Cybersec Sentinel

Amatera Stealer Launches Sophisticated Multi-Stage Attacks via ClearFake

Amatera Stealer Launches Sophisticated Multi-Stage Attacks via ClearFake

Threat Type: Infostealer malware (Malware-as-a-Service) Exploited Vulnerabilities: CVE-2024-21412 (SmartScreen Bypass), user execution via ClearFake+ClickFix, EtherHiding Malware Used: Amatera Stealer (formerly ACR Stealer) Threat Score: 🔴 High (8.0/10) – Evasive, persistent, dynamically updated MaaS platform with novel C2 and shellcode tactics. Last Threat Observation: June 19, 2025 Overview Amatera Stealer

Fog Ransomware Returns with Expanded Toolset and Enterprise Focus

Fog Ransomware Returns with Expanded Toolset and Enterprise Focus

Threat Group: Unknown (Closed group suspected) Threat Type: Ransomware with espionage-like capabilities Exploited Vulnerabilities: SonicWall VPN (CVE-2024-40766), Veeam RCE (CVE-2024-40711), possible Exchange vulnerabilities Malware Used: Fog Ransomware, Syteca (Ekran) client, Adaptix Beacon, GC2, Stowaway, 7-Zip, MegaSync Threat Score: 🔴 High (8.0/10) – Due to advanced persistence techniques, espionage-style data theft,

FIN6 Skeleton Spider Escalates Enterprise Threats with More_eggs Campaigns

FIN6 Skeleton Spider Escalates Enterprise Threats with More_eggs Campaigns

Threat Group: Skeleton Spider (aka FIN6, Gold Franklin, ITG08, TAAL, Camouflage Tempest, ATK88, MageCart Group 6, TA4557, White Giant) Threat Type: Cybercrime Syndicate Exploited Vulnerabilities: Credential theft, social engineering, cloud abuse (AWS, GoDaddy), PoS exploitation (historical) Malware Used: More_eggs (MaaS by Golden Chickens/Venom Spider), historical: Trinity, FrameworkPOS, Ryuk,

BADBOX 2.0 Botnet Weaponizes Uncertified Devices for Proxies, Fraud, and Credential Theft

BADBOX 2.0 Botnet Weaponizes Uncertified Devices for Proxies, Fraud, and Credential Theft

Threat Group: SalesTracker Group, MoYu Group, Lemon Group, LongTV Threat Type: Android Malware Botnet Exploited Vulnerabilities: Supply chain compromises, malicious third-party apps, uncertified Android devices Malware Used: BB2DOOR (variant of Triada) Threat Score: 🔥 Critical (9.1/10) Last Threat Observation: June 7, 2025 Overview BADBOX 2.0 is a critical

Sandworm Launches Stealth Attack with PathWiper Malware Against Ukraine’s Critical Networks

Sandworm Launches Stealth Attack with PathWiper Malware Against Ukraine’s Critical Networks

Threat Group: Sandworm (APT44 / Seashell Blizzard / Iridium / Voodoo Bear) Threat Type: Wiper Malware Exploited Vulnerabilities: Abuse of legitimate endpoint administration frameworks (initial access suspected via phishing, credential harvesting, or exploitation of edge infrastructure) Malware Used: PathWiper Threat Score: 🔥 Critical (9.1/10) – Due to targeted data destruction across infrastructure, stealthy

Crocodilus Android Malware Emerges as Top-Tier Threat to Banking and Crypto Apps

Crocodilus Android Malware Emerges as Top-Tier Threat to Banking and Crypto Apps

Threat Group: Potentially linked to "sybra" Threat Type: Android Banking Trojan Exploited Vulnerabilities: Abuse of Android Accessibility Services, Android 13+ "Restricted Settings" bypass Malware Used: Crocodilus (variant: Pragma) Threat Score: 🔥 Critical (9.1/10) – Due to advanced obfuscation, bypass of Android protections, cryptocurrency seed collection, and

Acreed Infostealer Becomes Top Credential Theft Tool After Lumma Takedown

Acreed Infostealer Becomes Top Credential Theft Tool After Lumma Takedown

Threat Group: Unknown (Emerging actors on Russian Market) Threat Type: Infostealer Malware Exploited Vulnerabilities: Phishing, Malvertising, SEO Poisoning, ClickFix social engineering, AI-generated deception, DLL-SideLoading Malware Used: Acreed Infostealer Threat Score: 🔴 High (7.8/10) – Rapid adoption, advanced session token theft, and critical infrastructure targeting Last Threat Observation: June 4, 2025

EDDIESTEALER Infostealer Targets Windows Systems with Fake CAPTCHA Campaigns

EDDIESTEALER Infostealer Targets Windows Systems with Fake CAPTCHA Campaigns

Threat Group: Unknown Threat Type: Infostealer Malware Exploited Vulnerabilities: None (Relies on social engineering and fake CAPTCHA delivery) Malware Used: EDDIESTEALER Threat Score: 🔴 High (7.8/10) – Due to its novel Rust implementation, evasive delivery methods, and rapid credential exfiltration techniques. Last Threat Observation: May 30, 2025 Overview EDDIESTEALER is

Katz Stealer Malware Targets Browsers Wallets and Messaging Platforms

Katz Stealer Malware Targets Browsers Wallets and Messaging Platforms

Threat Group: Unknown (operates via MaaS model) Threat Type: Credential and information-stealing malware (Infostealer) Exploited Vulnerabilities: Chrome ABE Bypass, UAC Bypass via cmstp.exe, Process Hollowing via MSBuild.exe Malware Used: Katz Stealer Threat Score: 🔴 High (8.2/10) Last Observed Activity: May 278 2025 Overview This report delivers a

Detect IOCs with YARA on Ubuntu and Windows

Detect IOCs with YARA on Ubuntu and Windows

YARA is one of the most versatile and powerful tools in the arsenal of security engineers and malware analysts. Whether you're defending Windows fleets or Linux servers, mastering YARA means being able to rapidly scan, classify, and hunt down malicious files and patterns based on known indicators of