Malware - Cybersec Sentinel (Page 5)

Malware

A collection of 88 posts

IoT Security at Risk as Mirai Variants Intensify DDoS Attacks

IoT Security at Risk as Mirai Variants Intensify DDoS Attacks

Threat Group: - Unknown Threat Type: - IoT Botnet Malware Exploited Vulnerabilities: - Multiple IoT vulnerabilities, including CVE-2024-7029 Malware Used: - V3G4, Corona Mirai Threat Score: - High (8.8/10) due to its ability to exploit critical vulnerabilities in IoT devices and launch massive DDoS attacks. Last Threat Observation:

SocGholish and FakeUpdate Evolved Threats in Browser-Based Attacks

SocGholish and FakeUpdate Evolved Threats in Browser-Based Attacks

Threat Group: TA569 (SocGholish operators) Threat Type: Malware Delivery via Fake Update Alerts Exploited Vulnerabilities: Compromised websites with JavaScript injection Malware Used: SocGholish (FakeUpdate), NetSupport RAT, Raspberry Robin Worm Threat Score: High (8.5/10) — Effective social engineering with broad targeting and advanced persistence techniques Last Threat Observation: October 2024

ValleyRAT Malware Exploits Privilege Escalation and Evasion in Targeted Attacks

ValleyRAT Malware Exploits Privilege Escalation and Evasion in Targeted Attacks

Threat Group: Silver Fox (suspected) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Privilege abuse through COM interfaces (CMSTPLUA, fodhelper.exe), Scheduled Task creation, Registry Run Keys manipulation Malware Used: ValleyRAT Threat Score: High (8.5/10) — Due to advanced evasion, multi-stage infection, and targeted campaign scope within China Last

DarkComet Malware Resurgence Highlights Growing Cybersecurity Concerns

DarkComet Malware Resurgence Highlights Growing Cybersecurity Concerns

Threat Group: DarkComet (a.k.a. Fynloski, Breut, Krademok) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Registry modifications, phishing, drive-by downloads, unpatched software vulnerabilities Malware Used: DarkComet RAT (Versions 5.3.1, other variants) Threat Score: High (8.5/10) Last Threat Observation: October 23, 2024 Overview DarkComet RAT

Bumblebee Malware Adapts to Evade Detection in New Attack Campaign

Bumblebee Malware Adapts to Evade Detection in New Attack Campaign

Threat Group: Likely Trickbot or Conti affiliates Threat Type: Malware Loader Exploited Vulnerabilities: Social engineering, phishing emails, MSI installer misuse Malware Used: Bumblebee Threat Score: High (8.5/10) Last Threat Observation: October 2024 (Resurfaced) Overview Bumblebee, a sophisticated malware loader, has resurfaced in October 2024, just months after law

Dual Threat Crystal Rans0m Combines Ransomware and Infostealing Capabilities

Dual Threat Crystal Rans0m Combines Ransomware and Infostealing Capabilities

Threat Group: Unattributed Threat Type: Hybrid ransomware with stealer capabilities Exploited Vulnerabilities: Outdated software, phishing, P2P downloads Malware Used: Crystal Rans0m (Rust-based) Threat Score: High (8.5/10) — Due to the combination of file encryption, information theft, modular structure, and anti-VM techniques. Last Threat Observation: October 21, 2024 Overview Crystal

Hive0147’s Double Trouble Picanha and Mekotio Attack

Hive0147’s Double Trouble Picanha and Mekotio Attack

Threat Group: Hive0147 Threat Type: Banking Trojan/Downloader Exploited Vulnerabilities: Social engineering, credential theft, phishing Malware Used: Picanha (Downloader), Mekotio (Banking Trojan) Threat Score: High (8.5/10) due to the advanced nature of the malware and its evolving techniques targeting the Latin American financial sector Last Threat Observation: October

UAT-5647’s SingleCamper Malware: A Silent Network Infiltrator

UAT-5647’s SingleCamper Malware: A Silent Network Infiltrator

Threat Group: RomCom (aka UAT-5647) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Spear-phishing, network tunneling, credential theft Malware Used: SingleCamper RAT, RustyClaw, MeltingClaw, DustyHammock, ShadyHammock Threat Score: High (8.3/10) — Advanced persistence mechanisms, stealthy network operations, and a dual-focus on espionage and ransomware deployment Last Threat Observation: October

Horus Protector Rewrites the Rules of Cyber Obfuscation

Horus Protector Rewrites the Rules of Cyber Obfuscation

Threat Group: Unknown (French-speaking actors suspected) Threat Type: Fully Undetectable (FUD) Malware Distribution Service Exploited Vulnerabilities: Remote code execution via encoded Visual Basic (VBE) scripts Malware Used: AgentTesla, Remcos, Snake, NjRat, SNAKE Keylogger Threat Score: High (8.5/10) due to its highly obfuscated nature and persistent distribution of multiple