Security News

The Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware. [...]

MuddyWater, an Iranian government-backed cyber espionage crew, has upgraded its malware with a custom backdoor, which it's used to target Israeli organizations. It's since moved on to phishing campaigns that deploy a new backdoor - dubbed BugSleep - according to Check Point Research.

Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question - img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy - have been downloaded 190 and 48 times each.

The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management software for maintaining persistent access. "Compared to previous campaigns, this time MuddyWater changed their infection chain and did not rely on the legitimate Atera remote monitoring and management tool as a validator," Sekoia said in a report shared with The Hacker News.

Meet DodgeBox, son of StealthVector Chinese government-backed cyber espionage gang APT41 has very likely added a loader dubbed DodgeBox and a backdoor named MoonWalk to its malware toolbox,...

Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. "ExCobalt focuses on cyber espionage and includes...

A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader)....

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage...

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE...

A never-before-seen Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks. According to Elastic Security Labs, which discovered the new threat, Warmcookie is capable of extensive machine fingerprinting, screenshot capturing, and the deployment of additional payloads.