Malware

June 19, 2024

The past few years have seen a significant increase in the number of Rust developers. Rust is a programming language focused on performance and reliability. However, for an attacker, its complicated assembly code is a significant merit. In May 2024, FortiGuard Labs observed a Rust-based stealer. In addition to its intricate code, the stealer is distributed ...

June 19, 2024

In early April, Trend Micro researchers discovered that a new threat actor group (which they call Void Arachne) was targeting Chinese-speaking users. Void Arachne’s campaign involves the use of malicious MSI files that contain legitimate software installer files for artificial intelligence (AI) software as well as other popular software. The malicious Winos payloads are bundled alongside ...

June 18, 2024

In recent years, cybercriminal groups have been ramping up their efforts to find vulnerabilities and create malware that will exploit the iOS or macOS. Jamf’s latest annual threat landscape research tracked 300 malware families designed for macOS, and 21 newly created families in 2023. It’s not just the number of malware families that has risen, but ...

June 17, 2024

Proofpoint has observed an increase in a technique leveraging unique social engineering that directs users to copy and paste malicious PowerShell scripts to infect their computers with malware. Threat actors including initial access broker TA571 and at least one fake update activity set are using this method to deliver malware including DarkGate, Matanbuchus, NetSupport, and various ...

June 17, 2024

Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams. The installers were being used to drop a backdoor identified as Oyster, aka Broomstick. Following execution of the backdoor, we have observed enumeration commands indicative of hands-on-keyboard activity as well as the ...

June 13, 2024

In 2024, Volexity identified a cyber-espionage campaign undertaken by a suspected Pakistan-based threat actor that Volexity currently tracks under the alias UTA0137. The malware used in these recent campaigns, which Volexity tracks as DISGOMOJI, is written in Golang and compiled for Linux systems. Volexity assesses with high confidence that UTA0137 has espionage-related objectives and a remit ...

June 11, 2024

Since 2022, Trend Micro researchers have been investigating numerous targeted attacks in the Asia-Pacific region that used the same ELF backdoor. Most vendors identify this backdoor as a variant of existing malware such as Gh0st RAT or Rekoobe. However, Trend Micro unearthed the truth: this backdoor is not merely a variant of existing malware, but is ...

June 7, 2024

A new phishing campaign was recently captured by our FortiGuard Labs that spreads a new Agent Tesla variant targeting Spanish-speaking people. Security researchers have detected Agent Tesla campaigns from time to time for years. Agent Tesla is a well-known .Net-based Remote Access Trojan (RAT) designed to stealthily infiltrate victim’s computers and steal their sensitive information, such ...

June 5, 2024

Since March 2024, the BI.ZONE Threat Intelligence team has been tracking the cluster of activity dubbed Sapphire Werewolf. The threat actor targets Russia’s industries, such as education, manufacturing, IT, defense, and aerospace engineering. Over 300 attacks were carried out using Amethyst, an offshoot of the popular open‑source SapphireStealer. The attackers disguise the malware as an enforcement ...

June 3, 2024

FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. The attacker uses a multi-stage malware strategy to deliver the notorious “Cobalt Strike” payload and establish communication with a command and control (C2) server. This attack employs various evasion techniques to ensure successful ...