Tag: rust

17 Attack Reports | 0 Vulnerabilities

Attack reports

Chasing Eddies: New Rust-based InfoStealer used in CAPTCHA campaigns

A novel Rust-based infostealer called EDDIESTEALER has been discovered, distributed through fake CAPTCHA campaigns. The malware uses deceptive verification pages to trick users into executing a malicious PowerShell script, which deploys the infostealer. EDDIESTEALER targets sensitive data including…
powershell
infostealer
cryptocurrency
rust
data exfiltration
captcha
2025-05-29
eddiestealer
Published: May 29, 2025
Downloadable IOCs: 27

Reborn in Rust: Attempt to thwart malware analysis

AsyncRAT, a remote access trojan known since 2019, has been rewritten in Rust, marking a shift from its original C# implementation. This change aims to complicate reverse engineering efforts due to limited analysis tool support for Rust. The malware retains its core functionality, including plugin …
plugins
asyncrat
rust
command and control
remote access trojan
reverse engineering
system information
2025-05-26
tls
hardware id
rustyasyncrat
Published: May 26, 2025
Downloadable IOCs: 4

Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal

The Agenda ransomware group has expanded its capabilities by incorporating SmokeLoader malware and a new loader called NETXLOADER. NETXLOADER is a highly obfuscated .NET-based loader that utilizes advanced techniques to evade detection and complicate analysis. The group has been targeting healthcar…
ransomware
evasion
rust
smokeloader
.net
2025-05-07
netxloader
Published: May 7, 2025
Downloadable IOCs: 8

TURNING AID INTO ATTACK: EXPLOITATION OF PAKISTAN’S YOUTH LAPTOP SCHEME TO TARGET INDIA

A Pakistan-based APT group, assessed with medium confidence as APT36, who created a fake IndiaPost website to target and infect both Windows and Android users.
python
android
windows
crimson rat
pakistan
india
defense
rust
discord
clickfix
apt36
2025-03-27
html code
india post
bootreceiver
mywire
Published: March 27, 2025
Downloadable IOCs: 5

Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants

ReaderUpdate, a macOS malware loader platform active since 2020, has evolved to include variants written in Crystal, Nim, Rust, and now Go programming languages. Originally a compiled Python binary, the malware has been largely dormant until late 2024. The loader is capable of executing remote comm…
malware
loader
persistence
macos
adware
rust
go
2025-03-26
nim
genieo
crystal
silver toucan
dolittle
wizardupdate
updateagent
readerupdate
Published: March 26, 2025
Downloadable IOCs: 12

North Korean-Linked macOS Malware Targets Cryptocurrency Sector with RustDoor and Koi Stealer

A recent campaign attributed to North Korean threat actors has been identified, targeting macOS users in the cryptocurrency industry. The attackers employ sophisticated social engineering techniques, posing as recruiters to lure job-seeking software developers into downloading malicious software. T…
apt
macos
rust
2025-02-26
cryptocurrencies
koi stealer
studio helper
rustdoor c2
Published: February 26, 2025
Downloadable IOCs: 21

SparkCat crypto stealer in Google Play and App Store

A new malware campaign dubbed 'SparkCat' has been discovered targeting Android and iOS users through both official and unofficial app stores. The malware, embedded in various apps, uses OCR technology to scan users' image galleries for crypto wallet recovery phrases. Infected Android apps on Google…
ios
android
rust
google play
ocr
sparkcat
crypto stealer
2025-02-06
ml kit
app store
Published: February 6, 2025
Downloadable IOCs: 9

FunkSec – Alleged Top Ransomware Group Powered by AI

FunkSec, an emerging ransomware group, gained prominence in late 2024 with over 85 claimed victims in December. The group's activities blend hacktivism and cybercrime, using AI-assisted malware development to quickly produce advanced tools despite apparent inexperience. FunkSec offers custom ransom…
ransomware
ddos
rust
hacktivism
double extortion
2025-01-10
ai-assisted
Published: January 10, 2025
Downloadable IOCs: 9

A Look Back: The Evolution of Latin American eCrime Malware in 2024

Latin American cybercrime continues to evolve as adversaries refine their tactics and techniques. Key developments in 2024 include the adoption of Rust for improved evasion, consistent use of multi-stage infection chains and malspam campaigns, and evidence of collaboration among threat actors. Nota…
phishing
javascript
rust
banking trojan
information stealer
2024-12-18
nirsoft
Published: December 18, 2024
Downloadable IOCs: 32

Inside Akira Ransomware's Rust Experiment

Check Point Research analyzed the Rust version of Akira ransomware that targeted ESXi servers in early 2024. The malware's complex assembly is attributed to Rust idioms, boilerplate code, and compiler strategies. The analysis reveals the ransomware's use of the seahorse CLI framework, indicatif lib…
ransomware
rust
akira
2024-12-03
Published: December 3, 2024
Downloadable IOCs: 0

Embargo ransomware: Rock'n'Rust

ESET researchers have uncovered new Rust-based tools used by the Embargo ransomware group. The toolkit includes MDeployer, a loader that deploys MS4Killer and Embargo ransomware, and MS4Killer, an EDR killer that exploits a vulnerable driver. Embargo, first observed in June 2024, is a relatively ne…
ransomware
rust
byovd
raas
2024-10-23
embargo ransomware
edr killer
safe mode abuse
ms4killer
mdeployer
Published: October 23, 2024
Downloadable IOCs: 0

Akira ransomware continues to evolve

Akira ransomware has established itself as a prominent threat, constantly evolving its tactics. Initially employing double-extortion, it shifted focus to data exfiltration in early 2024. The group developed a Rust variant of their ESXi encryptor, moving away from C++. Recently, Akira has returned t…
linux
ransomware
windows
rust
CVE-2024-37085
vulnerability exploitation
akira
CVE-2023-27532
esxi
CVE-2024-40766
CVE-2023-48788
double-extortion
CVE-2024-40711
CVE-2023-20269
2024-10-22
CVE-2020-3259
CVE-2023-20263
chacha8
megazord
Published: October 22, 2024
Linked vulnerabilities : CVE-2024-37085 (CVSS 6.8), CVE-2024-40766 (CVSS 9.8), CVE-2024-40711 (CVSS 9.8), CVE-2023-27532, CVE-2023-20269, CVE-2020-3259, CVE-2023-48788, CVE-2023-20263
Downloadable IOCs: 37

Crystal Rans0m: Hybrid ransomware with stealer capabilities

Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It …
stealer
rust
discord
2024-10-21
anti-vm
monero
hybrid ransomware
crystal rans0m
session
Published: October 21, 2024
Downloadable IOCs: 5

Aiming at domestic government and enterprises! Deeply revealed ransomware operator Rast gang

A new ransomware threat, dubbed Rast, has emerged targeting Chinese government and enterprises since December 2023. Written in Rust, Rast has infected over 6,800 terminals, successfully encrypting more than 5,700. The Rast gang, named after the ransomware, operates primarily between 20:00 and 05:00…
ransomware
china
government
rust
rdp
phobos
2024-09-30
globeimposter
mysql
gandcrab
buran
nday
rast
enterprises
Published: September 30, 2024
Downloadable IOCs: 21

Sophisticated Malware Campaign Targets Czech Officials Using NATO-Themed Decoys

Seqrite Labs APT-Team discovered a sophisticated malware campaign targeting government and military officials in the Czech Republic. The campaign leveraged NATO-themed decoy documents to lure victims and employed a multistage attack chain involving a malicious batch script, a Rust-based loader, and…
evasion
persistence
injection
rust
2024-08-28
havoc
nato
czech republic
decoy
freeze
Published: August 28, 2024
Downloadable IOCs: 13

Fickle Stealer Distributed via Multiple Attack Chain

In May 2024, FortiGuard Labs observed a Rust-based stealer. In addition to its intricate code, the stealer is distributed using a variety of strategies and has a flexible way of choosing its target.
vba
infostealer
rust
2024-06-20
docx
fickle stealer
pdf viewer
Published: June 20, 2024
Downloadable IOCs: 53

GoTo Meeting loads RAT via Shellcode Loader

A malicious campaign has been discovered that exploits the legitimate GoTo Meeting online conferencing software to deploy the Remcos remote access trojan (RAT). The attack chain involves utilizing lures like porn downloads, software setup files, and tax forms with Russian and English file names. It…
rat
remcos
2024-05-08
dll sideloading
shellcode
rust
2024-05-09
2024-05-10
2024-05-13
Published: May 13, 2024
Downloadable IOCs: 17
Click here to see more Attack Reports