Security News > 2024 > March > Magnet Goblin hackers use 1-day flaws to drop custom Linux malware
A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems.
Check Point analysts who identified Magnet Goblin report that these threat actors are quick to exploit newly disclosed vulnerabilities, in some cases exploiting flaws a day after a PoC exploit is released.
Magnet Goblin exploits the flaws to infect servers with custom malware, particularly NerbianRAT and MiniNerbian, as well as a custom variant of the WARPWIRE JavaScript stealer.
NerbianRAT for Windows has been known since 2022, but Check Point now reports that a sloppily compiled yet effective Linux variant used by Magnet Goblin has been in circulation since May 2022.
ScreenConnect flaws exploited to drop new ToddlerShark malware.
New WogRAT malware abuses online notepad service to store malware.
News URL
Related news
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)