Korean security researchers found DDoS IRC Bot strains masquerading as adult games, distributed via webhards, using a GoLang-based downloader alongside UDP Rat and Simple-IRC-Botnet. The malware installs through a downloader, persists via a scheduled task, inj…
Category: Threat Research
ThreatLabz details a new Molerats APT espionage campaign targeting Middle East actors, delivering a .NET backdoor via macro-enabled Office documents and leveraging Dropbox as the C2 and data-exfiltration channel. The operation shows ties to Spark backdoor acti…
Donot Team (also known as APT-C-35 and SectorE02) is a long-running South Asia-focused threat actor linked to Windows and Android malware, with Amnesty International alleging links to an Indian cybersecurity company that may sell spyware or hackers-for-hire se…
INKY uncovered a large phishing campaign impersonating the U.S. Department of Labor, using spoofed senders and look-alike domains to target Google Workspace and Microsoft 365 users with fake bid invitations for nonexistent federal projects. Victims were led to…
Anomalous, short-lived spyware campaigns targeted ICS environments, spreading via compromised corporate mailboxes and SMTP-based C2 to harvest credentials. The report reveals thousands of abused corporate email accounts, extensive credential marketplaces, and …
BlackCat is a Rust-based RaaS that targets Windows and Linux with configurable encryption and extortion features, delivering payloads via third-party frameworks or exposed apps and demanding high ransoms. It markets affiliates on underground forums, maintains …
MoonBounce is a sophisticated UEFI firmware implant that persists in SPI flash and chains into a memory-resident, fileless malware deployment, attributed to APT41. The campaign also features ScrambleCross loaders (StealthVector and StealthMutant) and multiple …
BlueNoroff, a Lazarus-linked APT, continues its cryptocurrency-centric campaigns with multi-stage infections and sophisticated social engineering to target crypto startups worldwide. The group blends long-running infection chains, deceptive communications, and…
By Sriram P & Lakshya Mathur Hancitor, a loader that provides Malware as a Service, has been observed distributing malware such as…
The post HANCITOR DOC drops via CLIPBOARD appeared first on McAfee Blog….
Cofense PDC observed a mass phishing campaign that uses “missed voicemail” lures impersonating British Telecom to direct recipients to a spoofed BT sign-in page. Credentials entered on the fake page are exfiltrated to an external address and victims are then r…
Authored by: Wenfeng Yu McAfee Mobile Research team recently discovered a new piece of malware that specifically steals Google, Facebook,…
The post Social Network Account Stealers Hidden in Android Gaming Hacking Tool appeared first on McAfee Blog….
Phishing is increasingly a preliminary step in multi-stage ransomware campaigns: attackers use phishing to gain initial access, then deploy loaders/RATs to perform reconnaissance, lateral movement, persistence and finally deliver ransomware. Detecting and bloc…
Cofense PDC discovered an IT-support themed phishing campaign that impersonates Mimecast to trick users into submitting credentials via recently created spoof domains. The attack uses a counterfeit Mimecast security flow and landing page (hXXps://hiudgntxrg[.]…
Executive Summary Ryuk is a ransomware that encrypts a victim’s files and requests payment in Bitcoin cryptocurrency to release the…
The post New Ryuk Ransomware Sample Targets Webservers appeared first on McAfee Blog….
Recently, the McAfee Mobile Research Team uncovered several new variants of the Android malware family BRATA being distributed in Google…
The post BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain appeared first on McAfee Blog….