Malware DefenderNot Tool Disables Microsoft Defender Using Taskmgr Injection and WSC Abuse Threat Group: Independent Researcher "es3n1n" Threat Type: Defense Evasion / Security Bypass Utility Exploited Vulnerabilities: None (Abuse of undocumented WSC API functionality) Malware Used: None (Standalone Tool with modular components) Threat Score: π΄ High (7.3/10) β Due to DLL injection into Taskmgr.exe, WSC spoofing, and reliable persistence mechanisms
Malware PowerShell-Delivered Chihuahua Stealer Distributed via Google Drive Targets Credentials and Wallets Threat Group: Unknown Threat Type: Infostealer Malware Exploited Vulnerabilities: None (Relies on social engineering and legitimate services) Malware Used: Chihuahua Stealer Threat Score: π΄ High (7.8/10) β Due to its advanced encryption techniques, stealthy multi-stage execution, and targeting of sensitive data such as browser credentials and cryptocurrency wallets. Last Threat
Malware PupkinStealer Emerges as New .NET Malware Threat Targeting Browser and Messaging Data Threat Group: Ardent (tentative attribution) Threat Type: Information Stealer Exploited Vulnerabilities: None (requires user execution) Malware Used: PupkinStealer Threat Score: πΆ Elevated (6.5/10) β Due to effective data theft techniques, reliance on trusted platforms like Telegram for exfiltration, and potential for privacy breaches across enterprise and personal systems. Last Threat
Malware LOSTKEYS Malware Campaign Traced to Cold River Threat Group Threat Group: Cold River (linked to Russiaβs Federal Security Service) Threat Type: Advanced Persistent Threat (APT) Malware Exploited Vulnerabilities: Not publicly disclosed Malware Used: LOSTKEYS Threat Score: π₯ Critical (9.2/10) β Due to its advanced data exfiltration capabilities, targeting of high-profile entities, and association with a state-sponsored group Last
Malware Golden Chickens Deploy TerraStealerV2 and TerraLogger in Credential Theft Surge Threat Group: Golden Chickens (aka Venom Spider) Threat Type: Malware-as-a-Service (MaaS) Exploited Vulnerabilities: Social engineering via spear-phishing and LOLBins Malware Used: TerraStealerV2, TerraLogger, TerraLoader Threat Score: π Elevated (6.5/10) β Due to its credential-harvesting capabilities, stealth techniques, and deployment through widely used social engineering tactics. Last Threat Observation: May 3l
Malware TheWizards APT Exploits IPv6 to Hijack Updates and Deploy Dual-Platform Malware Threat Group: TheWizards Threat Type: Advanced Persistent Threat (APT) β Cyberespionage Exploited Vulnerabilities: IPv6 SLAAC/NDP Trust Exploitation Malware Used: Spellbinder (AitM tool), WizardNet (Windows modular backdoor), DarkNights / DarkNimbus (Android spyware) Threat Score: π₯ Critical (9.1/10) due to use of advanced IPv6-based adversary-in-the-middle techniques, dual-platform malware deployment, and targeting of
Phishing Cozy Bear Launches Wine-Tasting Phishing Campaign to Deploy WineLoader Threat Group: APT29 (Cozy Bear / Midnight Blizzard / NOBELIUM) Threat Type: Advanced Persistent Threat (APT) β Cyberespionage Exploited Vulnerabilities: None (social engineering and DLL side-loading) Malware Used: GrapeLoader (initial-stage loader), WineLoader (modular backdoor) Threat Score: π₯Β Critical (9.2/10) due to campaign sophistication, high-value diplomatic targeting, and stealth evasion techniques Last Threat
Malware Infostealer FormBook Exploits Phishing to Steal Credentials and Deploy Malware Threat Group: Multiple Threat Actors (Malware as a Service) Threat Type: Infostealer / Downloader / Trojan Exploited Vulnerabilities: Primarily relies on social engineering and malicious attachments. Occasionally used to deliver secondary payloads that exploit known CVEs. Malware Used: FormBook (rebranded as XLoader) Threat Score: π΄ High (8.0/10) due to extensive use
Ransomware PE32 Ransomware Operators Leverage RDP and Phishing to Breach Enterprise Systems Threat Group: - Dmc Threat Type: - Ransomware Exploited Vulnerabilities: - None identified (Phishing and RDP compromise suspected) Malware Used: - PE32 Ransomware Threat Score: - π΄ High (7.5/10) β Due to Telegram-based C2, data exfiltration, and rapid file encryption Last Threat Observation: - 23 April 2025 Overview PE32 ransomware
Malware Earth Bluecrow Deploys BPFDoor Backdoor to Target Asia and Middle East Infrastructure Threat Group: - Earth Bluecrow (also known as Red Menshen, DecisiveArchitect, and Red Dev 18) Threat Type: - Backdoor Malware Exploited Vulnerabilities: - None (leverages BPF and raw sockets for firewall evasion and passive packet monitoring) Malware Used: - BPFDoor (aka Backdoor.Linux.BPFDOOR or JustForFun) Threat Score: - π΄ High
