Security News

Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar
2023-10-23 07:58

The open-source remote access trojan known as Quasar RAT has been observed leveraging DLL side-loading to fly under the radar and stealthily siphon data from compromised Windows hosts. "This...

Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT
2023-10-12 17:40

Malicious NuGet packages appearing to have over 2 million downloads impersonate crypto wallets, crypto exchange, and Discord libraries to infect developers with the SeroXen remote access trojan. The malicious packages uploaded on NuGet by a user named 'Disti' were discovered by Phylum researchers, who published a report today to warn about the threat.

Malicious NuGet Package Targeting .NET Developers with SeroXen RAT
2023-10-12 13:17

A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT. The package, named...

QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks
2023-10-05 13:18

Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of...

Fake Bitwarden installation packages delivered RAT to Windows users
2023-09-27 08:43

Windows users looking to install the Bitwarden password manager may have inadvertently installed a remote access trojan. A malicious website spoofing Bitwarden's legitimate one has been offering fake installation packages containing the ZenRAT malware.

Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with Venom RAT
2023-09-21 05:03

A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware....

Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT
2023-09-20 09:56

Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim to distribute various malware families such as Sainbox RAT, Purple Fox, and a new...

Gigabud RAT Android Banking Malware Targets Institutions Across Countries
2023-08-15 10:15

Gigabud RAT was first documented by Cyble in January 2023 after it was spotted impersonating bank and government apps to siphon sensitive data. While Android devices have the "Install from Unknown Sources" setting disabled by default as a security measure to prevent the installation of apps from untrusted sources, the operating system allows other apps on installed on the device, such as web browsers, email clients, file managers, and messaging apps, to request the "REQUEST INSTALL PACKAGES" permission.

Week in review: AWS SSM agents as RATs, Patch Tuesday forecast
2023-08-06 08:00

Attackers can turn AWS SSM agents into remote access trojansMitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud instances, as well as to non-EC2 machines. August 2023 Patch Tuesday forecast: Software security improvementsThe continued onslaught of phishing attacks, ransomware deployment, and other exploitation is forcing the community to pay closer attention to early identification, as well as fast response, to vulnerabilities in their software.

Amazon's AWS SSM agent can be used as post-exploitation RAT malware
2023-08-02 15:18

Abusing AWS SSM Agent as a RAT. AWS Systems Manager is an Amazon-signed binary and comprehensive endpoint management system used by administrators for configuration, patching, and monitoring AWS ecosystems comprising EC2 instances, on-premise servers, or virtual machines. Mitiga's discovery is that the SSM agent can be configured to run in "Hybrid" mode even from within the limits of an EC2 instance, allowing access to assets and servers from attacker-controlled AWS accounts.