Tag: maas

12 Attack Reports | 0 Vulnerabilities

Attack reports

From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up

Matanbuchus 3.0, a malware loader available as Malware-as-a-Service, has evolved with significant updates. It now employs sophisticated techniques including improved communication protocols, in-memory stealth capabilities, enhanced obfuscation, and support for WQL queries, CMD, and PowerShell rever…
ransomware
matanbuchus
microsoft teams
maas
2025-07-18
Published: July 18, 2025
Downloadable IOCs: 11

Powerful MaaS On the Prowl for Credentials and Crypto Assets

Katz Stealer is a sophisticated infostealer marketed as Malware-as-a-Service (MaaS), launched in early 2025. It features robust credential and data theft capabilities, along with modern evasion and anti-analysis techniques. The stealer targets a wide range of personal and sensitive information, inc…
infostealer
cryptocurrency
credential theft
data exfiltration
maas
evasion techniques
browser injection
katz stealer
2025-07-17
Published: July 17, 2025
Downloadable IOCs: 31

MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities

A Malware-as-a-Service operation utilizing Amadey for payload delivery has been identified, with connections to a SmokeLoader phishing campaign targeting Ukrainian entities. The operation exploits fake GitHub accounts to host payloads and tools, bypassing web filtering. Emmenhtal, a multistage down…
obfuscation
phishing
rhadamanthys
ukraine
amadey
asyncrat
redline
smokeloader
downloader
github
lumma
maas
emmenhtal
2025-07-17
Published: July 17, 2025
Downloadable IOCs: 4

Applications of Snake Keylogger in Geopolitics: Abuse of Trusted Java Utilities in Cybercriminal Activities

A new phishing campaign using Snake Keylogger, a Russian-origin stealer, has been discovered targeting various victims including corporations, governments, and individuals. The campaign uses spear-phishing emails offering petroleum products, with malicious attachments exploiting the legitimate jsad…
credential theft
dll sideloading
java
keylogger
geopolitical
maas
snake keylogger
spear-phishing
2025-07-06
petroleum
Published: July 6, 2025
Downloadable IOCs: 0

Snake Keylogger in Geopolitical Affairs: Abuse of Trusted Java Utilities in Cybercrime Operations

The S2 Group’s intelligence team has identified through adversary tracking a new phishing campaign by Snake Keylogger, a Russian origin stealer programmed in .NET, targeting various types of victims, such as companies, governments or individuals. The campaign has been identified as using spearphish…
phishing
spearphishing
infostealer
russia
malware-as-a-service
keylogger
maas
snake keylogger
credential stealer
2025-06-30
Published: June 30, 2025
Downloadable IOCs: 34

Threat Analysis: DCRat presence growing in Latin America

Hive0131 is conducting email campaigns targeting users in Colombia with fake electronic notifications of criminal proceedings, purportedly from The Judiciary of Colombia. The campaigns deliver DCRat, a banking trojan operated as Malware-as-a-Service, through embedded links or PDF lures. DCRat's pre…
phishing
dcrat
banking trojan
maas
process hollowing
colombia
2025-06-06
vmdetectloader
Published: June 6, 2025
Downloadable IOCs: 3

SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation

A new Android malware campaign called 'SuperCard X' has been identified, employing NFC-relay techniques to enable fraudulent POS payments and ATM withdrawals. Distributed through a Chinese-speaking Malware-as-a-Service platform, it shares similarities with NGate malware. The campaign uses social en…
android
banking
ngate
maas
2025-04-18
supercard x
relay-attack
Published: April 18, 2025
Downloadable IOCs: 6

Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions' Infrastructure

An ongoing malware campaign is distributing Lumma Stealer, an information-stealing malware, through malicious LNK files disguised as PDF documents. The campaign exploits compromised educational institutions' infrastructure to host these files. When executed, the LNK files initiate a multi-stage inf…
phishing
lumma stealer
information stealing
maas
lnk files
multi-stage infection
2025-02-17
steam profiles
educational institutions
pdf-themed
Published: February 17, 2025
Downloadable IOCs: 24

Blast from the Past

A large-scale campaign targeting Russian organizations across various industries has been detected. The attackers are using NOVA stealer, a commercial fork of SnakeLogger, distributed via phishing emails disguised as contract archives. NOVA, marketed as Malware-as-a-Service, is capable of stealing …
phishing
stealer
persistence
credential theft
data exfiltration
russian
maas
nova
snakelogger
2025-02-05
organizations
Published: February 5, 2025
Downloadable IOCs: 1

NOVA: blast from the past

A large-scale campaign targeting Russian organizations across various industries has been uncovered. The attackers are using NOVA stealer, a commercial fork of SnakeLogger, distributed via phishing emails disguised as contract archives. NOVA, marketed under the Malware-as-a-Service model, steals cr…
phishing
credential-theft
stealer
persistence
maas
nova
2025-02-04
snakelogger
Published: February 4, 2025
Downloadable IOCs: 1

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Lumma Stealer, a sophisticated information-stealing malware, has evolved its tactics to employ fake CAPTCHA verification for payload delivery. The malware exploits legitimate software and uses multi-stage fileless techniques to evade detection. Its infection chain involves PowerShell scripts, proce…
powershell
cryptocurrency
lumma stealer
information-stealing
data exfiltration
fileless
maas
process hollowing
fake captcha
2024-10-21
Published: October 21, 2024
Downloadable IOCs: 23

From the Depths: Analyzing the Cthulhu Stealer Malware for macOS

This report analyzes Cthulhu Stealer, a malware-as-a-service targeting macOS users to steal credentials and cryptocurrency wallets. It explores the malware's functionality, including prompting users for passwords, dumping keychain data, and exfiltrating stolen information. The analysis compares Cth…
cryptocurrency
stealer
macos
golang
atomic stealer
2024-08-23
maas
cthulhu stealer
Published: August 23, 2024
Downloadable IOCs: 9
Click here to see more Attack Reports