Summary: Researchers have uncovered a malicious Python package named “CryptoAITools” that masquerades as a cryptocurrency trading tool but is designed to steal sensitive data and drain crypto wallets. The malware, distributed via PyPI and fake GitHub repositories, has been downloaded over 1,300 time…
Tag: MACOS
Summary: Apple has issued security patches for 90 of its services and operating systems to address critical vulnerabilities, emphasizing the importance of keeping software updated for user security. The update, released on October 29, affects all major Apple operating systems and services, fixing is…
Summary: The Dutch National Police, in collaboration with international law enforcement, seized the infrastructure of the Redline and Meta infostealer malware operations during “Operation Magnus,” warning cybercriminals that their data is now under investigation. Legal actions are underway against t…
A typosquatting campaign published malicious npm packages impersonating Puppeteer and crypto libraries; postinstall hooks and obfuscated JavaScript fetch and execute remote payloads during installation. The installer code uses an Ethereum smart contract to ret…
Cryptocurrency enthusiasts have been the target of another sophisticated and invasive malware campaign. This campaign was orchestrated through multiple attack vectors, including a malicious Python package named “cryptoaitools” on PyPI and deceptive GitHub repositories. This multi-stage malware, masquerading as a suite of cryptocurrency trading tools, aims to steal a wide range of sensitive data and […]
Summary: This blogpost provides a detailed technical analysis of CloudScout, a sophisticated post-compromise toolset employed by the Evasive Panda APT group to target a government entity and a religious organization in Taiwan from 2022 to 2023. The toolset utilizes stolen web session cookies to acce…
Summary: Ukrainian military recruitment efforts are facing a dual cyberattack from Kremlin-backed threat actors, utilizing a spoofed version of the “Civil Defense” tool to spread malware and misinformation. This campaign, identified as UNC5812, targets potential recruits through a malicious applicat…
Summary: Apple has launched its Private Cloud Compute (PCC) platform, designed for AI applications, and is inviting security researchers to stress test the system for vulnerabilities. The company is providing access to resources and source code, along with financial incentives for identifying securi…
Summary: A cyber threat actor is utilizing an old LockBit builder to create ransomware targeting macOS devices, as reported by SentinelLabs and Trend Micro. This new malware, dubbed ‘macOS NotLockBit,’ masquerades as LockBit ransomware while employing unique methods for data exfiltration and encrypt…
Relentless Pungsan: A DPRK Threat Actor Associated with Contagious Interview | Datadog Security Labs
Datadog Security Research uncovered three backdoored npm packages (passports-js, bcrypts-js, blockscan-api) delivering BeaverTail to job-seekers as part of the Contagious Interview campaign linked to North Korean actors. The campaign uses obfuscated code and a…
This article delves into a complex malware infection chain involving multiple stages of executable files, ultimately leading to the deployment of the VShell red team tool. The investigation highlights various suspicious files discovered on VirusTotal, their te…
Summary: Hackers are exploiting stolen WordPress admin credentials to distribute malware through counterfeit plugins, affecting over 6,000 sites since June 2024. This campaign, leveraging a new variant of ClickFix malware, has compromised more than 25,000 sites since August 2023. Threat Actor: Unkno…
Trend Micro and SentinelOne researchers describe a new macOS threat named macOS.NotLockBit that encrypts files with an embedded public key and exfiltrates data to attacker-controlled AWS S3, while impersonating LockBit by changing victims’ wallpapers. Sentinel…
Kaspersky researchers investigated a number of stealer attacks over the past year, and they are now sharing some details on the new Kral stealer, recent AMOS version and Vidar delivering ACR stealer.
Short Summary The Monthly Intelligence Insights report by Securonix Threat Labs for July highlights significant cyber threats, including the activities of the Lazarus Group and Water Bakunawa, along with various ransomware campaigns. The report emphasizes the importance of defensive measures against…