Malware - Cybersec Sentinel (Page 2)

Malware

A collection of 132 posts

PupkinStealer Emerges as New .NET Malware Threat Targeting Browser and Messaging Data

PupkinStealer Emerges as New .NET Malware Threat Targeting Browser and Messaging Data

Threat Group: Ardent (tentative attribution) Threat Type: Information Stealer Exploited Vulnerabilities: None (requires user execution) Malware Used: PupkinStealer Threat Score: 🔶 Elevated (6.5/10) – Due to effective data theft techniques, reliance on trusted platforms like Telegram for exfiltration, and potential for privacy breaches across enterprise and personal systems. Last Threat

LOSTKEYS Malware Campaign Traced to Cold River Threat Group

LOSTKEYS Malware Campaign Traced to Cold River Threat Group

Threat Group: Cold River (linked to Russia’s Federal Security Service) Threat Type: Advanced Persistent Threat (APT) Malware Exploited Vulnerabilities: Not publicly disclosed Malware Used: LOSTKEYS Threat Score: 🔥 Critical (9.2/10) – Due to its advanced data exfiltration capabilities, targeting of high-profile entities, and association with a state-sponsored group Last

Golden Chickens Deploy TerraStealerV2 and TerraLogger in Credential Theft Surge

Golden Chickens Deploy TerraStealerV2 and TerraLogger in Credential Theft Surge

Threat Group: Golden Chickens (aka Venom Spider) Threat Type: Malware-as-a-Service (MaaS) Exploited Vulnerabilities: Social engineering via spear-phishing and LOLBins Malware Used: TerraStealerV2, TerraLogger, TerraLoader Threat Score: 🟠 Elevated (6.5/10) – Due to its credential-harvesting capabilities, stealth techniques, and deployment through widely used social engineering tactics. Last Threat Observation: May 3l

TheWizards APT Exploits IPv6 to Hijack Updates and Deploy Dual-Platform Malware

TheWizards APT Exploits IPv6 to Hijack Updates and Deploy Dual-Platform Malware

Threat Group: TheWizards Threat Type: Advanced Persistent Threat (APT) – Cyberespionage Exploited Vulnerabilities: IPv6 SLAAC/NDP Trust Exploitation Malware Used: Spellbinder (AitM tool), WizardNet (Windows modular backdoor), DarkNights / DarkNimbus (Android spyware) Threat Score: 🔥 Critical (9.1/10) due to use of advanced IPv6-based adversary-in-the-middle techniques, dual-platform malware deployment, and targeting of

Cozy Bear Launches Wine-Tasting Phishing Campaign to Deploy WineLoader

Cozy Bear Launches Wine-Tasting Phishing Campaign to Deploy WineLoader

Threat Group: APT29 (Cozy Bear / Midnight Blizzard / NOBELIUM) Threat Type: Advanced Persistent Threat (APT) – Cyberespionage Exploited Vulnerabilities: None (social engineering and DLL side-loading) Malware Used: GrapeLoader (initial-stage loader), WineLoader (modular backdoor) Threat Score: 🔥 Critical (9.2/10) due to campaign sophistication, high-value diplomatic targeting, and stealth evasion techniques Last Threat

Infostealer FormBook Exploits Phishing to Steal Credentials and Deploy Malware

Infostealer FormBook Exploits Phishing to Steal Credentials and Deploy Malware

Threat Group: Multiple Threat Actors (Malware as a Service) Threat Type: Infostealer / Downloader / Trojan Exploited Vulnerabilities: Primarily relies on social engineering and malicious attachments. Occasionally used to deliver secondary payloads that exploit known CVEs. Malware Used: FormBook (rebranded as XLoader) Threat Score: 🔴 High (8.0/10) due to extensive use

Earth Bluecrow Deploys BPFDoor Backdoor to Target Asia and Middle East Infrastructure

Earth Bluecrow Deploys BPFDoor Backdoor to Target Asia and Middle East Infrastructure

Threat Group: - Earth Bluecrow (also known as Red Menshen, DecisiveArchitect, and Red Dev 18) Threat Type: - Backdoor Malware Exploited Vulnerabilities: - None (leverages BPF and raw sockets for firewall evasion and passive packet monitoring) Malware Used: - BPFDoor (aka Backdoor.Linux.BPFDOOR or JustForFun) Threat Score: - 🔴 High

Fortinet Vulnerabilities Targeted as APT41 Deploys KEYPLUG

Fortinet Vulnerabilities Targeted as APT41 Deploys KEYPLUG

Threat Group: APT41 (RedGolf, BrazenBamboo, Grayfly, Wicked Panda) Threat Type: APT, Malware, Backdoor Exploited Vulnerabilities: CVE-2023-48788 (FortiClient EMS), CVE-2022-40684 (FortiOS/FortiProxy/FortiSwitchManager) Malware Used: KEYPLUG (Windows and Linux variants), DEEPDATA (distinct APT41 toolset) Threat Score: 🔥 Critical (8.8/10) – Due to threat actor sophistication, vulnerability severity, and cross-platform malware capabilities.

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Threat Group – Individuals using the aliases ABOLHB and Rino, operating as the Mason Team / FreeMasonry group and distributing the malware through a freemium Malware‑as‑a‑Service model. Threat Type – Remote Access Trojan with credential theft, ransomware, destructive wipe, and clipboard hijacking plug‑ins. Exploited Vulnerabilities – Social‑engineering of users

PipeMagic Trojan and the Zero-Day Exploits Targeting Windows CLFS

PipeMagic Trojan and the Zero-Day Exploits Targeting Windows CLFS

Threat Group: Storm-2460 Threat Type: Modular Malware, Zero-Day Exploitation, Ransomware Deployment Exploited Vulnerabilities: CVE-2025-29824 (CLFS Use-After-Free), CVE-2025-24983 (Win32k Use-After-Free), CVE-2023-28252 (CLFS Out-of-Bounds Write) Malware Used: PipeMagic Trojan Threat Score: 8.4/10 – 🔴 High (due to exploitation of multiple zero-days, advanced evasion techniques, and association with ransomware families like RansomEXX and