On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious activity in a customer environment. Their investigation identified that the suspicious behavior was emanating from the installation of Notezilla, a program that allows for the creation of sticky notes on a Windows desktop.
Installers for Notezilla, along with tools called RecentX and Copywhiz, are distributed by the India-based company Conceptworld at the official domain conceptworld[.]com. After analyzing the installation packages for all three programs, Rapid7 discovered that the installers had been trojanized to execute information-stealing malware that has the capability to download and execute additional payloads.
Read more…
Source: Rapid7
Related:
- Zscaler says it suffered data breach following Salesloft Drift compromise
September 3, 2025
We can now add Zscaler to the growing list of Salesloft customers who suffered a third-party cyberattack and lost sensitive customer information after it confirmed data was taken. In the announcement, Zscaler explained it was a customer of Salesloft, whose AI chat platform, Salesloft Drift, was compromised. Since this platform connects with Salesforce, the miscreants managed ...
- Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust
September 3, 2025
Palo Alto Unit 42 research uncovered a fundamental flaw in the AI supply chain that allows attackers to gain Remote Code Execution (RCE) and additional capabilities on major platforms like Microsoft’s Azure AI Foundry, Google’s Vertex AI and thousands of open-source projects. We refer to this issue as Model Namespace Reuse. Hugging Face is a platform ...
- TransUnion says hackers stole 4.4 million customers’ personal information
August 28, 2025
Credit reporting giant TransUnion has disclosed a data breach affecting more than 4.4 million customers’ personal information. In a filing with Maine’s attorney general’s office on Thursday, TransUnion attributed the July 28 breach to unauthorized access of a third-party application storing customers’ personal data for its U.S. consumer support operations. TransUnion claimed “no credit information was ...
- UK: Thousands of Afghans, troops and civil servants may be victims of new data breach
August 16, 2025
Some 3,700 Afghans, British troops and civil servants may have fallen victim to a new data breach, after an incident involving a company linked to the Ministry of Defence. Stansted-based Inflite The Jet Centre Ltd suffered a data security incident which led to “unauthorised access to a limited number of company emails”, according to the firm. ...
- Google says UNC6040 hackers stole some of its data following Salesforce breach
August 7, 2025
Cybercriminals known as ShinyHunters (UNC6040) recently broke into Google and stole business customer information from one of its corporate Salesforce instances, the company has confirmed. In a blog post breaking down ShinyHunters’ modus operandi, the company somewhat played down the importance of the incident, noting the miscreants didn’t really grab anything sensitive, or of particular value. Read ...
- Malicious Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025)
August 4, 2025
In this previous blog, Fortiguard Labs highlighted a growing trend in the use of open source software (OSS) repositories as channels for malware distribution in supply chain security. With the continued reliance on third-party packages in development workflows, threat actors are increasingly exploiting vulnerabilities in the open-source ecosystem to propagate malicious code, exfiltrate data, and cause ...