Malware - Cybersec Sentinel

Malware

A collection of 169 posts

GlassWorm Exploits Trust in Open Source Ecosystems

GlassWorm Exploits Trust in Open Source Ecosystems

Threat Group – Unattributed Threat Type – Supply chain malware, infostealer, credential theft Exploited Vulnerabilities – No CVE assigned. Abuse of trusted package registries, compromised publisher access, stolen developer credentials, invisible Unicode obfuscation, and extension dependency abuse Malware Used – GlassWorm loader and follow on JavaScript based payloads Threat Score – 8.7 🔥 Critical Last

VodkaStealer Malware Harvests Browser Credentials and Session Token

VodkaStealer Malware Harvests Browser Credentials and Session Token

Threat Group – Unidentified financially motivated threat actor associated with the ClickFix WordPress compromise campaign Threat Type – Information Stealer Exploited Vulnerabilities – ClickFix social engineering using compromised WordPress sites and fake Cloudflare verification prompts Malware Used – VodkaStealer, DoubleDonut loader, ChromElevator Threat Score – 🔴 7.6 High – Advanced credential harvesting malware delivered through large

UnsolicitedBooker Deploys MarsSnake Against Telecom Providers

UnsolicitedBooker Deploys MarsSnake Against Telecom Providers

Threat Group – UnsolicitedBooker Threat Type – Backdoor / Advanced Persistent Threat Exploited Vulnerabilities – CVE-2018-0802 Malware Used – MarsSnake, MarsSnakeLoader, LuciDoor, LuciLoad Threat Score – 8.7 🔥 Critical – State aligned espionage platform with wormable capability, decentralised IPFS command fallback, telecommunications targeting, long term persistence and advanced evasion techniques Last Threat Observation – 24 February 2026 Overview

What Is Moonrise RAT and Why It Poses a Serious Risk

What Is Moonrise RAT and Why It Poses a Serious Risk

Threat Group – Unattributed Threat Type – Remote Access Trojan Exploited Vulnerabilities – No confirmed CVEs. Delivery aligned with user execution and social engineering techniques Malware Used – Moonrise RAT Threat Score – 7.8 🔴 High. Enables interactive remote control, credential theft, surveillance, and persistence with low early static detection which increases dwell time and

MIMICRAT Campaign Uses Fake Verification Lure

MIMICRAT Campaign Uses Fake Verification Lure

Threat Group – Unknown financially motivated operators Threat Type – Remote Access Trojan and social engineering campaign Exploited Vulnerabilities – User driven execution abuse of Windows Run dialog and PowerShell Malware Used – MIMICRAT Threat Score – 8.2 🔴 High Last Threat Observation – February 2026, reported by multiple security research teams including Securonix and independent

Notepad++ Compromise Reinforces the Need for Strict Software Governance

Notepad++ Compromise Reinforces the Need for Strict Software Governance

Threat Group Lotus Blossom Billbug Threat Type Supply chain compromise via updater infrastructure hijack and malicious plugin persistence Exploited Vulnerabilities Weak certificate and signature validation in the Notepad++ auto updater prior to version 8.8.9. Abuse of shared hosting infrastructure trust. DLL search order hijacking in plugin loading mechanisms.

MoonPeak and the Growing Sophistication of DPRK Intrusions

MoonPeak and the Growing Sophistication of DPRK Intrusions

Threat Group UAT-5394 with strong tactical overlap to Kimsuky Threat Type Remote Access Trojan derived from XenoRAT delivered via weaponised LNK files and PowerShell droppers Exploited Vulnerabilities Windows LNK execution trust abuse, PowerShell execution policy bypass, LOTS and LOLBins abuse, trusted cloud and code hosting platforms Malware Used MoonPeak RAT

PeckBirdy Exposes a New Living off the Land Threat

PeckBirdy Exposes a New Living off the Land Threat

Threat Group China aligned APT operators tracked as SHADOW VOID 044 and SHADOW EARTH 045 Threat Type JScript based command and control framework abusing trusted Windows utilities Exploited Vulnerabilities Abuse of Windows Script Host trust model, mshta.exe execution, ScriptControl ActiveX usage, browser watering hole injection, legacy Chrome V8 flaws

Evelyn Stealer and the rising risk of developer tool supply chain attacks

Evelyn Stealer and the rising risk of developer tool supply chain attacks

Threat Group: Unknown cybercriminal operators leveraging developer tooling supply chains Threat Type: Information stealer malware delivered via malicious development extensions Exploited Vulnerabilities: Abuse of the Visual Studio Code extension trust model, DLL side loading, PowerShell execution policy misuse, Windows process hollowing Malware Used: Evelyn Stealer, Lightshot.dll downloader, iknowyou.model

How SHADOW#REACTOR uses harmless looking text files to deliver Remcos RAT

How SHADOW#REACTOR uses harmless looking text files to deliver Remcos RAT

Threat Group – Unattributed, activity consistent with an initial access broker model Threat Type – Multi stage loader chain delivering remote access capability Exploited Vulnerabilities – None publicly confirmed, primary access relies on user execution and script based lures Malware Used – Remcos RAT delivered via SHADOW#REACTOR staging and loader framework Threat Score