SEKOIA analysts document PrivateLoader as a modular downloader that operatess within the ruzki Pay-Per-Install (PPI) service to download and execute multiple payloads, enabling broad distribution of malware. The report links PrivateLoader to ruzki’s PPI ecosys…
Tag: DARK WEB
EvilProxy is a productized phishing service on the dark web that enables MFA bypass via reverse proxy and session cookie theft, expanding attacks against mainstream online services and software supply chains. It targets developers and end-users with campaigns …
A Go-written ransomware named Agenda targets healthcare and education organizations in Asia and Africa, customizing payloads per victim with unique IDs and leaked credentials. It can reboot in safe mode, terminate server-related processes, and uses affiliate-s…
Cyble researchers exposed a dark web post by a malware developer selling a powerful Windows RAT suite, including XWorm with ransomware and HVNC capabilities. The article details the toolset, persistence and anti-analysis techniques, data exfiltration, and the …
Robin Banks is a phishing-as-a-service (PhaaS) platform that sells ready-made phishing kits targeting financial information for users in the U.S., U.K., Canada, and Australia. IronNet researchers observed a large-scale June 2022 campaign using Robin Banks to s…
Industrial Spy is a relatively new ransomware group that emerged in April 2022, starting with data extortion and later adding encryption for double extortion. The group operates a dark web marketplace to exfiltrate and monetize stolen data, while its ransomwar…
Resecurity reports attackers are increasingly using tools to generate malicious shortcut files (.LNK) for payload delivery, with MLNK Builder 4.2 adding AV evasion and icon masquerading. Campaigns by APT groups and cybercriminals—including Bumblebee Loader and…
YTStealer is a YouTube authentication cookie stealer marketed on the dark web, designed to harvest credentials and channel data from creators. It evades analysis with sandbox checks, uses headless browser automation to validate cookies and collect YouTube Stud…
Raccoon Stealer has returned with a new V2 version, resuming activity after a pause linked to a key developer’s death. The update introduces a more automated, faster builder/admin panel, and a Cracked Software distribution approach, with ongoing monitoring adv…
A BlackBerry Research & Intelligence analysis traces the Chaos ransomware family from its Chaos v1.0 origins to Yashma (Chaos v6.0), showing how Onyx emerged from Chaos v4.0 and how Yashma expands capabilities. The piece also covers spear-phishing activity tar…
Mars Stealer is a modern infostealer derived from Oski, sold on underground forums with ongoing development and it targets browser credentials and cryptocurrency wallets. The Morphisec report details its delivery methods, compromised infrastructure, and expose…