Cerberus banking Trojan source code released for free to cyberattackers

The source code of the Cerberus banking Trojan has been released as free malware on underground hacking forums following a failed auction. Speaking at Kaspersky NEXT 2020 on Wednesday, Kaspersky cybersecurity researcher Dmitry Galov said that the leaked code, distributed Read More …

Script-Based Malware: A New Attacker Trend on Internet Explorer

Over the past few months, we have detected sophisticated script-based malware through Internet Explorer (IE) browser exploits that infect Windows Operating System (OS) users. We decided to investigate those scripts to identify their key features to demonstrate that they are Read More …

Upgraded Agent Tesla malware steals passwords from browsers, VPNs

New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients. Agent Tesla is a commercially available .Net-based infostealer with Read More …

Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool

The APT known as TA410 has added a modular remote-access trojan (RAT) to its espionage arsenal, deployed against Windows targets in the United States’ utilities sector. According to researchers at Proofpoint, the RAT, called FlowCloud, can access installed applications and Read More …

LimeRAT malware is being spread through VelvetSweatshop Excel encryption technique

A new campaign is spreading the LimeRAT Remote Access Trojan by harnessing an old encryption technique in Excel files. LimeRAT is a simple Trojan designed for Windows machines. The malware is able to install backdoors on infected machines and encrypt Read More …

APT36 Taps Coronavirus as ‘Golden Opportunity’ to Spread Crimson RAT

A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, Read More …

Chinese hackers use decade-old Bisonal Trojan in cyberespionage campaigns

Chinese cyberattackers continue to improve and deploy a decade-old Remote Access Trojan (RAT) in ongoing campaigns against Russian, Japanese, and South Korean targets. On Thursday, researchers from Cisco Talos said that the Bisonal RAT is an unusual sample of malware that has Read More …

GuLoader: Malspam Campaign Installing NetWire RAT

NetWire is a publicly-available RAT that has been used by criminal organizations and other malicious groups since 2012. NetWire is distributed through various campaigns, and we usually see it sent through malicious spam (malspam). GuLoader is a file downloader that was first discovered Read More …

ObliqueRAT linked to threat group launching attacks against government targets

Researchers have uncovered a new Remote Access Trojan (RAT) that appears to be the handiwork of a threat group specializing in attacks against government and diplomatic targets. On Thursday, Cisco Talos researchers said the malware, dubbed ObliqueRAT, is being deployed in Read More …

European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019

Over the course of the last year, Recorded Future research has demonstrated that Iran-nexus groups, possibly including APT33 (also called Elfin), have been prolific in amassing operational network infrastructure throughout 2019. Additionally, in November 2019, Microsoft disclosed that APT33 had shifted focus from targeting Read More …