Tag: quasar

4 Attack Reports | 0 Vulnerabilities

Attack reports

The Solidity Language open-source package was used in a $500,000 crypto heist

A blockchain developer in Russia lost $500,000 in crypto assets due to a malicious Solidity Language extension for Cursor AI IDE. The fake extension, downloaded 54,000 times, appeared higher in search results than the legitimate one due to ranking algorithms. It installed malware that allowed remot…

heur:trojan-psw.msil.purelogs.gen

malicious extension

Published: July 16, 2025

Linked vulnerabilities : CVE-2024-3721

Downloadable IOCs: 0

Fake GitHub projects distribute stealers in GitVenom campaign

The GitVenom campaign involves threat actors creating hundreds of fake repositories on GitHub containing malicious code disguised as legitimate projects. These repositories include well-designed README files and artificially inflated commit numbers to appear genuine. The malicious code, implemented…

clipboard-hijacker

Published: February 24, 2025

Downloadable IOCs: 2

Under the SADBRIDGE with GOSAR: QUASAR Gets a Golang Rewrite

Elastic Security Labs has uncovered a new intrusion set targeting Chinese-speaking regions, dubbed REF3864. The threat group employs a custom loader called SADBRIDGE to deploy GOSAR, a Golang-based reimplementation of the QUASAR backdoor. The infection chain involves trojanized MSI installers masqu…

Published: December 16, 2024

Downloadable IOCs: 13

Analysis of Golang Payload and Information Theft Campaign

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the tech…

Published: July 30, 2024

Downloadable IOCs: 8

Click here to see more Attack Reports