Qbot (QakBot) campaigns spread rapidly by delivering a malicious Excel macro that loads a QBot DLL, then injects into msra.exe to harvest browser data and Outlook emails. The operation escalates privileges, moves laterally across all workstations, and uses mul…
Tag: PRIVILEGE
StellarParticle is CrowdStrike’s tracked campaign tied to COZY BEAR (APT29) and the SolarWinds incident, with activity continuing against multiple organizations. The operation employs novel techniques such as browser cookie theft and O365 service principal hij…
KONNI RAT has evolved into a stealthier Remote Administration Tool under the Kimsuky umbrella, with ongoing development and updates to evade detection. The post highlights major changes (AES-protected strings and files, a move away from rundll, and enhanced ob…
ESET analyzes a watering-hole campaign that delivers a new macOS backdoor named DazzleSpy via a WebKit/Safari exploit chain. Targets were Hong Kong pro-democracy individuals, with infection hosted on amnestyhk.org and other compromised sites like fightforhk.co…
Threat actors deliver multiple malware via malicious PowerPoint Add-Ins and a multi-stage chain that uses cloud services to host payloads. The operation blends phishing, LoLBins, VBS, and PowerShell to drop AgentTesla and a cryptocurrency stealer, with stages …
BRATA continues to evolve with new targets and features, including factory reset, GPS tracking, multi-channel C2 (HTTP and WebSocket), and ongoing monitoring via VNC and keylogging to facilitate unauthorized wire transfers. The report details BRATA variants A,…
TrickBot’s operators have augmented injections with layered defenses to hinder researchers and improve theft during online banking fraud. IBM Trusteer details how TrickBot fetches per-target web injections, secures its communications, and relies on obfuscation…
BlackCat is a Rust-based RaaS that targets Windows and Linux with configurable encryption and extortion features, delivering payloads via third-party frameworks or exposed apps and demanding high ransoms. It markets affiliates on underground forums, maintains …
BlueNoroff, a Lazarus-linked APT, continues its cryptocurrency-centric campaigns with multi-stage infections and sophisticated social engineering to target crypto startups worldwide. The group blends long-running infection chains, deceptive communications, and…
Authored by: Wenfeng Yu McAfee Mobile Research team recently discovered a new piece of malware that specifically steals Google, Facebook,…
The post Social Network Account Stealers Hidden in Android Gaming Hacking Tool appeared first on McAfee Blog….
Phishing is increasingly a preliminary step in multi-stage ransomware campaigns: attackers use phishing to gain initial access, then deploy loaders/RATs to perform reconnaissance, lateral movement, persistence and finally deliver ransomware. Detecting and bloc…
Cuba Ransomware Overview Over the past year, we have seen ransomware attackers change the way they have responded to organizations…
The post McAfee Defender’s Blog: Cuba Ransomware Campaign appeared first on McAfee Blog….
If you are Android user and you have an app Talking Tom 3, Smart Touch, Privacy Lock then you should be vary.FirmEye, a Security and cyber-attack firm tracked down a new mobile malware that is threat in more than 20 countries worldwide.Kemoge, an Android-affecting malware which you can i…
Security researchers at ESET have discovered the first malware that could allow an attacker to reset the PIN of anyone’s phone to permanently lock them out of their own device. “This ransomware also uses a nasty trick to obtain and preserve Device Administrator privileges so as to prevent uninstalla…
Photo Courtesy: Dr. Web Security researchers from Doctor Web, Russian anti-virus software developer, have detected another new Android Trojan, which is said to be distributed among users from china to spy on their victims. Previously, the researchers had found an Android Trojan, which spreads as a s…