Atomic Stealer is a macOS infostealer sold via Telegram with multiple variants (A, B, C) and a web panel for campaign management. The article details how each variant operates, what data it targets (keychains, crypto wallets, browser data), and provides indicaā¦
Category: Threat Research
Raspberry Robin is a global USB-based malware campaign that acts as a loader, delivering ransomware operators and other loaders to target networks. It propagates via infected USB drives, uses legitimate Windows binaries to execute payloads, and relies on comprā¦
Two sentences summarizing the content here. EclecticIQ links a spearphishing campaign against Polandās healthcare sector to Vidar Infostealer, with overlaps to Djvu and LockBit 2.0 ransomware activity, and describes how Vidar collects sensitive data and exfiltā¦
Malware configurations reveal attacker campaigns and behaviors by exposing in-memory configuration data, as demonstrated with IcedIDās encrypted stage-one and stage-two configurations decoded through dynamic analysis. The article also outlines how to scale conā¦
Mandiant outlines a chain where a tampered LNK shortcut launches a legitimate Chromium-based browser, loading a malicious extension to achieve persistence. The research tracks multiple malware familiesāRILIDE, BRAINFOG, BRAINSTORM, and BRAINLINKāand details thā¦
A large-scale “Malverposting” campaign abusing Facebook Ads has pushed adult-themed promoted posts that lead to ZIP downloads containing masqueraded executables; the operation is linked to a Vietnamese threat actor and is estimated to have surpassed 500k infecā¦
Checkpoint Research tracks how ROKRAT’s deployment has evolved into LNK-based, multi-stage infection chains that bypass macro restrictions, showing a shift from documents with macros to oversized LNK loaders. The campaigns target South Korean affairs, link to ā¦
The article analyzes BlackByte, a Russian-based ransomware operation operating as a RaaS that uses double-extortion and has evolved its techniques since 2021, including a shift from C# to GoLang and the use of legitimate tools. It also highlights notable incidā¦
Unit 42 analyzed over 67 million malicious URLs, domains, and IPs observed in H2 2022, highlighting trends in phishing, malicious JavaScript, and web skimmers, including a case study on a Tranco top 1 million site. The report notes concentration of hosting in ā¦
Earth Longzhi, a subgroup of APT41, has resurfaced with new techniques targeting Taiwan, Thailand, the Philippines, and Fiji, including DLL sideloading and BYOVD driver abuse to disable defenses. The campaign also introduces stack rumbling via IFEO, RPC-based ā¦
ASEC reports ongoing campaigns where XMRig CoinMiner is installed on poorly managed Linux SSH servers, using SHC-built malware and creating backdoor SSH accounts for persistence. The attacks, attributed to the KONO DIO DA threat actor, involve dictionary/dictiā¦
CRIL researchers describe AresLoader, a multiclass loader used to spread LummaStealer and IcedID via a disguised GitLab repo, targeting Citrix users. The malware uses multi-stage delivery, dynamic API resolution, and various anti-analysis techniques to evade dā¦
Elastic Security Labs uncovers LOBSHOT, a stealthy hVNC-capable malware tied to TA505, spread via malvertising campaigns that impersonate legitimate software. The analysis provides a YARA signature and a configuration extractor, detailing infection, persistencā¦
FortiGuard Labs analyzes the UNIZA ransomware, a Windows-targeting variant that encrypts user files and displays its ransom message via the Command Prompt. It also notes the likely phishing-based infection vector, limited current spread, and Fortinet protectioā¦
ASEC monitors phishing email threats focused on attachments, highlighting FakePage as the dominant method that imitates real login pages to harvest credentials, followed by Downloader, Worm, and Infostealer families distributing malware and stealing data. The ā¦