Malware2024  2023  2022  2021  2020  2019  Viry znalosti  Programy  Virus Calendar  Malware Traffic  Ransom  Database  Znalosti  Programy  Banking  Mobil  RAT  Evolution  MALWARE DATABAZE  Malware Families  CoinMiner  RAT  Banking Malware  Mobil malware  RAT  ROOTKIT

DATE

NAME

CATEGORY

SUBC

 
19.4.24DeuterbearMalwareLoaderCyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
19.4.24OfflRouterMalwareVBA MacroOfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal
19.4.24CR4T MalwareBackdoorCR4t Malware: A Shape-Shifting Threat — Threat Intelligence Report
18.4.24SoumniBotMalwareAndroid BankingSoumniBot: the new Android banker’s unique techniques
18.4.24MadMxShellMalwareBackdoorMalvertising campaign targeting IT teams with MadMxShell
18.4.24KapekaMalwareBackdoorKapeka: A novel backdoor spotted in Eastern Europe
15.4.24LightSpyMalwareiosLightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India

11.4.24

BatCloak

Malware

FUD Engine

Analyzing the FUD Malware Obfuscation Engine BatCloak

11.4.24

XploitSPY RAT

Malware

RAT

eXotic Visit campaign: Tracing the footprints of Virtual Invaders

10.4.24SmokeMalwareBackdoorSmoke and (screen) mirrors: A strange signed backdoor
9.4.24ScrubCrypt MalwareCryptoScrubCrypt Deploys VenomRAT with an Arsenal of Plugins
8.4.24Latrodectus MalwareDownloaderLatrodectus: This Spider Bytes Like Ice
8.4.24SecTopRATMalwareRATBing ad for NordVPN leads to SecTopRAT
5.4.24RhadamanthysMalwareStealerRhadamanthys Malware Disguised as Groupware Installer (Detected by MDS)
5.4.24JSOutProxMalwareToolResecurity has detected a new version of JSOutProx, targeting financial services and organizations in the APAC and MENA regions. JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET. It employs the .NET (de)serialization feature to interact with a core JavaScript module running on the victim's machine.
5.4.24ByakuganMalwareinfostealerByakugan – The Malware Behind a Phishing Attack
5.4.24VietCredCare MalwareStealerExtra credit: VietCredCare information stealer takes aim at Vietnamese businesses
5.4.24AGENT TESLAMalwareRATAGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES
5.4.24StrelaStealerMalwareStealerSonicWall Capture Labs threat research team has observed an updated variant of StrelaStealer. StrelaStealer is an infostealer malware known for targeting Spanish-speaking users and focuses on stealing email account credentials from Outlook and Thunderbird.
5.4.24Sync-SchedulerMalwareStealerThis study provides a detailed overview of Sync-Scheduler, a potent malware written in C++ boasting defense evasion and anti-analysis capabilities. This paper explores the workings of Sync-Scheduler, how it avoids detection, and creates a strong payload.
5.4.24RhadamanthysMalwareStealerRecently Updated Rhadamanthys Stealer Delivered in Federal Bureau of Transportation Campaign
3.4.24MispaduMalwareBankingBreaking Boundaries: Mispadu's Infiltration Beyond LATAM
2.4.24XZ BackdoorMalwareBackdoorEverything I Know About the XZ Backdoor
2.4.24UNAPIMON MalwareBackdoorEarth Freybug Uses UNAPIMON for Unhooking Critical APIs
2.4.24VenomRATMalwareRATVenomRAT: A remote access tool with dangerous consequences

1.4.24

PROXYLIB

Malware

APP

Satori Threat Intelligence Alert: PROXYLIB and LumiApps Transform Mobile Devices into Proxy Nodes

1.4.24

Vultur

Malware

Android

Android Malware Vultur Expands Its Wingspan

31.3.24VulturMalwareAndroidThe authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim’s mobile device.
31.3.24Atomic StealerMalwareMacOSInfostealers continue to pose threat to macOS users
30.3.24TheMoonMalwareWormLinksys Worm ("TheMoon") Captured
30.3.24DinodasRATMalwareRATDinodasRAT Linux implant targeting entities worldwide
28.3.24Agent TeslaMalwareLoaderAgent Tesla's New Ride: The Rise of a Novel Loader
27.3.24EvilOSXMalwareosx
27.3.24Trochilus RATMalwareRATTrochilus is a C++ written RAT, which is available on GitHub.
23.3.24QUARTERRIGMalwareDropperHere, MUSKYBEAT refers to the in-memory dropper component, while STATICNOISE is the final payload / downloader.
23.3.24BEATDROPMalwareDropperAccording to Mandiant, BEATDROP is a downloader written in C that uses Atlassian's project management service Trello for C&C. BEATDROP uses Trello to store victim information and retrieve AES-encrypted shellcode payloads to be executed.
23.3.24ROOTSAWMalwareSpyBackchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations
23.3.24WINELOADER MalwareLoaderAPT29 Uses WINELOADER to Target German Political Parties
22.3.24Sign1 MalwareMalwareJavaScriptSign1 Malware: Analysis, Campaign History & Indicators of Compromise
22.3.24Revenge RATMalwareRATRevenge RAT via malicious PPAM in Latin America, Portugal and Spain
22.3.24AceCryptor MalwareRATInsight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
22.3.24StealcMalwareLoaderStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023.
22.3.24StrelaStealer MalwareStealerStrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server.
22.3.24AcidRainMalwareWipperA MIPS ELF binary with wiper functionality used against Viasat KA-SAT modems.
22.3.24AcidPourMalwareWipperAcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine
22.3.24AndroxGh0stMalwareAndroidAndroxGh0st is a Python-based malware designed to target Laravel applications. It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio.

20.3.24

PureCrypter

Malware

Crypter

According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021 The malware has been observed distributing a variety of remote access trojans and information stealers

20.3.24

Smoke Loader

Malware

Loader

Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor

20.3.24

WhiteSnake Stealer

Malware

Stealer

WhiteSnake Stealer: Unveiling the Latest Version – Less Obfuscated, More Dangerous

20.3.24

Taurus Stealer

Malware

Stealer

The GlorySprout or a Failed Clone of Taurus Stealer

20.3.24

KONO DIO DA

Malware

CoinMiner

CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers

20.3.24

AcidRain

Malware

Wiper

A MIPS ELF binary with wiper functionality used against Viasat KA-SAT modems.

20.3.24

NetSupportManager RAT

Malware

RAT

Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago. The purpose of the NetSupport Manager tool is to enable users to receive remote technical support or provide remote computer assistance.

20.3.24

ROKRAT

Malware

RAT

APT37's ROKRAT HWP Object Linking and Embedding

18.3.24

SVG

Malware

Malware

Scalable Vector Graphics (SVG) files are a popular format for web graphics because they can be resized without losing quality. However, cybercriminals are now exploiting SVGs to deliver malware, posing a new threat to unsuspecting users.

18.3.24

AZORult

Malware

Stealer

From Delivery To Execution: An Evasive Azorult Campaign Smuggled Through Google Sites

18.3.24

STEELHOOK

Malware

Stealer

PowerShell script

18.3.24

IRONJAW

Malware

Stealer

the malware was used previously in campaigns from July through August, and September 2023

18.3.24

CREDOMAP

Malware

JavaScript

The government computer emergency response team of Ukraine CERT-UA detected a malicious document "Nuclear Terrorism A Very Real Threat.rtf", opening of which will lead to the download of an HTML file and the execution of JavaScript code (CVE-2022-30190), which will ensure the download and launching the CredoMap malware.

18.3.24

OCEANMAP

Malware

Backdoor

X-Force’s analysis revealed that OCEANMAP has a strong overlap in both technique and .NET implementation. Several of the functions used in OCEANMAP were repurposed from the original CREDOMAP stealer and used as a base to build the new persistent backdoor.

18.3.24

MASEPIE

Malware

Python

Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus

17.3.24

404 Keylogger

Malware

Keylogger

Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victim’s sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard.

17.3.24

RisePro stealer

Malware

Stealer

RisePro stealer targets Github users in “gitgub” campaign

17.3.24

BunnyLoader 3.0

Malware

Loader

Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled

14.3.24Pelmeni WrapperMalwareWrapperPelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)
14.3.24RedCurl MalwareCyberSpyUnveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence
14.3.24zgRATMalwareRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.
14.3.24CyberGateMalwareRATAccording to Subex Secure, CyberGate is a Remote Access Trojan (RAT) that allows an attacker to gain unauthorized access to the victim’s system.
14.3.24Planet StealerMalwareStealerPlanet Stealer is a recently identified infostealing malware variant. This Go-based malware has been advertised for sale on underground forums. Planet Stealer targets theft of miscellaneous data from the infected endpoints, including user credentials, browser cookies, cryptowallets, session data, configuration files from various communicator apps and software launchers, etc.
14.3.24DBatLoaderMalwareLoaderLatest DBatLoader Uses Driver Module to Disable AV/EDR Software
14.3.24Tweaks StealerMalwareStealerTweaks Stealer Targets Roblox Users Through YouTube and Discord
14.3.24Phemedrone StealerMalwareStealerUnveiling Phemedrone Stealer: Threat Analysis and Detections
14.3.24MispaduMalwareBankingAccording to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers. It is used to target the general public and its main goals are monetary and credential theft.
14.3.24DarkGateMalwareLoaderFirst documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. DarkGate makes use of legitimate AutoIt files and typically runs multiple AutoIt scripts.
13.3.24PixPirateMalwareAndroidPixPirate: The Brazilian financial malware you can’t see
13.3.24STRRATMalwareRATSTRRAT is a Java-based RAT, which makes extensive use of plugins to provide full remote access to an attacker, as well as credential stealing, key logging and additional plugins. The RAT has a focus on stealing credentials of browsers and email clients, and passwords via keylogging. It supports the following browsers and email clients: Firefox, Internet Explorer, Chrome, Foxmail, Outlook, Thunderbird.
13.3.24VCURMSMalwareJavaRecently, FortiGuard Labs uncovered a phishing campaign that entices users to download a malicious Java downloader with the intention of spreading new VCURMS and STRRAT remote access trojans (RAT).
12.3.24BIPClipMalwarePyPI RL has discovered a campaign using PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases, which are used for wallet recovery.
12.3.24CHAVECLOAKMalwareBankingFortiGuard Labs recently uncovered a threat actor employing a malicious PDF file to propagate the banking Trojan CHAVECLOAK. This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware. Notably, CHAVECLOAK is specifically designed to target users in Brazil, aiming to steal sensitive information linked to financial activities.
11.3.24BianDoorMalwareBackdoor 
7.3.24MgBotMalwareBotMy Tea’s not cold. An overview of China’s cyber threat
7.3.24SnakeMalwareInfoStealerIn this Threat Analysis Report, Cybereason Security Services dives into the Python Infostealer, delivered via GitHub and GitLab, that ultimately exfiltrates credentials via Telegram Bot API or other well known platforms.
7.3.24WogRATMalwareRATAhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system.
7.3.24SpyNoteMalwareRATThe malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code
6.3.24OceanLotusMalwareOSXAccording to PcRisk, Research shows that the OceanLotus 'backdoor' targets MacOS computers. Cyber criminals behind this backdoor have already used this malware to attack human rights and media organizations, some research institutes, and maritime construction companies.
6.3.24TODDLERSHARKMalwareVBSTODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant

2.3.24

GUloader

Malware

Loader

GUloader Unmasked: Decrypting the Threat of Malicious SVG Files

2.3.24

BIFROSE

Malware

RAT

The Art of Domain Deception: Bifrost's New Tactic to Deceive Users

2.3.24

GTPDOOR

Malware

Backdoor

GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange

2.3.24

WINELOADER

Malware

Loader

European diplomats targeted by SPIKEDWINE with WINELOADER

1.3.24

MINIBIKE

Malware

Backdoor

A custom backdoor written in C++ capable of file exfiltration and upload, command execution, and more. Communicates using Azure cloud infrastructure.

1.3.24

MINIBUS

Malware

Backdoor

A custom backdoor that provides a more flexible code-execution interface and enhanced reconnaissance features compared to MINIBIKE

1.3.24

LIGHTRAIL

Malware

Backdoor

A tunneler, likely based on an open-source Socks4a proxy, that communicates using Azure cloud infrastructure

28.2.24

Pony

Malware

Stealer

Pony (also known as Fareit or Siplog) is a malware categorized as a loader and stealer, although it is also used as a botnet, being a tool that has been used for more than 10 years and is still in use.

28.2.24

RustDoor

Malware

Backdoor

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

28.2.24

TimbreStealer

Malware

Stealer

When Stealers Converge: New Variant of Atomic Stealer in the Wild

28.2.24

Mispadu

Malware

Banking

According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers.

28.2.24

Cyclops Blink

Malware

Linux

Modular malware framework targeting SOHO network devices

28.2.24

MASEPIE

Malware

Loader

Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus

28.2.24

Nood RAT

Malware

RAT

Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant)

27.2.24

IDAT Loader

Malware

Loader

Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT to a Ukraine Entity in Finland

27.2.24

DarkVNC

Malware

Stealer

DarkVNC is a hidden utility based on the Virtual Network Computing (VNC) technology, initially promoted on an Exploit forum in 2016.

27.2.24

Remcos RAT

Malware

RAT

We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.

27.2.24

DCRat

Malware

RAT

We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.

27.2.24

Ousaban

Malware

Banking

Ousaban: LATAM Banking Malware Abusing Cloud Services

27.2.24

Mekotio

Malware

Banking

Tweet on recent Mekotio Banker campaign

27.2.24

Astaroth

Malware

Banking

First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques.

22.2.24

SSH-Snake

Malware

Worm

SSH-Snake: New Self-Modifying Worm Threatens Networks

22.2.24

KONNI

Malware

RAT

To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer

21.2.24

PlugX

Malware

Stealer

Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats

21.2.24

VietCredCare

Malware

Stealer

Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses

21.2.24

Migo

Malware

Miner

Migo - a Redis Miner with Novel System Weakening Techniques

21.2.24

SysJoker

Malware

Backdoor

Sysjoker is a backdoor malware that was first discovered in December 2021 by Intezer.

21.2.24

BiBi-Linux

Malware

Wipper

According to Security Joes, this malware is an x64 ELF executable, lacking obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire operating system if run with root permissions.

19.2.24

Anatsa 

Malware

Android

Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach

19.2.24

BASICSTAR

Malware

Backdoor

Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers.

18.2.24

Raccoon Stealer v2

Malware

Stealer

Raccoon Stealer v2 – Part 1: The return of the dead

18.2.24

Recordbreaker

Malware

Stealer

An info stealer is malicious software (malware) that seeks to steal private data from a compromised device, including passwords, cookies, autofill information from browsers, and cryptocurrency wallet information.

17.2.24

DeliveryCheck

Malware

Backdoor

According to CERT-UA, this malware makes use of XSLT (Extensible Stylesheet Language Transformations) and COM-hijacking. Its specificity is the presence of a server part, which is usually installed on compromised MS Exchange servers in the form of a MOF (Managed Object Format) file using the Desired State Configuration (DCS) PowerShell tool), effectively turning a legitimate server into a malware control center.

17.2.24

TinyTurla-NG

Malware

Backdoor

TinyTurla Next Generation - Turla APT spies on Polish NGOs

17.2.24

GoldDigger

Malware

iOS

Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows

17.2.24

Bumblebee

Malware

Loader

This malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE. At the time of Analysis by Google's Threat Analysis Group (TAG) BumbleBee was observed to fetch Cobalt Strike Payloads.

17.2.24

DarkMe

Malware

Loader

CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day

17.2.24

Glupteba

Malware

Bootkit

Diving Into Glupteba's UEFI Bootkit

17.2.24

PikaBot

Malware

Loader

Pikabot is a malware loader that originally emerged in early 2023. Over the past year, ThreatLabz has been tracking the development of Pikabot and its modus operandi.

17.2.24

DSLog

Malware

Backdoor

Ivanti Connect Secure: Journey to the core of the DSLog backdoor

17.2.24

RustDoor

Malware

macOS

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

12.2.24

Warzone RAT

Malware

RAT

The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT.

10.2.24

RustDoor

Malware

Backdoor

New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

10.2.24

RASPBERRY ROBIN

Malware

Worm

RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYS

9.2.24

MoqHao 

Malware

Android

MoqHao evolution: New variants start automatically right after installation

9.2.24

Coyote

Malware

Banking

Coyote: A multi-stage banking Trojan abusing the Squirrel installer

9.2.24

Zardoor

Malware

Backdoor

New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

8.2.24

HijackLoader

Malware

Loader

HijackLoader Expands Techniques to Improve Defense Evasion

8.2.24

Troll Stealer

Malware

Stealer

Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer

7.2.24

BOLDMOVE

Malware

Backdoor

According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475).

7.2.24

BOLDMOVE

Malware

ELF

According to Mandiant, this malware family is attributed to potential chinese background and directly related to observed exploitation of Fortinet's SSL-VPN (CVE-2022-42475). There is also a Windows variant.

7.2.24

COATHANGER

Malware

RAT

Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server that's designed to grant persistent remote access to the compromised appliances.

6.2.24

CrackedCantil

Malware

Stealer

CrackedCantil: A Malware Symphony Breakdown

6.2.24

Ov3r_Stealer

Malware

Stealer

Facebook Advertising Spreads Novel Malware Variant

6.2.24

Epeius

Malware

Spyware

A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets

6.2.24

Skygofree

Malware

Android

Skygofree: Following in the footsteps of HackingTeam

5.2.24

VajraSpy

Malware

RAT

ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group

5.2.24

Pegasus

Malware

Spyware

New spyware attacks exposed: civil society targeted in Jordan

5.2.24

DiceLoader

Malware

Loader

This report aims to detail the functioning of a malware used by FIN7 since 2021, named DiceLoader (also known Icebot), and to provide a comprehensive approach of the threat by detailing the related Techniques...

5.2.24

Phemedrone Stealer

Malware

Stealer

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

5.2.24

Mispadu Stealer

Malware

Stealer

Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019

3.2.24

HeadLace

Malware

Backdoor

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

3.2.24

DirtyMoe

Malware

Backdoor

Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor

2.2.24

BPFdoor

Malware

Rootkit

We discuss proof-of-concept rootkits and malware used by cybercriminals in conjunction with Berkeley Packet Filtering (BPF), a piece of technology that allows programs to execute code in the operating systems of popular cloud-computing platforms. We also show how to detect such threats.

2.2.24

HeadCrab 2.0

Malware

Backdoor

HeadCrab 2.0: Evolving Threat in Redis Malware Landscape

1.2.24

QUIETBOARD

Malware

Python

Evolution of UNC4990: Uncovering USB Malware's Hidden Depths

1.2.24

EMPTYSPACE

Malware

Backdoor

Mandiant has observed UNC4990 leverage EMPTYSPACE (also known as VETTA Loader and BrokerLoader), a downloader that can execute any payload served by the command and control (C2) server, and QUIETBOARD, which is a backdoor that was delivered using EMPTYSPACE.

1.2.24

KRUSTYLOADER

Malware

Loader

KRUSTYLOADER - RUST MALWARE LINKED TO IVANTI CONNECTSECURE COMPROMISES

31.1.24

Grandoreiro

Malware

Banking

Grandoreiro is one of the many Latin American banking trojans such as Javali, Melcoz, Casabeniero, Mekotio, and Vadokrist, primarily targeting countries like Spain, Mexico, Brazil, and Argentina.

31.1.24

Rage Stealer

Malware

Stealer

From Screen Captures to Crypto wallets: Analyzing the Multi-Faceted Threat of Rage Stealer

31.1.24

Monster Stealer

Malware

Stealer

RUSSIAN STEALER LOG AGGREGATOR RELEASES FULLY NATIVE INFOSTEALER

31.1.24

ZLoader

Malware

Trojan

Zloader: No Longer Silent in the Night

29.1.24

LODEINFO

Malware

Backdoor

LODEINFO is a fileless malware that has been observed in campaigns that start with spear-phishing emails since December 2019.

29.1.24

SystemBC

Malware

Trojan

Inside the SYSTEMBC Command-and-Control Server

29.1.24

AllaKore RAT

Malware

RAT

AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development.

29.1.24

CherryLoader

Malware

GO base

CherryLoader: A New Go-based Loader Discovered in Recent Intrusions

29.1.24

RokRAT

Malware

RAT

It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents.

29.1.24

Glupteba

Malware

Cryptomining

Glupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet.

29.1.24

WhiteSnake Stealer

Malware

Python

Info Stealing Packages Hidden in PyPI

20.1.24

WasabiSeed

Malware

VBS

Screentime: Sometimes It Feels Like Somebody's Watching Me

19.1.24

ZuRu

Malware

OSX

Jamf Threat Labs discovers new malware embedded in pirated applications

18.1.24

AndroxGh0st

Malware

Android

CISA and FBI Release Known IOCs Associated with Androxgh0st Malware

17.1.24

Remcos RAT

Malware

RAT

Remcos RAT Being Distributed via Webhards

16.1.24

Phemedrone

Malware

Stealer

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

12.1.24

FBot 

Malware

Linux

Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services

11.1.24

AMOS

Malware

osx

Mac users targeted in new malvertising campaign delivering Atomic Stealer

11.1.24

NoaBot

Malware

Bot

You Had Me at Hi — Mirai-Based NoaBot Makes an Appearance

10.1.24

PikaBot

Malware

Loader

Introducing Pikabot, an emerging malware family that comprises a downloader/installer, a loader, and a core backdoor component.

9.1.24

Lumma Stealer

Malware

Stealer

Deceptive Cracked Software Spreads Lumma Variant on YouTube

9.1.24

Silver RAT

Malware

RAT

A GAMER TURNED MALWARE DEVELOPER : DIVING INTO SILVERRAT AND IT’S SYRIAN ROOTS

6.1.24

SpectralBlur

Malware

macOS

Today will be a quick post on a TA444 (aka Sapphire Sleet, BLUENOROFF, STARDUST CHOLLIMA) Macho family tracked as SpectralBlur we found in August, and how finding it led us to stumble upon an early iteration of KANDYKORN (aka SockRacket). Please read Elastic’s EXCELLENT piece on that family.

6.1.24

No-Justice

Malware

Wipper

Wiper attack on Albania by Iranian APT

5.1.24

Bandook RAT

Malware

RAT

Bandook - A Persistent Threat That Keeps Evolving

5.1.24

Remcos RAT

Malware

RAT

Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion

3.1.24

WhiteSnake Stealer

Malware

Stealer

WhiteSnake Stealer malware sample on MalwareBazaar

3.1.24

RisePro

Malware

Stealer

RisePro is a stealer that is spread through downloaders like win.privateloader. Once executed on a system, the malware can steal credit card information, passwords, and personal data.

1.1.24

Medusa Stealer

Malware

Stealer

On Christmas Eve, Resecurity's HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2).

1.1.24

Jinx

Malware

Stealer

Jinx – Malware 2.0 We know it’s big, we measured it!