Zscaler

Zloader Learns Old Tricks

Zloader, a modular trojan based on the leaked ZeuS source code, has recently introduced a new anti-analysis feature in versions 2.4.1.0 and 2.5.1.0 to prevent execution on machines that differ from the original infection.

Attackers Leverage Black Hat SEO Techniques to Distribute Info-Stealer Malware

Threat actors utilize fraudulent websites hosted on popular legitimate platforms to spread malware and steal data. To evade detection, attackers employ obfuscation methods and checks on referral URLs.

Malvertising Campaign Targeting IT Teams with MadMxShell Backdoor

The backdoor uses techniques such as multiple stages of DLL sideloading and DNS tunneling for command-and-control (C2) communication as a means to evade endpoint and network security solutions, respectively.

Automating Pikabot’s String Deobfuscation

Previous versions of Pikabot used advanced string encryption techniques, which have been replaced with simpler algorithms. Previously, the strings were encrypted using a combination of AES-CBC and RC4 algorithms.

Tweaks Stealer Targets Roblox Users Through YouTube and Discord

The attackers leverage YouTube by enticing users to watch videos on "How to increase FPS" that contain links to their Discord groups. Once they join, the attackers provide them with links to malicious files disguised as game tweaks and modifications.

Android and Windows RATs Distributed Via Online Meeting Lures

The attackers used fake Russian-language online meeting sites hosted on a single IP address to distribute malicious APK and BAT files targeting Windows and Android users.

European Diplomats Targeted by SPIKEDWINE Actors with WINELOADER Backdoor

The adversary used a PDF file posing as an invitation from the Ambassador of India to a wine-tasting event, which contained a malicious link leading to the WINELOADER malware.

Zloader: No Longer Silent in the Night

The Zloader static configuration is now encrypted using RC4 with a hardcoded alphanumeric key, and the network encryption employs 1,024-bit RSA with RC4 and the Zeus "visual encryption" algorithms.

DreamBus Unleashes Metabase Mayhem With New Exploit Module

DreamBus is a sophisticated malware that targets various applications and exploits vulnerabilities such as CVE-2023-38646 and CVE-2023-33246 to deploy modules and mine cryptocurrency.

Threat Actors Exploit CVE-2017-11882 to Deliver Agent Tesla

The Agent Tesla malware uses obfuscated VBS files and steganography techniques to download a Base64-encoded DLL, which is then decoded and loaded to carry out malicious procedures.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags