Dark Utilities is a Dark Utilities platform that acts as a C2-as-a-Service, enabling threat actors to establish C2, remote access, and other malicious capabilities without building their own infrastructure. It also supports DDoS, cryptomining, and cross-OS pay…
Category: Threat Research
A Data-Driven Approach Based on Analysis of Network Telemetry In this blog post, we will provide an update on our high-level analysis of…
North Korean threat actors attempt to further missile program by compromising sanctioned Russian defense company with OpenCarrot backdoor.
EclecticIQ analyzes a campaign targeting NATO-aligned ministries of foreign affairs, where PDFs impersonating the German embassy deliver a Duke malware variant via HTML smuggling and DLL sideloading, with Zulip used as a covert C2 channel. This operation is at…
FortiGuard Labs identified a Rust injector chain that loads XWorm and Remcos via SYK Crypter, delivered through a phishing workflow starting with a malicious PDF. The operation leverages the Red Team tool Freeze.rs, Base64/LZMA encoding, and PowerShell to bypa…
This report analyzes a multi-stage implant operation targeting industrial organizations in Eastern Europe, focusing on persistent access, data gathering (including from air-gapped systems), and data exfiltration via cloud services. It details a three-layer imp…
Two sentences summarizing the content: Cyble analyzes STRRAT version 1.6, which is distributed via a spam email containing a PDF that leads to a ZIP-delivered JavaScript dropper installing STRRAT. The variant adds dual string obfuscation (Zelix KlassMaster and…
SentinelOne MDR observed new LOLKEK (GlobeImposter) samples in May 2023 with updated capabilities, including local drive discovery and encryption, as well as a TOR-based victim portal. The article reviews IoCs, ransom-note details, victim-portal workflows, and…
CrowdStrike Falcon Complete observed a still-unknown zero-day vulnerability affecting Windows Error Reporting (WER) that was exploited in the wild and later disclosed as CVE-2023-36874. The write-up details how the vulnerability was discovered, the exploit cha…
Authored by SangRyol Ryu, McAfee Threat Researcher We live in a world where advertisements are everywhere, and it’s no surprise…
The post Invisible Adware: Unveiling Ad Fraud Targeting Android Users appeared first on McAfee Blog….
DroxiDat is a compact variant of the SystemBC backdoor used with Cobalt Strike beacons against a southern African electric utility, illustrating how MaaS-style toolsets enable stealthy reconnaissance and potential ransomware deployment. The report links this a…
Magniber continues to spread at high volumes by masquerading as Windows security updates and injecting into running processes to encrypt files. It then establishes persistence via the Task Scheduler and deletes volume shadow copies to hinder recovery, while le…
Proofpoint researchers report a dramatic rise in cloud account takeovers targeting executives worldwide, with over 100 organizations affected and about 1.5 million employees impacted. The campaigns hinge on EvilProxy, a reverse-proxy phishing toolkit that can …
Cyble researchers describe a Tech Scam that leverages leaked ransomware builders to distribute a multi-stage downloader and multiple ransomware payloads as part of fraud campaigns. The operation ties phishing, typosquatting, and Dark Web activity to fake antiv…
Exposed Kubernetes API servers and risky misconfigurations enable attackers to access secrets and take control over clusters, with campaigns actively mining cryptocurrency and backdoors deployed across exposed environments. The piece analyzes how anonymous acc…