Tag: latrodectus

12 Attack Reports | 0 Vulnerabilities

Attack reports

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, threat actors have been leveraging Node.js to deliver malware and payloads for information theft and data exfiltration. A recent malvertising campaign uses cryptocurrency trading themes to lure users into downloading malicious installers. The attack chain includes initial access…
node.js
remcos
latrodectus
stilachirat
ahkbot
2025-04-15
raccoono365
Published: April 15, 2025
Downloadable IOCs: 0

Threat actors leverage tax season to deploy tax-themed phishing campaigns

Microsoft has observed several phishing campaigns using tax-related themes to steal credentials and deploy malware as Tax Day approaches in the United States. These campaigns use redirection methods like URL shorteners and QR codes in malicious attachments, and abuse legitimate services to avoid de…
malware
phishing
social engineering
remcos
credential theft
latrodectus
guloader
redirection
qr codes
remote access trojans
2025-04-03
tax season
ahkbot
bruteratel c4
Published: April 3, 2025
Downloadable IOCs: 0

A Practical Guide to Uncovering Malicious Infrastructure With Hunt.io

This guide demonstrates how to use Hunt.io to investigate and track malicious infrastructure. Starting with a single suspicious IP address, the process involves analyzing hosting providers, domain information, open ports, HTTP responses, and TLS certificates. The investigation reveals connections t…
latrodectus
malicious infrastructure
osint
tls certificates
threat hunting
2025-03-25
latrodectus malware
sql queries
hunt.io
network scanning
cryptocurrency fraud
Published: March 25, 2025
Downloadable IOCs: 0

2024 Malicious Infrastructure Insights: Key Trends and Threats

The report highlights significant trends in malicious infrastructure for 2024, including the rise of malware-as-a-service infostealers, continued dominance of Cobalt Strike among offensive security tools, and increased use of legitimate services by threat actors. Key findings include LummaC2's domi…
lummac2
plugx
cobalt strike
asyncrat
cybercrime
infostealers
dcrat
latrodectus
botnets
mobile malware
malicious infrastructure
quasarrat
hook
gobrat
brute ratel c4
remote access trojans
2025-02-28
traffic distribution systems
mozi botnet
state-sponsored groups
command-and-control servers
solarmarker rat
offensive security tools
Published: February 28, 2025
Downloadable IOCs: 0

Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader

A new malware called Pronsis Loader has been discovered, with similarities to D3F@ck Loader. Both use JPHP-compiled executables, but Pronsis uses NSIS for installation instead of Inno Setup. Pronsis Loader typically delivers Lumma Stealer and Latrodectus payloads. It employs defense evasion techniq…
lumma stealer
latrodectus
d3f@ck loader
pronsis loader
2024-12-04
jphp
Published: December 4, 2024
Downloadable IOCs: 0

Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape

Proofpoint researchers have identified a surge in the ClickFix social engineering technique across the threat landscape. This technique uses dialogue boxes with fake error messages to trick users into copying, pasting, and running malicious content on their computers. Multiple threat actors are emp…
xworm
phishing
social engineering
powershell
darkgate
lumma stealer
asyncrat
danabot
latrodectus
netsupport
cybersecurity
clickfix
threat actors
brute ratel c4
2024-11-18
malware delivery
lucky volunteer
recaptcha phish
threat landscape
Published: November 18, 2024
Downloadable IOCs: 0

LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus

LUNAR SPIDER, a Russian-speaking financially motivated threat group, has resumed operations following law enforcement disruptions. They've shifted from using IcedID to leveraging Latrodectus and Brute Ratel C4 malware, targeting financial services through SEO poisoning malvertising campaigns. The g…
ransomware
malvertising
seo poisoning
icedid
latrodectus
2024-10-31
brute ratel c4
financial sector
infrastructure sharing
Published: October 31, 2024
Downloadable IOCs: 0

New Bumblebee Loader Infection Chain Signals Possible Resurgence

A new infection chain for the Bumblebee loader malware has been discovered, potentially indicating its resurgence after Operation Endgame. The sophisticated downloader, first identified in March 2022, is used by cybercriminals to access corporate networks and deliver payloads like Cobalt Strike bea…
loader
pikabot
phishing
cobalt strike
icedid
lnk
darkgate
latrodectus
stealth
2024-10-21
msi
bumblebee
infection-chain
in-memory-execution
Published: October 21, 2024
Downloadable IOCs: 11

Inside the Latrodectus Malware Campaign

The Latrodectus malware campaign employs a combination of traditional phishing techniques and innovative payload delivery methods to target financial, automotive, and healthcare sectors. The attack chain begins with compromised emails containing malicious PDF or HTML attachments, which redirect use…
obfuscation
phishing
icedid
javascript
healthcare
latrodectus
financial
2024-10-21
msi
dll
automotive
activex
rundll32
Published: October 21, 2024
Downloadable IOCs: 20

Latrodectus Rapid Evolution Continues With Latest New Payload Features

This report discusses the latest updates to the Latrodectus malware, including a different string deobfuscation approach, a new C2 endpoint, and two new backdoor commands. It provides an in-depth analysis of the new version 1.4, focusing on the new features added or updated in this variant. The rep…
malware
icedid
analysis
payload
latrodectus
2024-08-30
evolution
Published: August 30, 2024
Downloadable IOCs: 10

Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site

The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…
malware
phishing
stealer
latrodectus
downloader
cybersecurity
acr stealer
2024-08-20
Published: August 20, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805, CVE-2021-44228, CVE-2017-11882, CVE-2024-21412, CVE-2024-21893
Downloadable IOCs: 15

Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID

LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It offers standard capabilities for deploying payloads and conducting post-exploitation activities. Initially discovered by Walmart researchers in 2023, it continues evolvi…
malware
loader
icedid
cybercrime
2024-05-17
latrodectus
financially-motivated
Published: May 17, 2024
Downloadable IOCs: 7
Click here to see more Attack Reports