Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis

In December 2024, Palo Alto Unit 42 researchers uncovered an attack chain that employs distinct, multi-layered stages to deliver malware like Agent Tesla variants, Remcos RAT or XLoader. Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass Read More …

Uncovering .NET Malware Obfuscated by Encryption and Virtualization

This article examines obfuscation techniques used in popular malware families, and offers some insights into possible opportunities for automating unpacking of these malware samples. Palo Alto researchers will examine these behaviors in samples we have observed, showing how to extract Read More …

New Tool Set Found Used Against Organizations in the Middle East, Africa and the US

Unit 42 researchers observed a series of apparently related attacks against organizations in the Middle East, Africa and the U.S. The researchers will discuss a set of tools used in the course of the attacks that reveal clues about the Read More …

The Unseen Layers: Exploring The Tactics Of Multistage .NET Malware Packers

Recently, the SonicWall Capture Labs Threat Research team has identified a new .NET Packer that is currently being widely used by the various stealers such as Lokibot, AgentTesla etc. In the ever-evolving landscape of cybersecurity threats, malicious actors continue to Read More …

Ducktail fashion week

Ducktail is a malware family that has been active since the second half of 2021 and aims to steal Facebook business accounts. Kaspersky Daily Iran, WithSecure, and GridinSoft have all covered Ducktail attacks: the infostealer spread under the guise of documents Read More …