Malware - Cybersec Sentinel (Page 3)

Malware

A collection of 158 posts

SquidLoader Reemerges with Stealth Upgrades in APAC Financial Attacks

SquidLoader Reemerges with Stealth Upgrades in APAC Financial Attacks

Threat Group: Unknown (APT-level sophistication suspected) Threat Type: Loader / Malware-as-a-Service (MaaS) Exploited Vulnerabilities: No specific CVE; exploits social engineering and security evasion Malware Used: SquidLoader, Cobalt Strike Beacon Threat Score: 🔴 High (8.4/10) – Highly evasive loader, zero-detection rate at launch, APT-style tradecraft, and persistent access via Cobalt Strike Last

CVE-2025-53770 and CVE-2025-53771 Abused in Active Attacks on On-Prem SharePoint

Vulnerabilities

CVE-2025-53770 and CVE-2025-53771 Abused in Active Attacks on On-Prem SharePoint

Threat Group: Linen Typhoon, Violet Typhoon, Storm-2603 Threat Type: Remote Code Execution & Spoofing Exploited Vulnerabilities: CVE-2025-53770 (RCE), CVE-2025-53771 (Spoofing) Malware Used: ToolShell (spinstall0.aspx) Threat Score: 🔴 High (8.0/10) – Active exploitation by nation-state actors, persistent access via cryptographic theft, and potential lateral movement across enterprise networks. Last Threat

Matanbuchus 3.0 Campaign Exploits Quick Assist and Teams for Initial Access

Matanbuchus 3.0 Campaign Exploits Quick Assist and Teams for Initial Access

Threat Group: ShadowSyndicate Threat Type: Malware Loader / Malware-as-a-Service (MaaS) Exploited Vulnerabilities: Social engineering of Microsoft Teams and Quick Assist trust Malware Used: Matanbuchus 3.0 Threat Score: ⛔ High (7.5/10) – Due to its advanced evasion capabilities, stealthy deployment, abuse of collaboration tools, and targeting of high-value enterprise environments. Last

Scattered Spider Shifts to Aviation, Retail, and Transport in Latest Campaigns

Scattered Spider Shifts to Aviation, Retail, and Transport in Latest Campaigns

Threat Group: Scattered Spider Threat Type: Cybercrime Group (Focused on Cloud Environments, Ransomware) Exploited Vulnerabilities: Azure Cross-Tenant Synchronization, Federated Identity Providers, Cloud Platforms Malware Used: AlphV ransomware, Spectre RAT Threat Score: 🔴 High (8.8/10) – Due to its sophisticated exploitation of cloud-based systems, privilege escalation methods, and use of advanced

DRAT V2 TAG-140 Bypasses Perimeter Defenses Using Social Engineering and mshta Execution

DRAT V2 TAG-140 Bypasses Perimeter Defenses Using Social Engineering and mshta Execution

Threat Group: TAG-140 / SideCopy / Transparent Tribe (APT36) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: None directly; leverages social engineering and user execution vectors Malware Used: DRAT V2 (Delphi-compiled) with BroaderAspect.NET Loader Threat Score: 🟠 Elevated (6.5/10) – Due to its attribution to a state-aligned APT group, arbitrary shell

FIN6 Skeleton Spider Escalates Enterprise Threats with More_eggs Campaigns

FIN6 Skeleton Spider Escalates Enterprise Threats with More_eggs Campaigns

Threat Group: Skeleton Spider (aka FIN6, Gold Franklin, ITG08, TAAL, Camouflage Tempest, ATK88, MageCart Group 6, TA4557, White Giant) Threat Type: Cybercrime Syndicate Exploited Vulnerabilities: Credential theft, social engineering, cloud abuse (AWS, GoDaddy), PoS exploitation (historical) Malware Used: More_eggs (MaaS by Golden Chickens/Venom Spider), historical: Trinity, FrameworkPOS, Ryuk,

BADBOX 2.0 Botnet Weaponizes Uncertified Devices for Proxies, Fraud, and Credential Theft

BADBOX 2.0 Botnet Weaponizes Uncertified Devices for Proxies, Fraud, and Credential Theft

Threat Group: SalesTracker Group, MoYu Group, Lemon Group, LongTV Threat Type: Android Malware Botnet Exploited Vulnerabilities: Supply chain compromises, malicious third-party apps, uncertified Android devices Malware Used: BB2DOOR (variant of Triada) Threat Score: 🔥 Critical (9.1/10) Last Threat Observation: June 7, 2025 Overview BADBOX 2.0 is a critical

Sandworm Launches Stealth Attack with PathWiper Malware Against Ukraine’s Critical Networks

Sandworm Launches Stealth Attack with PathWiper Malware Against Ukraine’s Critical Networks

Threat Group: Sandworm (APT44 / Seashell Blizzard / Iridium / Voodoo Bear) Threat Type: Wiper Malware Exploited Vulnerabilities: Abuse of legitimate endpoint administration frameworks (initial access suspected via phishing, credential harvesting, or exploitation of edge infrastructure) Malware Used: PathWiper Threat Score: 🔥 Critical (9.1/10) – Due to targeted data destruction across infrastructure, stealthy

Crocodilus Android Malware Emerges as Top-Tier Threat to Banking and Crypto Apps

Crocodilus Android Malware Emerges as Top-Tier Threat to Banking and Crypto Apps

Threat Group: Potentially linked to "sybra" Threat Type: Android Banking Trojan Exploited Vulnerabilities: Abuse of Android Accessibility Services, Android 13+ "Restricted Settings" bypass Malware Used: Crocodilus (variant: Pragma) Threat Score: 🔥 Critical (9.1/10) – Due to advanced obfuscation, bypass of Android protections, cryptocurrency seed collection, and