Security News

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve distributing a ZIP archive file named "Crowdstrike-hotfix.zip," which contains a malware loader named Hijack Loader that, in turn, launches the Remcos RAT payload. Specifically, the archive file also includes a text file with Spanish-language instructions that urges targets to run an executable file to recover from the issue.

A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second campaign contained a link," the company noted.

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan called Poco RAT since at least February 2024. Infection chains begin with phishing messages bearing finance-themed lures that trick recipients into clicking on an embedded URL pointing to a 7-Zip archive file hosted on Google Drive.

Open-source Rafel RAT steals info, locks Android devices, asks for ransomThe open-source Rafel RAT is being leveraged by multiple threat actors to compromise Android devices and, in some cases, to lock them, encrypt their contents, and demand money to restore the device to its original state. Future trends in cyber warfare: Predictions for AI integration and space-based operationsIn this Help Net Security interview, Morgan Wright, Chief Security Advisor at SentinelOne, discusses how AI is utilized in modern cyber warfare by state and non-state actors.

The open-source Rafel RAT is being leveraged by multiple threat actors to compromise Android devices and, in some cases, to lock them, encrypt their contents, and demand money to restore the device to its original state. Check Point researchers have observed around 120 different malicious campaigns leveraging the malware, hitting devices around the world, but primarely in the US, China, India and Indonesia.

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it...

An open-source Android malware named 'Rafel RAT' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram. Researchers Antonis Terefos and Bohdan Melnykov at Check Point report detecting over 120 campaigns using the Rafel RAT malware.

An open-source Android malware named 'Ratel RAT' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram. This proves Ratel RAT is an effective attack tool against an array of different Android implementations.

A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was...

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in...