Tag: scheduled tasks

8 Attack Reports | 0 Vulnerabilities

Attack reports

Cooking up trouble: How TamperedChef uses signed apps to deliver stealthy payloads

The TamperedChef campaign is a global malvertising and SEO operation that distributes seemingly legitimate software with valid code signing to trick users into executing malicious installers. These fake applications mimic common software and establish persistence through scheduled tasks, delivering…
social engineering
malvertising
persistence
javascript
remote access
scheduled tasks
seo
code-signing
javascript payload
2025-11-20
shell companies
2025-11-26
code-signing certificates
signed applications
Published: November 26, 2025
Downloadable IOCs: 0

Reoccurring Use of Highly Suspicious PDF Editors to Infiltrate Environments

Since November 19, 2025, a surge in alerts involving a file named 'ConvertMate' has been observed. Despite its initial harmless appearance, deeper analysis reveals highly suspicious behavior. The file, downloaded from specific domains, initiates external connections, performs host queries, and crea…
scheduled tasks
pdf converter
2025-11-21
malicious vector
suspicious behavior
convertmate
amaryllis signal ltd
pdfeditor
Published: November 21, 2025
Downloadable IOCs: 0

Fake Online Speedtest Application

An analysis of several Windows applications masquerading as legitimate utilities reveals a covert malware operation. These apps, including fake speed testers and AI search tools, install a Node.js runtime and execute obfuscated JavaScript via scheduled tasks. The malware communicates with a command…
node.js
scheduled tasks
evilai
fake applications
2025-09-25
javascript payload
Published: September 25, 2025
Downloadable IOCs: 170

Backdoor in "AppSuite PDF Editor": A Detailed Technical Analysis

A detailed analysis of a malicious PDF editor application called AppSuite PDF Editor reveals it to be a sophisticated backdoor. The software, masquerading as a legitimate productivity tool, is distributed through high-ranking websites. Once installed, it creates scheduled tasks and establishes pers…
backdoor
trojan
data exfiltration
aes encryption
command and control
scheduled tasks
browser manipulation
2025-08-28
appsuite pdf editor
pdf editor
appsuite
Published: August 28, 2025
Downloadable IOCs: 9

Gootloader Returns: Malware Hidden in Google Ads for Legal Documents

The Gootloader malware campaign has evolved its tactics, now using Google Ads to target victims seeking legal templates. The threat actor advertises legal documents, primarily agreements, through compromised ad accounts. Users searching for templates are directed to a malicious website where they a…
social engineering
powershell
javascript
google ads
gootloader
scheduled tasks
2025-04-03
email phishing
wordpress blogs
legal templates
Published: April 3, 2025
Downloadable IOCs: 0

Caution Against Watering Hole Attack and Malicious File Distribution Disguised as Unification Education Support Application

A watering hole attack targeting unification education program applicants has been discovered. The attackers uploaded malicious HWP document files to a notice board for an educational program. When opened, the file executes hidden malicious code through OLE objects. The malware creates persistence …
north korea
watering hole
scheduled tasks
ole
hwp
2025-03-11
education
unification
Published: March 11, 2025
Downloadable IOCs: 0

Hidden in Plain Sight: New Attack Chain Delivers Espionage RATs

An advanced persistent threat group, TA397, targeted a Turkish defense organization with a sophisticated attack chain. The campaign used a RAR archive containing a decoy PDF, a shortcut file, and an Alternate Data Stream with PowerShell code. The infection process involved creating a scheduled task…
apt
espionage
rat
south asia
defense sector
scheduled tasks
2024-12-17
turkey
miyarat
wmrat
alternate data streams
Published: December 17, 2024
Downloadable IOCs: 0

Analysis of AsyncRAT's Infection Tactics via Open Directories

This analysis explores two distinct methods used to infect systems with AsyncRAT through open directories. The first technique involves a multi-stage process using various obfuscated scripts (VBS, BAT, PowerShell) and disguised files to download and execute the AsyncRAT payload. The second method e…
obfuscation
powershell
asyncrat
remote access trojan
multi-stage infection
2024-11-07
vbs
scheduled tasks
bat
open directories
Published: November 7, 2024
Downloadable IOCs: 15
Click here to see more Attack Reports