- StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
March 17, 2025
In November 2024, Microsoft Incident Response researchers uncovered a novel remote access trojan (RAT) they named StilachiRAT that demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. Analysis of the StilachiRAT’s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of various methods to steal information from the target ...
- Thousands of TP-Link routers have been infected by a botnet to spread malware
March 11, 2025
According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity ...
- New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
March 11, 2025
Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild during routine threat hunting. Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. These enhanced features help this malware family steal and ...
- DCRat backdoor returns
March 11, 2025
Since the beginning of the year, Kaspersky researchers have been tracking in their telemetry a new wave of DCRat distribution, with paid access to the backdoor provided under the Malware-as-a-Service (MaaS) model. The cybercriminal group behind it also offers support for the malware and infrastructure setup for hosting the C2 servers. Distribution The DCRat backdoor is ...
- Fake CAPTCHA websites hijack your clipboard to install information stealers
March 10, 2025
There are more and more sites that use a clipboard hijacker and instruct victims on how to infect their own machine. I realize that may sound like something trivial to steer clear from, but apparently it’s not because the social engineering behind it is pretty sophisticated. At first, these attacks were more targeted at people that ...
- New botnet unleashes record-breaking DDoS attacks
March 7, 2025
A new botnet dubbed “Eleven11bot” has emerged, delivering what security researchers believe are the largest distributed denial-of-service (DDoS) attacks ever recorded. The botnet, primarily composed of compromised webcams and video recorders, has triggered widespread service disruptions and ignited a debate within the cybersecurity community about its true size. Nokia’s Deepfield Emergency Response Team first detected the ...
- Threat Actor Delivers Highly Targeted Multistage Polyglot Malware
March 4, 2025
In fall 2024, UNK_CraftyCamel leveraged a compromised Indian electronics company to target fewer than five organizations in the United Arab Emirates with a malicious ZIP file that leveraged multiple polyglot files to eventually install a custom Go backdoor dubbed Sosano. Proofpoint uses the UNK_ designator to define clusters of activity that are still developing and have ...
- Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
March 3, 2025
The Trend Micro Managed XDR and Incident Response (IR) teams recently analyzed incidents where threat actors deploying Black Basta and Cactus ransomware used the same BackConnect malware to strengthen their foothold on compromised machines. The BackConnect malware is a tool that cybercriminals use to establish and maintain persistent control over compromised systems. Once infiltrated, it grants ...
- Uncovering .NET Malware Obfuscated by Encryption and Virtualization
March 3, 2025
This article examines obfuscation techniques used in popular malware families, and offers some insights into possible opportunities for automating unpacking of these malware samples. Palo Alto researchers will examine these behaviors in samples we have observed, showing how to extract their configuration parameters through unpacking each stage. Performing this same process through automation would allow a ...
- Operation sea elephant: The dying walrus wandering the Indian Ocean
March 3, 2025
Operation Sea Elephant aims to spy on Chinese scientific research achievements in the field of ocean to ensure the dominance of a certain country in South Asia in the Indian Ocean. In mid-2024 QiAnXin Threat Intelligence Center researchers discovered the South Asian direction attack collection numbered UTG-Q-011, which, despite the fact that the collection’s subsequent plug-ins differed ...