Malware - Cybersec Sentinel

Malware

A collection of 116 posts

Earth Bluecrow Deploys BPFDoor Backdoor to Target Asia and Middle East Infrastructure

Earth Bluecrow Deploys BPFDoor Backdoor to Target Asia and Middle East Infrastructure

Threat Group: - Earth Bluecrow (also known as Red Menshen, DecisiveArchitect, and Red Dev 18) Threat Type: - Backdoor Malware Exploited Vulnerabilities: - None (leverages BPF and raw sockets for firewall evasion and passive packet monitoring) Malware Used: - BPFDoor (aka Backdoor.Linux.BPFDOOR or JustForFun) Threat Score: - 🔴 High

Fortinet Vulnerabilities Targeted as APT41 Deploys KEYPLUG

Fortinet Vulnerabilities Targeted as APT41 Deploys KEYPLUG

Threat Group: APT41 (RedGolf, BrazenBamboo, Grayfly, Wicked Panda) Threat Type: APT, Malware, Backdoor Exploited Vulnerabilities: CVE-2023-48788 (FortiClient EMS), CVE-2022-40684 (FortiOS/FortiProxy/FortiSwitchManager) Malware Used: KEYPLUG (Windows and Linux variants), DEEPDATA (distinct APT41 toolset) Threat Score: 🔥 Critical (8.8/10) – Due to threat actor sophistication, vulnerability severity, and cross-platform malware capabilities.

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Threat Group – Individuals using the aliases ABOLHB and Rino, operating as the Mason Team / FreeMasonry group and distributing the malware through a freemium Malware‑as‑a‑Service model. Threat Type – Remote Access Trojan with credential theft, ransomware, destructive wipe, and clipboard hijacking plug‑ins. Exploited Vulnerabilities – Social‑engineering of users

PipeMagic Trojan and the Zero-Day Exploits Targeting Windows CLFS

PipeMagic Trojan and the Zero-Day Exploits Targeting Windows CLFS

Threat Group: Storm-2460 Threat Type: Modular Malware, Zero-Day Exploitation, Ransomware Deployment Exploited Vulnerabilities: CVE-2025-29824 (CLFS Use-After-Free), CVE-2025-24983 (Win32k Use-After-Free), CVE-2023-28252 (CLFS Out-of-Bounds Write) Malware Used: PipeMagic Trojan Threat Score: 8.4/10 – 🔴 High (due to exploitation of multiple zero-days, advanced evasion techniques, and association with ransomware families like RansomEXX and

Beyond WormGPT – Offline Xanthorox AI Platform Enables Multimodal Cyberattacks

Beyond WormGPT – Offline Xanthorox AI Platform Enables Multimodal Cyberattacks

Threat Group - Unknown Cybercrime Syndicates Threat Type - Malicious AI Platform Exploited Vulnerabilities - None (Self-contained toolkit) Malware Used - Xanthorox Coder output (various strains) Threat Score - 🔥 Critical (9.5/10) – Due to its offline operation, modular architecture, and use by threat actors as an advanced AI-based hacking

Malicious SVG Attachments Bypass Email Filters in Widespread Phishing Campaigns

Malicious SVG Attachments Bypass Email Filters in Widespread Phishing Campaigns

Threat Group: Multiple cybercriminal organizations Threat Type: Phishing, Malware Delivery Exploited Vulnerabilities: Misuse of Scalable Vector Graphics (SVG) file capabilities Malware Used: Agent Tesla Keylogger, XWorm Remote Access Trojan (RAT), QakBot Threat Score: 🔴 High (8.4/10) – Due to its ability to bypass traditional security measures, widespread distribution, and potential

PJobRAT Returns: New Campaign Distributes Malware via Counterfeit IM Apps

PJobRAT Returns: New Campaign Distributes Malware via Counterfeit IM Apps

Threat Group: Unattributed (Historically linked to SideCopy) Threat Type: Remote Access Trojan (Android RAT) Exploited Vulnerabilities: Social Engineering, Compromised WordPress Sites Malware Used: PJobRAT (latest variant with shell command execution) Threat Score: 🔴 High (8.3/10) – Due to persistence, enhanced capabilities, and deception-based delivery Last Threat Observation: October 2024 (per

Raspberry Robin Malware: USB Worm Turned Initial Access Powerhouse

Raspberry Robin Malware: USB Worm Turned Initial Access Powerhouse

Threat Group: Storm-0856 (Roshtyak) Threat Type: Initial Access Broker (IAB), Malware Loader, USB Worm Exploited Vulnerabilities: CVE-2023-36802, CVE-2023-29360 Malware Used: Raspberry Robin (aka Roshtyak, QNAP worm) Threat Score: 🔴 High (8.4/10) – Ongoing use by ransomware groups and Russian state-backed actors, with evolving delivery techniques and C2 infrastructure. Last Threat

Emerging Malware StilachiRAT Targets Digital Assets

Emerging Malware StilachiRAT Targets Digital Assets

Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Unknown Malware Used: StilachiRAT Threat Score: 🔴 High (8.4/10) – Due to its comprehensive data theft capabilities, advanced evasion techniques, and specific targeting of cryptocurrency assets. Last Threat Observation: March 20, 2025 Overview StilachiRAT is a newly discovered Remote Access Trojan (RAT)

XCSSET Malware Threatens macOS Developer Community

XCSSET Malware Threatens macOS Developer Community

Threat Group: Unattributed Threat Type: Malware, Supply Chain Attack Exploited Vulnerabilities: Transparency Consent and Control (TCC) Zero-day Vulnerabilities Malware Used: XCSSET Threat Score: 🔴 High (8.4/10) – Advanced obfuscation, persistent infection mechanisms, and supply-chain attack potential Last Threat Observation: March 11, 2025 (Microsoft Security Blog) Overview XCSSET is a sophisticated,