Malware - Cybersec Sentinel

Malware

A collection of 88 posts

The Return of PlugX Malware with Fresh Tricks

The Return of PlugX Malware with Fresh Tricks

Threat Group: Likely associated with Chinese Advanced Persistent Threat (APT) groups Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Multiple, including spear-phishing and exploiting unpatched software vulnerabilities Malware Used: PlugX Threat Score: High (8.7/10) – Due to its versatility, stealth capabilities, and association with espionage campaigns Last Threat Observation:

Phishing Campaigns Fuel Compiled AutoIt Malware Distribution

Phishing Campaigns Fuel Compiled AutoIt Malware Distribution

Threat Group: Various (including XLoader, SnakeKeylogger, RedLine, AgentTesla, RemcosRAT) Threat Type: Multi-Functional Malware via Phishing Campaigns Exploited Vulnerabilities: None specific; relies on social engineering for initial infection Malware Used: AutoIt Compile Malware (XLoader, SnakeKeylogger, RedLine, AgentTesla, RemcosRAT) Threat Score: High (8.7/10) – Due to the rapid increase in distribution

macOS Users Targeted by the New Variant of Banshee Infostealer

macOS Users Targeted by the New Variant of Banshee Infostealer

Threat Group: Unknown Threat Type: Information Stealer (Infostealer) Exploited Vulnerabilities: No specific vulnerabilities exploited; relies on social engineering and phishing tactics Malware Used: Banshee Stealer Threat Score: High (8.5/10) – Due to its advanced evasion techniques, targeting of macOS systems, and comprehensive data theft capabilities. Last Threat Observation: January

Advanced Evasion Techniques Used by NonEuclid RAT

Advanced Evasion Techniques Used by NonEuclid RAT

Threat Group: Developer unknown, promoted by underground forums and individual actors Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Privilege escalation, outdated security patches, and social engineering Malware Used: NonEuclid RAT Threat Score: High (9.0/10) – Advanced persistence, ransomware capabilities, and widespread appeal within cybercrime circles Last Threat Observation:

REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors

REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors

Threat Group: REF5961 Threat Type: Backdoor Malware Exploited Vulnerabilities: Potential exploitation of Microsoft Exchange ProxyLogon (CVE-2021-26855) Malware Used: EAGERBEE, RUDEBIRD, DOWNTOWN Threat Score: High (8.5/10) – Due to its focus on critical infrastructure, advanced evasion techniques, and persistent access capabilities. Last Threat Observation: January 7, 2025 Overview EAGERBEE is

Threat Surge as Lumma Stealer Expands Its Reach

Threat Surge as Lumma Stealer Expands Its Reach

Threat Group: Lumma (operated by "Shamel") Threat Type: Information Stealer (Malware-as-a-Service) Exploited Vulnerabilities: No specific vulnerabilities; relies on social engineering and deceptive tactics Malware Used: Lumma Stealer (also known as LummaC2) Threat Score: High (8.5/10) – Due to its advanced evasion techniques, broad targeting capabilities, and widespread

IoT Devices Under Fire by FICORA and CAPSAICIN

IoT Devices Under Fire by FICORA and CAPSAICIN

Threat Group: Unattributed Threat Type: IoT-Based Botnets Exploited Vulnerabilities: D-Link HNAP Interface Flaws (CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, CVE-2024-33112) Malware Used: Mirai Variant "FICORA", Kaiten Variant "CAPSAICIN" Threat Score: High (8.7/10) – Due to the exploitation of widely deployed IoT devices and the potential for large-scale Distributed

Evolving Techniques in Cloud Atlas Cyber Attacks

Evolving Techniques in Cloud Atlas Cyber Attacks

Threat Group: Cloud Atlas (also known as Inception) Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: * CVE-2017-11882: Memory corruption in Microsoft Office. * CVE-2018-0802: Formula editor vulnerability in Microsoft Office exploited via malicious RTF files. Malware Used: * VBShower: Polymorphic VBS-based backdoor. * PowerShower: PowerShell-based malware for reconnaissance and lateral movement. * VBCloud: New

Christmas-Themed LNK Files Used for Malware Delivery

Christmas-Themed LNK Files Used for Malware Delivery

Threat Group: Various Cybercriminal Entities Threat Type: Malware Delivery via LNK Files Exploited Vulnerabilities: Abuse of Windows LNK File Functionality Malware Used: Emotet, Ursnif, Qakbot, IcedID Threat Score: High (8.5/10) – Due to the deceptive nature of LNK files masquerading as legitimate documents, increased holiday-themed phishing campaigns, and the

BellaCPP Expands BellaCiao Capabilities in C++

BellaCPP Expands BellaCiao Capabilities in C++

Threat Group: Charming Kitten (APT35/APT42) Threat Type: Dropper Malware Exploited Vulnerabilities: Potential exploitation of Microsoft Exchange vulnerabilities (e.g., ProxyShell, ProxyNotShell) Malware Used: BellaCPP Threat Score: High (8.5/10) – Due to its targeted approach, advanced evasion techniques, and potential impact on critical infrastructure. Last Threat Observation: December 21,