Sep 25, 2023THNCyber Attack / Phishing Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. “Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service […]
A novel and sophisticated backdoor malware named Deadglyph was seen used in a cyberespionage campaign targeting a government agency in the Middle East. The malware is attributed to the Stealth Falcon hacking group, which is infamous for targeting activists, journalists, and dissidents. Deadglyph infection method While the exact delivery method is currently unknown, it is […]
Sep 22, 2023THNMalware / Cyber Threat An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. “The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering […]
Researchers have come across a new email phishing campaign that distributes a new ValleyRAT malware alongside Sainbox RAT and Purple Fox malware onto the victim’s systems. Active since the beginning of 2023, the campaign has been targeting Chinese-speaking users. So far, the researchers have observed over 30 attack campaigns leveraging these malware families and 20 […]
The Sonatype Security Research team is currently tracking an ongoing campaign on the npm registry that uses npm packages to retrieve and exfiltrate your Kubernetes configuration and SSH keys to an external server.
A recently discovered Linux backdoor malware, named SprySOCKS, was observed in a cyberespionage campaign targeting government agencies in multiple countries. The campaign was attributed to the Chinese hacking group Earth Lusca. More about SprySOCKS In the campaign, the attackers used a Linux variant of the ELF injector called mandibule to drop SprySOCKS. The backdoor employs […]
Summary Netskope Threat Labs is tracking a campaign that uses malicious Python scripts to steal Facebook users’ credentials and browser data. This campaign targets Facebook business accounts with bogus Facebook messages with a malicious file attached. The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing […]
Sep 15, 2023THNOnline Security / Malware An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims’ credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities. “The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by […]
A recent malvertising campaign has been found focusing on corporate users who are downloading the widely used web conferencing application, Webex. In this campaign, malicious actors have purchased an advertisement that mimics Cisco’s branding, and it appears as the top result when conducting a Google search. Diving into details The ad appears completely legitimate at […]