Apr 24, 2024NewsroomMalware / Data Security A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024. Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected […]
Key takeaways Proofpoint identified multiple YouTube channels distributing malware by promoting cracked and pirated video games and related content. The video descriptions include links leading to the download of information stealers. The activity likely targets consumer users who do not have the benefits of enterprise-grade security on their home computers. Overview Threat actors often target […]
Jamf Threat Labs researchers warned against pirate applications distributing a backdoor to macOS users. The researchers noticed the apps appeared similar to ZuRu malware and allowed attackers to download and execute multiple payloads to compromise machines. First discovered According to researchers, the pirated applications are hosted on Chinese pirating websites. They first came across the […]
The Downfall fan expansion for the game Slay the Spire was breached on Christmas Day, distributing the Epsilon information stealer malware through the Steam update system.
Microsoft Excel Infection Sequence Threat actors begin the infection sequence by distributing spam emails with malicious attachments (like in Figure 1 and Figure 2 below) in hopes that users on vulnerable versions of Microsoft Excel open these emails and download the attachments. Figure 1: Spam email example Figure 2: Spam email example To make these […]
Dec 18, 2023NewsroomMalware / Cybersecurity A new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network. Microsoft, which made the discovery, described it as a low-volume campaign that began on December 11, 2023, and […]
Dec 08, 2023NewsroomEndpoint Security / Malware Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. “Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to launch […]
Sep 07, 2023THNMalvertising / Endpoint Security A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it’s being actively maintained by its author. An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly […]