Hackers hijacked CPUID downloads, served STX RAT to victims 2026-04-13 at 16:08 By Zeljka Zorz If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. “Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between […]
Hackers hijacked CPUID downloads, served STX RAT to victims Read More »
SURXRAT: From ArsinkRAT roots to LLM Module Downloads Signaling Capability Expansion 2026-02-24 at 09:07 By rohansinhacyblecom Executive Summary SURXRAT is an actively developed Android Remote Access Trojan (RAT) commercially distributed through a Telegram-based malware-as-a-service (MaaS) ecosystem under the SURXRAT V5 branding. The malware is marketed using structured reseller and partner licensing tiers, allowing affiliates to
SURXRAT: From ArsinkRAT roots to LLM Module Downloads Signaling Capability Expansion Read More »
Fake browser crash alerts turn Chrome extension into enterprise backdoor 2026-01-19 at 17:21 By Zeljka Zorz Browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. Case in point: A recently identified malicious extension called NexShield proves that a single user
Fake browser crash alerts turn Chrome extension into enterprise backdoor Read More »
Fake Booking.com emails and BSODs used to infect hospitality staff 2026-01-07 at 13:06 By Zeljka Zorz Suspected Russian attackers are targeting the hospitality sector with fake Booking.com emails and a fake “Blue Screen of Death” to deliver the DCRat malware. The malware delivery campaign starts with phishing emails that feature room charge details in euros,
Fake Booking.com emails and BSODs used to infect hospitality staff Read More »
Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns 2025-12-19 at 14:43 By rohansinhacyblecom Executive Summary CRIL (Cyble Research and Intelligence Labs) has been tracking a sophisticated commodity loader utilized by multiple high-capability threat actors. The campaign demonstrates a high degree of regional and sectoral specificity, primarily targeting Manufacturing and Government organizations across
Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns Read More »
How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector 2025-10-23 at 09:23 By Sinisa Markovic ESET researchers have uncovered a fresh wave of Operation DreamJob, a long-running campaign linked to North Korea’s Lazarus Group. This latest activity targeted several European defense contractors, including firms deeply involved in drone and
How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector Read More »
AsyncRAT evolves as ESET tracks its most popular malware forks 2025-07-15 at 12:50 By Sinisa Markovic AsyncRAT is an open-source remote access trojan that first appeared on GitHub in 2019. It includes a range of typical RAT capabilities, such as keylogging, screen capture, credential theft, and more. Its simplicity and open-source design have made it
AsyncRAT evolves as ESET tracks its most popular malware forks Read More »
Stealthy StilachiRAT steals data, may enable lateral movement 2025-03-18 at 15:48 By Zeljka Zorz While still not widely distributed, a new Windows remote access trojan (RAT) dubbed StilachiRAT is a serious threat. “[The malware] demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data,” Microsoft threat analysts have warned on
Stealthy StilachiRAT steals data, may enable lateral movement Read More »
Ransomware gang targets IT workers with new RAT maquerading as IP scanner 2024-08-06 at 16:31 By Zeljka Zorz Ransomware-as-a-service outfit Hunters International is wielding a new remote access trojan (RAT). “The malware, named SharpRhino due to its use of the C# programming language, is delivered through a typosquatting domain impersonating the legitimate tool Angry IP
Ransomware gang targets IT workers with new RAT maquerading as IP scanner Read More »
Operation ShadowCat: Targeting Indian Political Observers via a Stealthy RAT 2024-07-24 at 16:46 By Cyble Key Takeaways Overview A security researcher first detected and reported a similar variant in 2023. Based on these similarities, we suspect that the malicious LNK file is distributed to users via spam email. The attack starts with a deceptive shortcut (.LNK)
Operation ShadowCat: Targeting Indian Political Observers via a Stealthy RAT Read More »
20,000 FortiGate appliances compromised by Chinese hackers 2024-06-12 at 14:16 By Zeljka Zorz Coathanger – a piece of malware specifically built to persist on Fortinet’s FortiGate appliances – may still be lurking on too many devices deployed worldwide. How Coathanger persists on FortiGate devices In February 2024, the Dutch Military Intelligence and Security Service (MIVD)
20,000 FortiGate appliances compromised by Chinese hackers Read More »
US organizations targeted with emails delivering NetSupport RAT 2024-03-22 at 15:08 By Helga Labus Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via “nuanced” exploitation and by using an advanced detection evasion method. The malware campaign The campaign, dubbed PhantomBlu, takes the form of email messages purportedly coming from a
US organizations targeted with emails delivering NetSupport RAT Read More »
Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware 2024-03-21 at 12:01 By Helga Labus Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024-27198, an authentication bypass vulnerability affecting the TeamCity
Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware Read More »
Growing AceCryptor attacks in Europe 2024-03-20 at 13:01 By Help Net Security ESET Research has recorded a considerable increase in AceCryptor attacks, with detections tripling between the first and second halves of 2023. In recent months, researchers registered a significant change in how AceCryptor is used, namely that the attackers spreading Rescoms (also known as
Growing AceCryptor attacks in Europe Read More »
Chinese hackers breached Dutch Ministry of Defense 2024-02-07 at 16:46 By Helga Labus Chinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as a backdoor. “The effects of the intrusion were limited because the victim network was segmented from the
Chinese hackers breached Dutch Ministry of Defense Read More »
Festive Facade: Dissecting Multi-Stage Malware in New Year-themed Lure 2024-01-05 at 11:26 By cybleinc CRIL analyzes New Year-themed malware utilizing JS Downloader and DLL Sideloading to infect potential victims. The post Festive Facade: Dissecting Multi-Stage Malware in New Year-themed Lure appeared first on Cyble. This article is an excerpt from Cyble View Original Source
Festive Facade: Dissecting Multi-Stage Malware in New Year-themed Lure Read More »
Uncovering The New Java-Based SAW RAT’s Infiltration Strategy via LNK files 29/11/2023 at 15:02 By cybleinc CRIL analyzes a new Java-based RAT – SAW that infiltrates users’ systems via LNK files. The post Uncovering The New Java-Based SAW RAT’s Infiltration Strategy via LNK files appeared first on Cyble. This article is an excerpt from Cyble
Uncovering The New Java-Based SAW RAT’s Infiltration Strategy via LNK files Read More »
New Java-Based Sayler RAT Targets Polish Speaking Users 02/11/2023 at 13:16 By cybleinc Key Takeaways Overview On October 25th, CRIL came across an undetected Java Archive (JAR) file named “Java.jar” on VirusTotal. Upon investigation, it was determined that the JAR file is a new Remote Access Trojan named “Sayler.” Sayler RAT is designed to provide
New Java-Based Sayler RAT Targets Polish Speaking Users Read More »
Researchers uncover DarkGate malware’s Vietnamese connection 20/10/2023 at 14:02 By Help Net Security WithSecure researchers have tracked attacks using DarkGate malware to an active cluster of cybercriminals operating out of Vietnam. DarkGate is a remote access trojan (RAT) that has been used in attacks since at least 2018 and is currently available to cybercriminals as
Researchers uncover DarkGate malware’s Vietnamese connection Read More »
RMS Tool’s Sneaky Comeback: Phishing Campaign Mirroring Banned Applications 04/10/2023 at 11:02 By cybleinc Key Takeaways Overview Lately, there has been a trend among TAs where they appear to be adapting their tactics to exploit the allure of applications banned in specific regions, potentially making users more susceptible to cyberattacks. These campaigns appear to be
RMS Tool’s Sneaky Comeback: Phishing Campaign Mirroring Banned Applications Read More »