Trusted Cybersecurity News Platform
A new backdoor named “Kapeka” has been identified to be attacking victims in Eastern Europe since mid-2022. Kapeka is a flexible backdoor that acts as an initial stage toolkit for the threat actors. In addition, the backdoor also overlaps with GreyEnergy and Prestige Ransomware attacks, which are linked to a threat group named Sandworm. Sandworm threat actors…
Redline Stealer is a powerful information-stealing malware, and hackers often exploit this stealthy stealer to gain unauthorized access to a victim’s sensitive data. Threat actors can steal many sensitive and valuable data by exploiting the Redline Stealer. Threat actors can use The stolen data later for financial gain or other malicious purposes. Cybersecurity researchers at…
Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations. Detecting Threats in PDFs…
Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet FortiGuard…
Malware sandboxes are integral to security applications like intrusion detection, forensics, and threat intelligence, but using them correctly is challenging due to choices in implementations, monitoring techniques, and configurations. Improper use can negatively impact applications through false positives, inconclusive analyses, and poor threat data. Prior works survey dynamic analysis methods for building and improving sandboxes, evasion…
A recent phishing campaign targeting Latin America utilized emails with ZIP attachments containing an HTML file disguised as an invoice using free, temporary email addresses with the domain “temporary.link” and spoofing the User-Agent field in the header to indicate use of Roundcube Webmail, a platform that phishers frequently abuse, aiming to trick recipients into downloading…
An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. “The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident,”…
Antiviruses can quickly detect malicious executable files, but attackers can bypass this by using packers to compress and obfuscate the code, making it difficult for antivirus software to analyze. Packers are similar to compression tools like ZIP and RAR, but some packers, like UPX, specifically target executables. Packers, including legitimate ones (VMprotect, ASpack) and custom-made…