Security News

TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks
2024-03-20 11:26

Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based...

New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT
2024-03-19 05:28

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the...

Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT
2024-03-11 05:59

A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing...

Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub
2024-02-27 12:56

An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it available to other actors at no extra cost. Written in C# and compatible with...

New IDAT loader version uses steganography to push Remcos RAT
2024-02-26 22:57

A hacking group tracked as 'UAC-0184' was observed utilizing steganographic image files to deliver the Remcos remote access trojan onto the systems of a Ukrainian entity operating in Finland. Steganography is a well-documented but rarely seen tactic that involves encoding malicious code into the pixel data of images to evade detection by solutions using signature-based rules.

New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT
2024-02-26 14:54

Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos RAT using a malware loader called IDAT Loader....

Russian Government Software Backdoored to Deploy Konni RAT Malware
2024-02-22 10:43

An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote access trojan called Konni RAT (aka UpDog)....

FBI seizes Warzone RAT infrastructure, arrests malware vendor
2024-02-12 23:09

The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation. Warzone RAT is commodity malware created in 2018 that offers numerous features to aid cybercrime, including UAC bypass, hidden remote desktop, cookie and password stealing, keylogging, webcam recording, file operations, reverse proxy, remote shell, and process management.

U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators
2024-02-11 10:54

The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT. The domains – www.warzone[.]ws and...

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks
2024-01-27 06:55

Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry...