Tag: reverse shell

7 Attack Reports | 0 Vulnerabilities

Attack reports

Malware found on npm infecting local package with reverse shell

A sophisticated malware campaign targeting npm packages has been discovered, involving two malicious packages: ethers-provider2 and ethers-providerz. These packages act as downloaders, hiding their malicious payload cleverly. Upon installation, they patch the legitimate locally-installed npm packag…
persistence
javascript
npm
reverse-shell
2025-03-26
ethers-provider2
package-infection
ethers-providerz
Published: March 26, 2025
Downloadable IOCs: 1

Auto-Color: An Emerging and Evasive Linux Backdoor

Auto-color is a newly discovered Linux malware that employs sophisticated evasion techniques. It renames itself to benign-looking filenames, hides remote C2 connections using advanced methods similar to Symbiote malware, and uses proprietary encryption for communication. The malware installs a mali…
linux
backdoor
evasion
encryption
government
c2
proxy
universities
reverse shell
2025-02-25
auto-color
library implant
symbiote
Published: February 25, 2025
Downloadable IOCs: 10

Malicious ML models discovered on Hugging Face platform

RL researchers have identified a novel attack technique called nullifAI on the Hugging Face platform, which abuses Pickle file serialization to distribute malware. Two malicious models were found containing reverse shell code, bypassing Hugging Face's security scanning mechanisms. The attack exploi…
reverse shell
machine learning
2025-02-07
pytorch
ai security
hugging face
pickle serialization
nullifai
picklescan
Published: February 7, 2025
Downloadable IOCs: 0

NGC4020 Attacks: DameWare Mini Remote Control Vulnerability

The Solar 4RAYS team investigated a cyberattack on an industrial company, uncovering that attackers exploited a vulnerability in DameWare Mini Remote Control to deliver malware and disable security protections. The NGC4020 group initially compromised systems in December 2022 using CVE-2019-3980. Th…
vulnerability
quasarrat
reverse shell
antivirus bypass
2025-01-31
dameware
Published: January 31, 2025
Downloadable IOCs: 0

Threat actors attempt to exploit a flaw in Four-Faith routers

A high-severity vulnerability (CVE-2024-12856) affecting Four-Faith router models F3x24 and F3x36 is being actively exploited. The flaw allows OS command injection if default credentials are used, potentially leading to unauthenticated remote code execution. Attackers have been observed leveraging …
vulnerability
router
reverse shell
CVE-2024-12856
2024-12-28
four-faith
Published: December 28, 2024
Downloadable IOCs: 0

Unpacking the Diicot Malware Targeting Linux Environments

A new malware campaign attributed to the Romanian-speaking Diicot threat group has been discovered targeting Linux systems. The campaign shows significant advancements compared to previous iterations, including modified UPX headers with corrupted checksums, advanced payload staging, and environment…
malware
linux
openssh
xmrig
persistence
cryptomining
brute-force
2024-12-17
reverse-shell
upx
Published: December 17, 2024
Downloadable IOCs: 36

Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules

Stroz Friedberg discovered sedexp, a stealthy Linux malware that utilizes udev rules to achieve persistence and evade detection. It provides reverse shell capabilities and advanced concealment tactics. Employed by a financially motivated threat actor, sedexp hides credit card scraping code, indicat…
linux
evasion
persistence
2024-08-23
reverse shell
sedexp
concealment
Published: August 23, 2024
Downloadable IOCs: 3
Click here to see more Attack Reports