Malware

A collection of 116 posts
Fortinet Vulnerabilities Targeted as APT41 Deploys KEYPLUG
Malware

Fortinet Vulnerabilities Targeted as APT41 Deploys KEYPLUG

Threat Group: APT41 (RedGolf, BrazenBamboo, Grayfly, Wicked Panda) Threat Type: APT, Malware, Backdoor Exploited Vulnerabilities: CVE-2023-48788 (FortiClient EMS), CVE-2022-40684 (FortiOS/FortiProxy/FortiSwitchManager) Malware Used: KEYPLUG (Windows and Linux variants), DEEPDATA (distinct APT41 toolset) Threat Score: 🔥 Critical (8.8/10) – Due to threat actor sophistication, vulnerability severity, and cross-platform malware capabilities.
3 min read
Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT
Malware

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Threat Group – Individuals using the aliases ABOLHB and Rino, operating as the Mason Team / FreeMasonry group and distributing the malware through a freemium Malware‑as‑a‑Service model. Threat Type – Remote Access Trojan with credential theft, ransomware, destructive wipe, and clipboard hijacking plug‑ins. Exploited Vulnerabilities – Social‑engineering of users
3 min read
PipeMagic Trojan and the Zero-Day Exploits Targeting Windows CLFS
Malware

PipeMagic Trojan and the Zero-Day Exploits Targeting Windows CLFS

Threat Group: Storm-2460 Threat Type: Modular Malware, Zero-Day Exploitation, Ransomware Deployment Exploited Vulnerabilities: CVE-2025-29824 (CLFS Use-After-Free), CVE-2025-24983 (Win32k Use-After-Free), CVE-2023-28252 (CLFS Out-of-Bounds Write) Malware Used: PipeMagic Trojan Threat Score: 8.4/10 – 🔴 High (due to exploitation of multiple zero-days, advanced evasion techniques, and association with ransomware families like RansomEXX and
2 min read
Malicious SVG Attachments Bypass Email Filters in Widespread Phishing Campaigns
Malware

Malicious SVG Attachments Bypass Email Filters in Widespread Phishing Campaigns

Threat Group: Multiple cybercriminal organizations Threat Type: Phishing, Malware Delivery Exploited Vulnerabilities: Misuse of Scalable Vector Graphics (SVG) file capabilities Malware Used: Agent Tesla Keylogger, XWorm Remote Access Trojan (RAT), QakBot Threat Score: 🔴 High (8.4/10) – Due to its ability to bypass traditional security measures, widespread distribution, and potential
4 min read
PJobRAT Returns: New Campaign Distributes Malware via Counterfeit IM Apps
Malware

PJobRAT Returns: New Campaign Distributes Malware via Counterfeit IM Apps

Threat Group: Unattributed (Historically linked to SideCopy) Threat Type: Remote Access Trojan (Android RAT) Exploited Vulnerabilities: Social Engineering, Compromised WordPress Sites Malware Used: PJobRAT (latest variant with shell command execution) Threat Score: 🔴 High (8.3/10) – Due to persistence, enhanced capabilities, and deception-based delivery Last Threat Observation: October 2024 (per
3 min read
Raspberry Robin Malware: USB Worm Turned Initial Access Powerhouse
Malware

Raspberry Robin Malware: USB Worm Turned Initial Access Powerhouse

Threat Group: Storm-0856 (Roshtyak) Threat Type: Initial Access Broker (IAB), Malware Loader, USB Worm Exploited Vulnerabilities: CVE-2023-36802, CVE-2023-29360 Malware Used: Raspberry Robin (aka Roshtyak, QNAP worm) Threat Score: 🔴 High (8.4/10) – Ongoing use by ransomware groups and Russian state-backed actors, with evolving delivery techniques and C2 infrastructure. Last Threat
3 min read
XCSSET Malware Threatens macOS Developer Community
Malware

XCSSET Malware Threatens macOS Developer Community

Threat Group: Unattributed Threat Type: Malware, Supply Chain Attack Exploited Vulnerabilities: Transparency Consent and Control (TCC) Zero-day Vulnerabilities Malware Used: XCSSET Threat Score: 🔴 High (8.4/10) – Advanced obfuscation, persistent infection mechanisms, and supply-chain attack potential Last Threat Observation: March 11, 2025 (Microsoft Security Blog) Overview XCSSET is a sophisticated,
3 min read