This botnet exploits the CVE-2015-2051 flaw to download a dropper script, and then deploys the Goldoon malware for DDoS attacks. The botnet uses various autorun methods for persistence and connects to a C2 server for instructions.

A malicious PyPI package named "discordpy_bypass-1.7" was detected on March 12, 2024. This package is designed to extract sensitive information from user systems using a blend of persistence techniques, browser data extraction, and token harvesting.

Recently, FortiGuard Labs observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent “AGoent,” and the Gafgyt Variant.

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets.

In January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. While investigating this campaign, a report about it was published.

The VCURMS RAT uses a Proton Mail email address for communicating with a command-and-control server and can extract and execute commands from specific subject lines in emails.

This ransomware steals and encrypts files, demanding ransom for decryption and not releasing stolen data. It is based on the HelloKitty ransomware source code and has been observed in various regions.

The threat actors behind the campaign utilized multiple stages and techniques, including obfuscation and leveraging open platforms, to carry out the attack and steal sensitive information.

The FAUST ransomware, a Phobos variant, employs a fileless attack to deploy shellcode, injects the final payload, and creates multiple threads for efficient execution while maintaining exclusion lists to avoid damaging the system.

Malicious Python packages on PyPI, such as nigpal, figflix, and seGMM, have been identified, with payloads designed to steal sensitive information from victims' devices, particularly targeting Windows users.