Tag: maas

19 Attack Reports | 0 Vulnerabilities

Attack reports

Albiriox Exposed: A New RAT Mobile Malware Targeting Global Finance and Crypto Wallets

Albiriox is a newly identified Android malware offered as Malware-as-a-Service, likely managed by Russian-speaking threat actors. It employs a two-stage deployment chain using dropper applications and packing techniques to evade detection. The malware exhibits advanced On-Device Fraud capabilities,…
rat
android
cryptocurrency
banking trojan
maas
evasion techniques
overlay attacks
on-device fraud
2025-12-03
vnc
albiriox
Published: December 3, 2025
Downloadable IOCs: 0

Analysis of the Lumma infostealer

The Lumma infostealer is a sophisticated malware distributed as Malware-as-a-Service, targeting Windows systems. It primarily steals sensitive data such as browser credentials, cryptocurrency wallets, and VPN/RDP accounts. Lumma is often used in the initial stages of multi-vector attacks, including…
phishing
windows
infostealer
credential theft
autoit
nsis
lumma
maas
process hollowing
2025-11-27
Published: November 27, 2025
Downloadable IOCs: 7

Fantasy Hub: Another Russian Based RAT as Malware-as-a-Service

A new Android Remote Access Trojan called Fantasy Hub has been identified, sold on Russian-language channels as a Malware-as-a-Service (MaaS) subscription. The malware offers extensive device control and espionage capabilities, including SMS exfiltration, contact theft, call log access, and bulk im…
rat
android
spyware
banking
russian
maas
financial
sms
2025-11-10
fantasy hub
Published: November 10, 2025
Downloadable IOCs: 169

GhostSocks: From Initial Access to Residential Proxy

GhostSocks is a Malware-as-a-Service (MAAS) that converts compromised devices into residential proxies, enabling threat actors to bypass anti-fraud mechanisms. Introduced in October 2023, it gained popularity after partnering with LummaStealer in February 2024. The malware, coded in Golang, uses ob…
obfuscation
c2
golang
maas
lummastealer
socks5
ghostsocks
blackbasta
residential proxy
2025-10-01
double victimization
Published: October 1, 2025
Downloadable IOCs: 12

Unmasked: Salat Stealer – A Deep Dive into Its Advanced Persistence Mechanisms and C2 Infrastructure

Salat Stealer, also known as WEB_RAT, is a sophisticated Go-based infostealer targeting Windows systems. It exfiltrates browser credentials, cryptocurrency wallet data, and session information while employing advanced evasion techniques. The malware uses UPX packing, process masquerading, registry …
evasion
windows
infostealer
cryptocurrency
persistence
malware-as-a-service
maas
russian-speaking
browser credentials
2025-09-06
salat stealer
web_rat
go-based
2025-09-10
Published: September 10, 2025
Downloadable IOCs: 14

PlayPraetor's evolving threat: How Chinese-speaking actors globally scale an Android RAT

A large-scale Malware-as-a-Service operation, orchestrated by Chinese-speaking threat actors, has infected over 11,000 Android devices globally with the PlayPraetor Remote Access Trojan. The campaign primarily targets Europe, with significant presence in Portugal, Spain, and France, but also affect…
rat
android
cryptocurrency
botnet
banking
maas
accessibility services
2025-08-07
playpraetor
Published: August 7, 2025
Downloadable IOCs: 0

MaaS Appeal: An Infostealer Rises From The Ashes

NOVABLIGHT is a NodeJS-based Malware-as-a-Service (MaaS) information stealer developed by a French-speaking threat group. It's sold as an educational tool but used for credential theft and cryptowallet compromise. The malware features heavy obfuscation, multiple anti-analysis techniques, and variou…
obfuscation
infostealer
anti-analysis
electron
credential theft
data exfiltration
maas
nodejs
2025-07-31
nova sentinel
malicord
novablight
Published: July 31, 2025
Downloadable IOCs: 8

From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up

Matanbuchus 3.0, a malware loader available as Malware-as-a-Service, has evolved with significant updates. It now employs sophisticated techniques including improved communication protocols, in-memory stealth capabilities, enhanced obfuscation, and support for WQL queries, CMD, and PowerShell rever…
ransomware
matanbuchus
microsoft teams
maas
2025-07-18
Published: July 18, 2025
Downloadable IOCs: 11

Powerful MaaS On the Prowl for Credentials and Crypto Assets

Katz Stealer is a sophisticated infostealer marketed as Malware-as-a-Service (MaaS), launched in early 2025. It features robust credential and data theft capabilities, along with modern evasion and anti-analysis techniques. The stealer targets a wide range of personal and sensitive information, inc…
infostealer
cryptocurrency
credential theft
data exfiltration
maas
evasion techniques
browser injection
katz stealer
2025-07-17
Published: July 17, 2025
Downloadable IOCs: 31

MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities

A Malware-as-a-Service operation utilizing Amadey for payload delivery has been identified, with connections to a SmokeLoader phishing campaign targeting Ukrainian entities. The operation exploits fake GitHub accounts to host payloads and tools, bypassing web filtering. Emmenhtal, a multistage down…
obfuscation
phishing
rhadamanthys
ukraine
amadey
asyncrat
redline
smokeloader
downloader
github
lumma
maas
emmenhtal
2025-07-17
Published: July 17, 2025
Downloadable IOCs: 4

Applications of Snake Keylogger in Geopolitics: Abuse of Trusted Java Utilities in Cybercriminal Activities

A new phishing campaign using Snake Keylogger, a Russian-origin stealer, has been discovered targeting various victims including corporations, governments, and individuals. The campaign uses spear-phishing emails offering petroleum products, with malicious attachments exploiting the legitimate jsad…
credential theft
dll sideloading
java
keylogger
geopolitical
maas
snake keylogger
spear-phishing
2025-07-06
petroleum
Published: July 6, 2025
Downloadable IOCs: 0

Snake Keylogger in Geopolitical Affairs: Abuse of Trusted Java Utilities in Cybercrime Operations

The S2 Group’s intelligence team has identified through adversary tracking a new phishing campaign by Snake Keylogger, a Russian origin stealer programmed in .NET, targeting various types of victims, such as companies, governments or individuals. The campaign has been identified as using spearphish…
phishing
spearphishing
infostealer
russia
malware-as-a-service
keylogger
maas
snake keylogger
credential stealer
2025-06-30
Published: June 30, 2025
Downloadable IOCs: 34

Threat Analysis: DCRat presence growing in Latin America

Hive0131 is conducting email campaigns targeting users in Colombia with fake electronic notifications of criminal proceedings, purportedly from The Judiciary of Colombia. The campaigns deliver DCRat, a banking trojan operated as Malware-as-a-Service, through embedded links or PDF lures. DCRat's pre…
phishing
dcrat
banking trojan
maas
process hollowing
colombia
2025-06-06
vmdetectloader
Published: June 6, 2025
Downloadable IOCs: 3

SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation

A new Android malware campaign called 'SuperCard X' has been identified, employing NFC-relay techniques to enable fraudulent POS payments and ATM withdrawals. Distributed through a Chinese-speaking Malware-as-a-Service platform, it shares similarities with NGate malware. The campaign uses social en…
android
banking
ngate
maas
2025-04-18
supercard x
relay-attack
Published: April 18, 2025
Downloadable IOCs: 6

Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions' Infrastructure

An ongoing malware campaign is distributing Lumma Stealer, an information-stealing malware, through malicious LNK files disguised as PDF documents. The campaign exploits compromised educational institutions' infrastructure to host these files. When executed, the LNK files initiate a multi-stage inf…
phishing
lumma stealer
information stealing
maas
lnk files
multi-stage infection
2025-02-17
steam profiles
educational institutions
pdf-themed
Published: February 17, 2025
Downloadable IOCs: 24

Blast from the Past

A large-scale campaign targeting Russian organizations across various industries has been detected. The attackers are using NOVA stealer, a commercial fork of SnakeLogger, distributed via phishing emails disguised as contract archives. NOVA, marketed as Malware-as-a-Service, is capable of stealing …
phishing
stealer
persistence
credential theft
data exfiltration
russian
maas
nova
snakelogger
2025-02-05
organizations
Published: February 5, 2025
Downloadable IOCs: 1

NOVA: blast from the past

A large-scale campaign targeting Russian organizations across various industries has been uncovered. The attackers are using NOVA stealer, a commercial fork of SnakeLogger, distributed via phishing emails disguised as contract archives. NOVA, marketed under the Malware-as-a-Service model, steals cr…
phishing
credential-theft
stealer
persistence
maas
nova
2025-02-04
snakelogger
Published: February 4, 2025
Downloadable IOCs: 1

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Lumma Stealer, a sophisticated information-stealing malware, has evolved its tactics to employ fake CAPTCHA verification for payload delivery. The malware exploits legitimate software and uses multi-stage fileless techniques to evade detection. Its infection chain involves PowerShell scripts, proce…
powershell
cryptocurrency
lumma stealer
information-stealing
data exfiltration
fileless
maas
process hollowing
fake captcha
2024-10-21
Published: October 21, 2024
Downloadable IOCs: 23

From the Depths: Analyzing the Cthulhu Stealer Malware for macOS

This report analyzes Cthulhu Stealer, a malware-as-a-service targeting macOS users to steal credentials and cryptocurrency wallets. It explores the malware's functionality, including prompting users for passwords, dumping keychain data, and exfiltrating stolen information. The analysis compares Cth…
cryptocurrency
stealer
macos
golang
atomic stealer
2024-08-23
maas
cthulhu stealer
Published: August 23, 2024
Downloadable IOCs: 9
Click here to see more Attack Reports