Scaly Wolf uses White Snake stealer against Russian industry

The BI.ZONE Threat Intelligence team has identified at least a dozen campaigns linked to Scaly Wolf. The impact spreads across organizations from various industries in Russia, including manufacturing and logistics. One of the group’s characteristics in gaining initial access is Read More …

BunnyLoader, the newest Malware-as-a-Service

In early September, Zscaler ThreatLabz discovered a new Malware-as-a-Service (MaaS) threat called “BunnyLoader” being sold on various forums. BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser credentials and system information, and much more. BunnyLoader Read More …

Lockbit leak, research opportunities on tools leaked from TAs

  Lockbit is one of the most prevalent ransomware strains. It comes with an affiliate ransomware-as-a-service (RaaS) program offering up to 80% of the ransom demand to participants, and includes a bug bounty program for those who detect and report Read More …

New DuckLogs malware service claims having thousands of ‘customers’

A new malware-as-a-service (MaaS) operation named ‘DuckLogs’ has emerged, giving low-skilled attackers easy access to multiple modules to steal information, log key strokes, access clipboard data, and remote access to the compromised host. DuckLogs is entirely web-based. It claims to Read More …

Criminal multitool LilithBot arrives on malware-as-a-service scene

A Russia based threat group that set up a malware distribution shop earlier this year is behind a Swiss Army knife-like botnet that comes with a range of other malicious capabilities, from stealing information to mining cryptocurrency. That’s according to Read More …

Raccoon Stealer is back with a new version to steal your passwords

The Raccoon Stealer malware is back with a second major version circulating on cybercrime forums, offering hackers elevated password-stealing functionality and upgraded operational capacity. The Raccoon Stealer operation shut down in March 2022 when its operators announced that one of Read More …

Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware

The Emotet botnet malware is well known in the cybersecurity industry for its success in using spam emails to compromise machines and then selling access to these machines as part of its infamous malware-as-a-service (MaaS) scheme. Operators behind notorious threats Read More …

Matanbuchus: Malware-as-a-Service with Demonic Intentions

Unit 42 researchers often spend time investigating what we call non-traditional sources. Non-traditional sources often include underground marketplaces and sites, spanning from forums on the Tor network to Telegram channels and other marketplaces. One such case that we investigated involves Read More …

Evilnum hackers use the same malware supplier as FIN6, Cobalt

Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters to big fintech threat actors. The group has been active since at least 2018 and Read More …