Security News

Police seize Netwire RAT malware infrastructure, arrest admin
2023-03-09 23:24

An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator of the NetWire remote access trojan and the seizure of the service's web domain and hosting server. Since at least 2014, NetWire has been a tool of choice in various malicious activities, including phishing attacks, BEC campaigns, and to breach corporate networks.

PlugX RAT masquerades as legit Windows debugger to slip past security
2023-03-01 07:30

Cybercriminals are disguising the PlugX remote access trojan as a legitimate open-source Windows debugging tool to evade detection and compromise systems. In a recent case detailed by Trend Micro, miscreants used a PlugX variant to hijack the popular x64dbg debugging tool to go undetected.

Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques
2023-03-01 06:11

Cryptocurrency companies are being targeted as part of a new campaign that delivers a remote access trojan called Parallax RAT. The malware "Uses injection techniques to hide within legitimate processes, making it difficult to detect," Uptycs said in a new report. Parallax RAT grants attackers remote access to victim machines.

3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox
2023-01-27 10:55

Orcus RAT is a type of malicious software program that enables remote access and control of computers and networks. There are several lifehacks that you should pay attention to while performing the analysis of Orcus RAT. Today we investigate the.

PY#RATION: New Python-based RAT Uses WebSocket for C2 and Data Exfiltration
2023-01-26 06:01

Cybersecurity researchers have unearthed a new Python-based attack campaign that leverages a Python-based remote access trojan to gain control over compromised systems since at least August 2022. LNK files retrieves two text files from a remote server that are subsequently renamed to.

New stealthy Python RAT malware targets Windows in attacks
2023-01-25 14:53

A new Python-based malware has been spotted in the wild featuring remote access trojan capabilities to give its operators control over the breached systems. The PY#RATION malware is distributed via a phishing campaign that uses password-protected ZIP file attachments containing two shortcut.

Android Users Beware: New Hook Malware with RAT Capabilities Emerges
2023-01-19 13:27

The threat actor behind the BlackRock and ERMAC Android banking trojans has unleashed yet another malware for rent called Hook that introduces new capabilities to access files stored in the devices and create a remote interactive session. ThreatFabric, in a report shared with The Hacker News, characterized Hook as a novel ERMAC fork that's advertised for sale for $7,000 per month while featuring "All the capabilities of its predecessor."

RAT malware campaign tries to evade detection using polyglot files
2023-01-12 22:24

Operators of the StrRAT and Ratty remote access trojans are running a new campaign using polyglot MSI/JAR and CAB/JAR files to evade detection from security tools. Polyglot files combine two or more file formats in a way that makes it possible for them to be interpreted and launched by multiple different applications without error.

Researchers smell a cryptomining Chaos RAT targeting Linux systems
2022-12-13 08:32

A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems. Like earlier, similar versions of the miner that also target Linux operating systems, the code kills competing malware and resources that affect cryptocurrency mining performance.

RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam
2022-11-03 19:36

The threat actor behind the RomCom RAT has refreshed its attack vector and is now abusing well-known software brands for distribution. In a new campaign discovered by BlackBerry, the RomCom threat actors were found creating websites that clone official download portals for SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro, essentially disguising the malware as legitimate programs.