Malware - Cybersec Sentinel (Page 7)

Malware

A collection of 114 posts

Winos4.0 RAT Targets Gamers and Educational Institutions in New Malware Campaign

Winos4.0 RAT Targets Gamers and Educational Institutions in New Malware Campaign

Threat Group: Unknown Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Social engineering through gaming-related applications targeting Windows Malware Used: Winos4.0 Threat Score: High (8.5/10) — due to its sophisticated evasion, control functions, and targeting of gaming and educational sectors Last Threat Observation: November 6, 2024, by FortiGuard

APT36 Goes Cloudy ElizaRAT Puts Indian Systems in the Crosshairs

APT36 Goes Cloudy ElizaRAT Puts Indian Systems in the Crosshairs

Threat Group: APT36 (Transparent Tribe) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Windows, Linux-based espionage with cloud-based C2 communication Malware Used: ElizaRAT, ApoloStealer Threat Score: High (8.8/10) — Enhanced evasion and control tactics, leveraging multiple cloud services for concealment Last Threat Observation: November 2024 (AlienVault, Check Point Research)

SYS01 Malware Exploits Meta Business Ads to Steal Credentials

SYS01 Malware Exploits Meta Business Ads to Steal Credentials

Threat Overview Threat Group: Unknown, suspected Rilide malware affiliates Threat Type: Infostealer Malware Exploited Vulnerabilities: Browser credential storage, Facebook account access, Windows Task Scheduler Malware Used: SYS01 Infostealer Threat Score: High (8.5/10) — Due to sophisticated targeting of widely-used platforms, persistent evasion tactics, and expansive reach Last Threat Observation:

GHOSTPULSE Infiltration via MSIX Application Packages

GHOSTPULSE Infiltration via MSIX Application Packages

Threat Group: Unknown Threat Type: Multi-stage Malware Loader Exploited Vulnerabilities: DLL Side-loading, Module Stomping, Process Doppelgänging Malware Used: GHOSTPULSE Threat Score: High (8.5/10) — Due to advanced evasion techniques and targeting of commonly used software through deceptive MSIX packages. Last Threat Observation: October 30, 2024 Overview GHOSTPULSE is a

Espionage and Influence Meet Malware in UNC5812's Campaign Against Ukraine

Espionage and Influence Meet Malware in UNC5812's Campaign Against Ukraine

Threat Group: UNC5812 Threat Type: Hybrid Espionage and Influence Operation Exploited Vulnerabilities: Android and Windows vulnerabilities, including CVE-2024-47575 Malware Used: SUNSPINNER, PURESTEALER, CRAXSRAT, Pronsis Loader Threat Score: High (8.5/10) — due to multifaceted espionage and influence tactics targeting military sectors. Last Threat Observation: October 29, 2024 Overview UNC5812, a

IoT Security at Risk as Mirai Variants Intensify DDoS Attacks

IoT Security at Risk as Mirai Variants Intensify DDoS Attacks

Threat Group: - Unknown Threat Type: - IoT Botnet Malware Exploited Vulnerabilities: - Multiple IoT vulnerabilities, including CVE-2024-7029 Malware Used: - V3G4, Corona Mirai Threat Score: - High (8.8/10) due to its ability to exploit critical vulnerabilities in IoT devices and launch massive DDoS attacks. Last Threat Observation:

SocGholish and FakeUpdate Evolved Threats in Browser-Based Attacks

SocGholish and FakeUpdate Evolved Threats in Browser-Based Attacks

Threat Group: TA569 (SocGholish operators) Threat Type: Malware Delivery via Fake Update Alerts Exploited Vulnerabilities: Compromised websites with JavaScript injection Malware Used: SocGholish (FakeUpdate), NetSupport RAT, Raspberry Robin Worm Threat Score: High (8.5/10) — Effective social engineering with broad targeting and advanced persistence techniques Last Threat Observation: October 2024

ValleyRAT Malware Exploits Privilege Escalation and Evasion in Targeted Attacks

ValleyRAT Malware Exploits Privilege Escalation and Evasion in Targeted Attacks

Threat Group: Silver Fox (suspected) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Privilege abuse through COM interfaces (CMSTPLUA, fodhelper.exe), Scheduled Task creation, Registry Run Keys manipulation Malware Used: ValleyRAT Threat Score: High (8.5/10) — Due to advanced evasion, multi-stage infection, and targeted campaign scope within China Last

DarkComet Malware Resurgence Highlights Growing Cybersecurity Concerns

DarkComet Malware Resurgence Highlights Growing Cybersecurity Concerns

Threat Group: DarkComet (a.k.a. Fynloski, Breut, Krademok) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Registry modifications, phishing, drive-by downloads, unpatched software vulnerabilities Malware Used: DarkComet RAT (Versions 5.3.1, other variants) Threat Score: High (8.5/10) Last Threat Observation: October 23, 2024 Overview DarkComet RAT