Recently, FortiGuard Labs observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent “AGoent,” and the Gafgyt Variant.
Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets.
In January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. While investigating this campaign, a report about it was published.
The VCURMS RAT uses a Proton Mail email address for communicating with a command-and-control server and can extract and execute commands from specific subject lines in emails.
This ransomware steals and encrypts files, demanding ransom for decryption and not releasing stolen data. It is based on the HelloKitty ransomware source code and has been observed in various regions.
The threat actors behind the campaign utilized multiple stages and techniques, including obfuscation and leveraging open platforms, to carry out the attack and steal sensitive information.
The FAUST ransomware, a Phobos variant, employs a fileless attack to deploy shellcode, injects the final payload, and creates multiple threads for efficient execution while maintaining exclusion lists to avoid damaging the system.
Malicious Python packages on PyPI, such as nigpal, figflix, and seGMM, have been identified, with payloads designed to steal sensitive information from victims' devices, particularly targeting Windows users.
A threat group is using YouTube channels to distribute a variant of Lumma Stealer, a malware that targets sensitive information, by uploading videos with malicious URLs disguised as cracked software installation guides.
Bandook malware, a remote access trojan, has evolved with a new variant that uses a PDF file to distribute its payload and injects it into msinfo32.exe, allowing remote attackers to gain control of infected systems.
Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.