Overview ACR Stealer is a sophisticated information-stealing malware actively distributed as Malware-as-a-Service (MaaS). It has evolved from its predecessor, GrMsk Stealer, and is known for its advanced obfuscation and anti-analysis techniques, making it a significant threat to user data security. Technical Details ACR Stealer targets sensitive user information by employing

Security Advisory Report: FakeBat Malware Summary FakeBat, also known as EugenLoader or PaykLoader, has emerged as a significant threat in 2024, spreading through drive-by download attacks and malvertising campaigns. Distributed under a Loader-as-a-Service (LaaS) model by the Russian-speaking threat actor Eugenfest, FakeBat targets victims through compromised websites, fake browser updates,

Overview Fickle Stealer, a sophisticated piece of malware written in Rust, has been identified as a significant threat targeting Windows users. Initially observed in May 2024, this malware leverages Rust's performance and safety features, making it challenging for researchers to detect and analyze. Distributed via multiple vectors, including

Overview WarmCookie is a sophisticated piece of malware that emerged in late 2023, primarily targeting Google accounts by exploiting vulnerabilities in Google's authentication process. Recent alerts from malware databases indicate an uptick in activity associated with this malware. WarmCookie allows attackers to hijack user sessions even after passwords

Overview Hijack Loader, also known as IDAT Loader, has evolved with enhanced evasion techniques aimed at increasing its stealth and persistence within infected systems. Recent variants demonstrate advanced tactics such as process hollowing and User Account Control (UAC) bypass. Technical Details The malware initiates an attack by deploying a first-stage

Overview The ZLoader malware, also known as Terdot, DELoader, or Silent Night, has recently undergone significant updates, enhancing its capabilities and evading detection mechanisms. Originally derived from the Zeus banking trojan, ZLoader has evolved to support a broader range of malicious activities, including the distribution of ransomware. Recent Developments As

Overview: Sharpil RAT, initially identified as a Remote Access Trojan (RAT), has been reclassified as a remote-controlled data stealer. It targets a wide range of data, notably from gaming platforms and applications. A new variant, referred to as Sharp Stealer, emerged in 2024, exhibiting similar malicious functionalities and focusing particularly

Overview SteganoAmor is a malicious malware campaign orchestrated by the TA558 hacking group, employing steganography to embed malicious code within images. This technique disguises the malware within benign-looking files to evade detection by users and security software. TA558, active since 2018, primarily targets the hospitality and tourism sectors, especially in

Executive Summary Recent discoveries and analysis have highlighted the resurgence and evolution of ScrubCrypt malware, a sophisticated cyberthreat aimed at Microsoft Windows platforms. This malware is associated with deploying the RedLine Stealer malware, broadening the attack vector to include credential theft, cryptocurrency wallet exfiltration, and facilitating account takeover and fraud.

Overview: The Latrodectus malware, a sophisticated and adaptable threat in the cyber landscape, has been actively distributed via email phishing campaigns since at least late November 2023. Emerging as a potential successor to the IcedID loader, it has shown significant capabilities in evasion and payload delivery. Distribution and Tactics: The

Overview The StrelaStealer malware has emerged as a significant cybersecurity threat, primarily through phishing campaigns targeting over 100 organizations across the European Union and the United States. The malware is designed to exfiltrate email login credentials from popular clients like Outlook and Thunderbird, sending the stolen data to an attacker-controlled

Overview: A new malware strain named WogRAT has been identified targeting both Windows and Linux systems. This malware exploits the online notepad service "aNotepad" as a covert channel for storing and retrieving malicious payloads. The primary function and distribution method of WogRAT, including its impact on infected systems,

Overview SSH-Snake is a sophisticated malware that targets SSH (Secure Shell) services. It is a self-propagating, self-replicating, file-less script designed for post-exploitation tasks such as SSH private key and host discovery. Its main goal is to automate the discovery and exploitation of SSH services by utilizing found private keys to

Overview Volt Typhoon, identified as a state-sponsored cyber threat group by various cybersecurity organizations, has been actively targeting U.S. critical infrastructure with a focus on espionage, information gathering, and potentially disruptive activities against critical communications infrastructure. This group, attributed to the People's Republic of China, has been

Executive Summary Mystic Stealer is an information-stealing malware first advertised in April 2023. It is designed to pilfer credentials from nearly 40 web browsers and more than 70 browser extensions, targeting also cryptocurrency wallets, Steam, and Telegram accounts. The malware exhibits advanced obfuscation techniques including polymorphic string obfuscation, hash-based import

Executive Summary Qbot, also known as QakBot, is a prevalent and evolving piece of malware initially identified as a banking trojan. Over time, it has expanded its capabilities to include information theft, delivery of additional malware payloads, and facilitation of ransomware attacks. Qbot is known for its persistence, sophisticated evasion

Overview Pikabot, a sophisticated loader malware, has resurfaced with significant activity detected in February 2024. It first gained attention in early 2023 and has shown a pattern of evolution and adaptation, leveraging various distribution methods to infiltrate systems. Pikabot's capabilities include unauthorized remote access and execution of arbitrary

Overview Bumblebee malware, a sophisticated loader with ties to various cybercriminal activities including ransomware deployment, has resurfaced in February 2024 after a 4-month period of inactivity. It is known for its evasive techniques, such as obfuscation and the use of PowerShell for execution, making it a potent threat in cyber