CronRAT, Linux remote access trojan hides behind the invalid date, February 31.

Security researchers have discovered a new remote access trojan (RAT) for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st. Dubbed CronRAT, the malware is currently targeting web stores Read More …

Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads

A fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans (RATs) in victim systems uses a newer obfuscation mechanism compared to what has been observed in past reports. It reached the peak of activity in Read More …

Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign

A sophisticated campaign targeting large international companies in the oil and gas sector has been underway for more than a year, researchers said, spreading common remote access trojans (RATs) for cyber-espionage purposes. According to Intezer analysis, spear-phishing emails with malicious Read More …

NukeSped Copies Fileless Code From Bundlore, Leaves It Unused

While investigating samples of NukeSped, a remote access trojan (RAT), Trend Micro came across several Bundlore adware samples using the same fileless routine that was spotted in NukeSped. The backdoor has been attributed to the cybercriminal group Lazarus, which has Read More …

Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection

Agent Tesla malware variants are now using new techniques to try and eradicate endpoint antivirus security. On Tuesday, Sophos researchers said that two new variants of the Remote Access Trojan (RAT) are targeting Microsoft Anti-Malware Software Interface (AMSI), scanning and Read More …

Adversary Infrastructure Report 2020: A Defender’s View

Recorded Future tracks the creation and modification of new malicious infrastructure for a multitude of post-exploitation toolkits, custom malware frameworks, and open-source remote access trojans. The effort has been ongoing since 2017, when Insikt Group created methodologies to identify the Read More …

This ‘off the shelf’ Tor backdoor malware is now a firm favorite with ransomware operators

A Remote Access Trojan (RAT) on sale in underground forums has evolved to abuse Tor when maintaining persistence on infected machines. On Thursday, Sophos Labs’ Sivagnanam Gn and Sean Gallagher revealed ongoing research into the malware, which has been in Read More …

Malicious npm packages caught installing remote access trojans

The security team behind the “npm” repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers of developers working on JavaScript projects. The name of the Read More …

Three arrested as INTERPOL, Group-IB and the Nigeria Police Force disrupt prolific cybercrime group

Three suspects have been arrested in Lagos following a joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation. The Nigerian nationals are believed to be members of a wider organized crime group responsible for distributing malware, carrying out phishing campaigns Read More …