News • Insights • Analysis
Unit 42 researchers have identified new information-stealing malware written in C#, called Gremlin Stealer. This stealer’s authors have actively advertised it on a Telegram group since mid-March 2025. This information-stealing malware exfiltrates data from its victims and uploads this information Read More …
In a recent incident response case in Brazil, we dealt with a relatively simple, yet very effective threat focused on Linux environments. Outlaw (also known as “Dota”) is a Perl-based crypto mining botnet that typically takes advantage of weak or Read More …
Older versions of Android contained various vulnerabilities that allowed gaining root access to the device. Many malicious programs exploited these to elevate their system privileges and gain persistence. The notorious Triada Trojan also used this attack vector. With time, the Read More …
The evolution of Malware-as-a-Service (MaaS) has significantly lowered the barriers to entry for cybercriminals, with information stealers becoming one of the most commercially successful categories in this underground economy. Among these threats, Lumma Stealer has emerged as a particularly sophisticated Read More …
FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices. Unlike previous malware targeting these devices, this variant is written in Rust—a programming language introduced by Mozilla in 2010. Due to its Rust-based implementation, we’ve named the malware “RustoBot.” Read More …
With each passing year, phishing attacks feature more and more elaborate techniques designed to trick users and evade security measures. Attackers employ deceptive URL redirection tactics, such as appending malicious website addresses to seemingly safe links, embed links in PDFs, Read More …
In December 2024, Palo Alto Unit 42 researchers uncovered an attack chain that employs distinct, multi-layered stages to deliver malware like Agent Tesla variants, Remcos RAT or XLoader. Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass Read More …
The stealthy rootkit-like malware known as BPFDoor (detected as Backdoor.Linux.BPFDOOR) is a backdoor with strong stealth capabilities, most of them related to its use of Berkeley Packet Filtering (BPF). In a previous article, Trend Micro researchers covered how BPFDoor and Read More …
Kimsuky, alias Mystery Baby, Baby Coin, Smoke Screen, Black Banshe, etc., is tracked internally by Qi’anxin as APT-Q-2. The APT group was publicly disclosed in 2013, with attack activity dating as far back as 2012. Kimsuky’s main target for attacks Read More …
GOFFEE is a threat actor that first came to our attention in early 2022. Since then, Kaspersky researchers have observed malicious activities targeting exclusively entities located in the Russian Federation, leveraging spear phishing emails with a malicious attachment. Starting in Read More …
