A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- OH-MY-DC: OIDC Misconfigurations in CI/CD
April 4, 2025
This paper accompanies the presentation “Oh-My-DC,” delivered at DEF CON 32 in August 2024. This article assumes a basic familiarity with OAuth and CI/CD pipelines, including concepts like authorization grants, access tokens and the different stages of a CI/CD workflow. OIDC extends the OAuth protocol by adding a new token to the protocol, enabling applications to ...
- QR codes sent in attachments are the new favorite for phishers
April 3, 2025
Recently Malwarebytes Labs researchers have been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. There are several reasons why cybercriminals might want ...
- Australian superannuation funds targeted in suspected cyber attacks
April 3, 2025
Multiple large superannuation funds have been targeted in suspected cyber attacks that led to some members losing several thousand dollars in retirements savings. Hostplus, Rest, AustralianSuper and Australian Retirement Trust are among the providers targeted. The attacks were discovered over the weekend, and follow rising reports of online security threats in Australia with a cyber ...
- RolandSkimmer: Silent Credit Card Thief Uncovered
April 2, 2025
Web-based credit card skimming remains a widespread and persistent threat, known for its ability to adapt and evolve over time. FortiGuard Labs recently observed a sophisticated campaign dubbed “RolandSkimmer,” named after the unique string “Rol@and4You” found embedded in its payload. This threat actor targets users in Bulgaria and represents a new wave of credit card skimming ...
- A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware
April 2, 2025
Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. In early 2025, Rapid7 researchers came across a channel promoting itself as Babuk Locker. Since the original group had shut down in 2021, they decided to ...
- Criminal Actors Steal US Taxpayer Identity to File False Tax Returns and Claim Refunds
April 2, 2025
The FBI is warning the public about criminal actors stealing US taxpayer identities to file false tax returns and fraudulently claim refunds. The FBI’s Internet Crime Complaint Center (IC3) has received over 1,000 complaints about identity theft in connection with tax returns within the past year representing a 26% increase from the previous year. Stolen ...