Tag: modular

10 Attack Reports | 0 Vulnerabilities

Attack reports

NovaStealer - Apple Intelligence is leaving a plist.. it is legit, right?

A cryptostealer for macOS utilizes a bash-based script to establish persistence and execute malicious modules. The malware installs itself in the ~/.mdrivers directory, uses screen sessions for background execution, and employs a LaunchAgent for persistence. It exfiltrates crypto wallet data, colle…
phishing
persistence
macos
bash
modular
2025-11-14
cryptostealer
novastealer
wallet-targeting
Published: November 14, 2025
Downloadable IOCs: 7

Learn about ChillyHell, a modular Mac backdoor

ChillyHell is a sophisticated macOS backdoor discovered in 2021 that has evaded detection by antivirus vendors. It is a modular C++ malware targeting Intel architectures, using multiple persistence mechanisms and communication protocols. The backdoor performs host profiling, establishes persistence…
backdoor
dns
persistence
macos
modular
matanbuchus
c2
http
2025-09-10
password-cracking
notarized
chillyhell
Published: September 10, 2025
Downloadable IOCs: 0

Dissecting PipeMagic: Inside the architecture of a modular backdoor framework

PipeMagic is a sophisticated modular backdoor used by the Storm-2460 threat actor, disguised as a legitimate ChatGPT Desktop Application. It employs a highly flexible architecture with multiple linked list structures for payload management, execution, and networking. The malware communicates with i…
backdoor
ransomware
windows
zero-day
modular
chatgpt
CVE-2025-29824
clfs
pipemagic
2025-08-18
Published: August 18, 2025
Linked vulnerabilities : CVE-2025-29824 (CVSS 7.8)
Downloadable IOCs: 4

Malvertising campaign leads to PS1Bot, a multi-stage malware framework

A malware campaign utilizing malvertising has been distributing PS1Bot, a sophisticated multi-stage framework implemented in PowerShell and C#. PS1Bot features modular design, enabling information theft, keylogging, reconnaissance, and persistent system access. The malware minimizes artifacts and u…
malvertising
powershell
cryptocurrency
modular
in-memory execution
information stealer
multi-stage
c#
2025-08-12
ahk bot
ps1bot
skitnet
Published: August 12, 2025
Downloadable IOCs: 0

New HijackLoader Evasion Tactics

HijackLoader, a malware loader discovered in 2023, has evolved with new modules and evasion tactics. Recent updates include call stack spoofing to mask function call origins, virtual machine detection to identify analysis environments, and persistence establishment via scheduled tasks. The loader n…
evasion
persistence
modular
hijackloader
anti-vm
2025-03-31
virtual machine detection
call stack spoofing
Published: March 31, 2025
Downloadable IOCs: 0

New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated macOS malware that infects Xcode projects. This latest version features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. The malware steals and exfiltrates files, system …
obfuscation
data theft
persistence
macos
modular
2025-03-11
xcsset
xcode
digital wallets
Published: March 11, 2025
Downloadable IOCs: 31

Malware Spotlight: A Deep-Dive Analysis of WezRat

Check Point Research provides a comprehensive analysis of WezRat, a custom modular infostealer attributed to the Iranian cyber group Emennet Pasargad. The malware has been active for over a year, targeting organizations in multiple countries. WezRat's capabilities include executing commands, taking…
backdoor
espionage
phishing
infostealer
iran
modular
2024-11-14
wezrat
c&c
Published: November 14, 2024
Downloadable IOCs: 0

WINELOADER Analysis

APT29, also known as Cozy Bear, has targeted European diplomats using a sophisticated multi-stage attack chain involving a new modular backdoor called WINELOADER. The attack begins with a fake PDF invitation to a wine-tasting event, which leads to the download of a malicious HTA file. This file the…
backdoor
wineloader
evasion
modular
diplomats
dll side-loading
apt29
cozy bear
2024-11-07
dll hollowing
Published: November 7, 2024
Downloadable IOCs: 0

Exploring the Depths of Multi-tiered Infrastructure

This report provides an in-depth analysis of SolarMarker, a highly persistent and evolving malware family. It delves into the malware's evolution since 2020, detailing its functionality, evasion tactics, and targeting strategies. The report also highlights the multi-tiered infrastructure supporting…
modular
2024-05-09
solarmarker
persistent
solarphantom
evasive
multi-tiered
information-stealing
2024-05-14
2024-05-10
Published: May 14, 2024
Downloadable IOCs: 45

HijackLoader Updates

HijackLoader, also known as IDAT Loader, is a modular malware loader capable of executing multiple payloads. It utilizes a variety of modules for code injection, execution, and evasion techniques. This report analyzes the updated version of HijackLoader, which includes new modules for bypassing Win…
rat
evasion
rhadamanthys
stealer
remcos
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
amadey
lumma stealer
injection
modular
racoon stealer v2
malware loader
meta stealer
Published: May 7, 2024
Downloadable IOCs: 11
Click here to see more Attack Reports