfiltration
cryptocurrency theft
snakekeylogger
2025-04-04
vba script
Published: April 4, 2025
Downloadable IOCs: 0

TsarBot Trojan Hits 750+ Banking & Crypto Apps!

A newly discovered Android banking Trojan, TsarBot, targets over 750 applications globally, including banking, finance, cryptocurrency, and e-commerce apps. It spreads through phishing sites masquerading as legitimate financial platforms and is installed via a dropper disguised as Google Play Servi…
phishing
android
credential theft
banking trojan
keylogging
sms interception
on-device fraud
2025-04-01
websocket
screen recording
tsarbot
overlay attack
Published: April 1, 2025
Downloadable IOCs: 0

Evolving Snake Keylogger Variant

A new variant of Snake Keylogger, identified as AutoIt/Injector.GTY!tr, has been detected by FortiSandbox v5.0. This malware has attempted over 280 million infections, primarily targeting China, Turkey, Indonesia, Taiwan, and Spain. Snake Keylogger steals sensitive information from popular web brow…
credential theft
autoit
keylogging
snake keylogger
process hollowing
2025-02-20
fortisandbox
ai detection
404 keylogger
paix
Published: February 20, 2025
Downloadable IOCs: 3

XWorm Cocktail: A Mix of PE data with PowerShell Code

A malicious file discovered on VirusTotal triggered a PowerShell rule, leading to the investigation of two closely related files identified as 'data files' but named as executables. The files contain a mix of PowerShell code, binary data, and obfuscated text. Analysis revealed characteristics of XW…
obfuscation
xworm
evasion
powershell
persistence
keylogging
virustotal
deobfuscation
2025-02-19
Published: February 19, 2025
Downloadable IOCs: 3

End-of-Year PTO: Days Off and Data Exfiltration with Formbook

A phishing campaign disguised as an end-of-year leave approval notice has been intercepted by the Cofense Phishing Defense Center. The malicious email, masquerading as HR communication, tricks recipients into clicking a link that leads to the deployment of FormBook malware. The email contains red f…
phishing
autoit
credential harvesting
formbook
keylogging
data exfiltration
process injection
2024-12-06
holiday-themed
Published: December 6, 2024
Downloadable IOCs: 0

XWorm: Analyzing New Infection Tactics With Old Payload

A recent malware campaign utilizes a multi-stage infection chain starting with a LNK file that lures victims into opening an invoice in a web browser. The attack involves PowerShell commands, batch files, and Python scripts to download and execute the XWorm payload. The infection process includes d…
xworm
python
powershell
keylogging
lnk file
shellcode injection
multi-stage infection
2024-12-04
Published: December 4, 2024
Downloadable IOCs: 0

TaxOff: You've Got a Backdoor...

A sophisticated threat group named TaxOff has been discovered targeting Russian government agencies. The group uses phishing emails with legal and financial themes to deliver the Trinper backdoor, a multithreaded C++ malware with advanced features. Trinper employs STL containers, custom serializati…
espionage
phishing
keylogging
2024-12-03
code injection
russian government
trinper backdoor
Published: December 3, 2024
Downloadable IOCs: 11

DarkComet RAT: Technical Analysis of Attack Chain

This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
rat
evasion
persistence
keylogging
privilege escalation
command and control
remote access trojan
2024-10-23
darkcomet
Published: October 23, 2024
Downloadable IOCs: 1

The trojan horse that wanted to fly

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
phishing
remote access
banking trojan
brazil
keylogging
mobile malware
2024-09-02
device takeover
hook
rocinante
ermac
Published: September 2, 2024
Downloadable IOCs: 4

BlankBot: A new Android banking trojan

A new Android banking trojan called BlankBot has been discovered. Discovered by Intel 471 researchers in July 2024, BlankBot primarily targets Turkish users through impersonated utility apps. With a range of malicious capabilities like customer injections, keylogging, screen recording, and remote c…
android
trojan
banking
keylogging
2024-08-06
blankbot
Published: August 6, 2024
Downloadable IOCs: 0

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan dubbed 'CarnavalHeist'. The malware employs common tactics like financial-themed spam emails, Delphi-based DLLs, overlay attacks, and input capture techniques like keylogging and screen capture. Ho…
trojan
banking
2024-05-31
brazil
keylogging
overlay
access_pc_client.dll
carnavalheist
Published: May 31, 2024
Downloadable IOCs: 61
Click here to see more Attack Reports