Overview The StrelaStealer malware has emerged as a significant cybersecurity threat, primarily through phishing campaigns targeting over 100 organizations across the European Union and the United States. The malware is designed to exfiltrate email login credentials from popular clients like Outlook and Thunderbird, sending the stolen data to an attacker-controlled

Overview: A new malware strain named WogRAT has been identified targeting both Windows and Linux systems. This malware exploits the online notepad service "aNotepad" as a covert channel for storing and retrieving malicious payloads. The primary function and distribution method of WogRAT, including its impact on infected systems,

Overview SSH-Snake is a sophisticated malware that targets SSH (Secure Shell) services. It is a self-propagating, self-replicating, file-less script designed for post-exploitation tasks such as SSH private key and host discovery. Its main goal is to automate the discovery and exploitation of SSH services by utilizing found private keys to

Overview Volt Typhoon, identified as a state-sponsored cyber threat group by various cybersecurity organizations, has been actively targeting U.S. critical infrastructure with a focus on espionage, information gathering, and potentially disruptive activities against critical communications infrastructure. This group, attributed to the People's Republic of China, has been

Executive Summary Mystic Stealer is an information-stealing malware first advertised in April 2023. It is designed to pilfer credentials from nearly 40 web browsers and more than 70 browser extensions, targeting also cryptocurrency wallets, Steam, and Telegram accounts. The malware exhibits advanced obfuscation techniques including polymorphic string obfuscation, hash-based import

Executive Summary Qbot, also known as QakBot, is a prevalent and evolving piece of malware initially identified as a banking trojan. Over time, it has expanded its capabilities to include information theft, delivery of additional malware payloads, and facilitation of ransomware attacks. Qbot is known for its persistence, sophisticated evasion

Overview Pikabot, a sophisticated loader malware, has resurfaced with significant activity detected in February 2024. It first gained attention in early 2023 and has shown a pattern of evolution and adaptation, leveraging various distribution methods to infiltrate systems. Pikabot's capabilities include unauthorized remote access and execution of arbitrary

Overview Bumblebee malware, a sophisticated loader with ties to various cybercriminal activities including ransomware deployment, has resurfaced in February 2024 after a 4-month period of inactivity. It is known for its evasive techniques, such as obfuscation and the use of PowerShell for execution, making it a potent threat in cyber