Security News
The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions...
Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT. The...
The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as...
Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of...
Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin...
A new type of malware called UULoader is being used by threat actors to deliver next-stage payloads like Gh0st RAT and Mimikatz. There is evidence pointing to UULoader being the work of a Chinese speaker due to the presence of Chinese strings in program database files embedded within the DLL file.
Ransomware-as-a-service outfit Hunters International is wielding a new remote access trojan. Angry IP Scanner is an IP address and port scanner, and as such is more likely to be downloaded and used by IT workers.
The remote access trojan known as Gh0st RAT has been observed being delivered by an "Evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website serving malicious installer packages masquerading as Google's Chrome browser, indicating that users searching for the software on the web are being singled out.
Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve distributing a ZIP archive file named "Crowdstrike-hotfix.zip," which contains a malware loader named Hijack Loader that, in turn, launches the Remcos RAT payload. Specifically, the archive file also includes a text file with Spanish-language instructions that urges targets to run an executable file to recover from the issue.
A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second campaign contained a link," the company noted.