Librarian Ghouls, also known as “Rare Werewolf” and “Rezet”, is an APT group that targets entities in Russia and the CIS.
The group has remained active through May 2025, consistently targeting Russian companies. A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries. The malicious functionality of the campaign described in this article is implemented through command files and PowerShell scripts. The attackers establish remote access to the victim’s device, steal credentials, and deploy an XMRig crypto miner in the system. Kaspersky research has uncovered new tools within this APT group’s arsenal, which they will elaborate on in this article.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- WhatsApp patches vulnerability related to image filter functionality
September 2, 2021
Check Point Research has announced the discovery of a vulnerability in the popular messaging platform WhatsApp that allowed attackers to read sensitive information from WhatsApp’s memory. WhatsApp acknowledged the issue and released a security fix for it in February. The messaging platform — considered the most popular globally with about two billion monthly active users — had ...
- Dissected: A dropper-as-a-service miscreants pay to push their malware onto potentially 1,000s of victims
September 2, 2021
A dropper-as-a-service, which cyber-crime newbies can use to easily get their malware onto thousands of victims’ PCs, has been dissected and documented this week. A dropper is a program that, when run, executes a payload of malicious code. The dropper is similar to a trojan, and it can sometimes have other functionality, but its main purpose ...
- Scam artists are recruiting English speakers for business email campaigns
September 1, 2021
Native English speakers are being recruited in their droves by criminals trying to make Business Email Compromise (BEC) more effective. BEC schemes can be simple to execute and among the most potentially devastating for a business, alongside threats such as ransomware. A BEC scam will usually start with a phishing email, tailored and customized depending on the ...
- Google Play Sign-Ins Allow Covert Location-Tracking
September 1, 2021
It’s possible to track someone’s user location via Google Play sign-ins, a researcher has discovered – a potential stalker avenue that, so far, the internet behemoth has yet to address. “With the aid of Google I was able to ‘spy’ on my wife’s whereabouts without having to install anything on her phone,” said Malwarebytes Labs researcher ...
- Ransomware Awareness for Holidays and Weekends
August 31, 2021
CISA and the FBI have released an advisory warning of potential cyberattacks that may occur over the coming Labor Day weekend, noting that in recent years hackers have launched dozens of devastating attacks on long weekends. They urged organizations to take steps to secure their systems, reduce their exposure and potentially “engage in preemptive threat hunting ...
- Cyberattackers are now quietly selling off their victim’s internet bandwidth
August 31, 2021
Cyberattackers are now targeting their victim’s internet connection to quietly generate illicit revenue following a malware infection. On Tuesday, researchers from Cisco Talos said “proxyware” is becoming noticed in the cybercrime ecosystem and, as a result, is being twisted for illegal purposes. Proxyware, also known as internet-sharing applications, are legitimate services that allow users to portion out ...