WOKMALWARE 


HOME  Adware  Android  App  Apple  APT  Backdoor  Banking  Bootkit  Bot  CoinMiner  Crypto  Cryptomining  CyberSpy  Downloader  Dropper  ELF  FUD Engine  GO base  ICS  InfoStealer  iOS  Java  JavaScript  Keylogger  Loader  macOS  Macro  Mobil App  OSX  PyPI  Python  RAT  Rootkit  Spy  Spyware  Stealer  Tool  Trojan  VBA  VBS  Wipper  Worm


2024  2023  2022

DATE

NAME

CATEGORY

SUBC

info

2.1.25

Quasar RAT

MALWARE

RAT

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts

28.12.24

OtterCookie

MALWARE

JavaScript

OtterCookie, a new malware used by Contagious Interview

26.12.24

BellaCPP

MALWARE

Malware

BellaCPP: Discovering a new BellaCiao variant written in C++

22.12.24

HeartCrypt

MALWARE

Crypto

HeartCrypt was originally discovered through underground forums and reported by security researchers in February and March 2024.

22.12.24

WezRat

MALWARE

RAT

The latest version of WezRat was recently distributed to multiple Israeli organizations in a wave of emails impersonating the Israeli National Cyber Directorate (INCD).

21.12.24

CookiePlus Malware

MALWARE

Backdoor

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

18.12.24

DarkGate

MALWARE

RAT

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion

18.12.24

FLUX#CONSOLE

MALWARE

Backdoor

Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads

17.12.2024

WmRAT 

MALWARE

RAT

Until 2016, the foreign security manufacturer Forcepoint disclosed the existence of the Manlinghua organization for the first time [1] , which had not been discovered before.

17.12.2024

MiyaRAT

MALWARE

RAT

Bitter Group Launches New Trojan Miyarat, Domestic Users Become Primary Ttargets

17.12.2024

CoinLurker

MALWARE

STEALER

CoinLurker: The Stealer Powering the Next Generation of Fake Updates

16.12.2024

NoviSpy

MALWARE

ANDROID

“A Digital Prison”: Surveillance and the suppression of civil society in Serbia

16.12.2024

Glutton 

MALWARE

BACKDOOR

Glutton: A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals

16.12.2024

Melofee 

MALWARE

BACKDOOR

New Zero-Detection Variant of Melofee Backdoor from Winnti Strikes RHEL 7.9

14.12.2024

Yokai

MALWARE

BACKDOOR

New Yokai Side-loaded Backdoor Targets Thai Officials

14.12.2024

NodeLoader 

MALWARE

LOADER

NodeLoader Exposed: The Node.js Malware Evading Detection

13.12.2024

IOCONTROL

MALWARE

IoT

Team82 obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by Iran-affiliated attackers to attack Israel- and U.S.-based OT/IoT devices.

13.12.2024

PUMAKIT 

MALWARE

ROOTKIT

PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers.

12.12.2024

BoneSpy 

MALWARE

ANDROID

Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT

12.12.2024

PlainGnome

MALWARE

ANDROID

Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT

11.12.2024

Kazuar

MALWARE

BACKDOOR

Upgraded Kazuar Backdoor Offers Stealthy Power

11.12.2024

Zloader’s 

MALWARE

TROJAN

Inside Zloader’s Latest Trick: DNS Tunneling

11.12.2024

EagleMsgSpy 

MALWARE

SPYWARE

Lookout Discovers New Chinese Surveillance Tool Used by Public Security Bureaus

10.12.2024

Antidot 

MALWARE

BANKING

AppLite: A New AntiDot Variant Targeting Mobile Employee Devices

07.12.2024

Realst

MALWARE

STEALER

Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows

06.12.2024

Pegasus

MALWARE

MOBILE

iVerify Mobile Threat Investigation Uncovers New Pegasus Samples

06.12.2024

Venom 

MALWARE

LOADER

Unveiling RevC2 and Venom Loader

06.12.2024

GammaDrop

MALWARE

DROPPER

BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure

06.12.2024

DroidBot

MALWARE

ANDROID

DroidBot: Insights from a new Turkish MaaS fraud operation

03.12.2024

NetSupport RAT

MALWARE

RAT

Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT

03.12.2024

BurnsRAT

MALWARE

RAT

Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT

02.12.2024

SmokeLoader

MALWARE

LOADER

SmokeLoader Attack Targets Companies in Taiwan

02.12.2024

SpyLoan

MALWARE

SPYWARE

SpyLoan: A Global Threat Exploiting Social Engineering

28.11.2024

Gaming 

MALWARE

LOADER

Gaming Engines: An Undetected Playground for Malware Loaders

27.11.2024

Bootkitty

MALWARE

BOOTKIT

Bootkitty: Analyzing the first UEFI bootkit for Linux

26.11.2024

GHOSTSPIDER 

MALWARE

RAT

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

25.11.2024

GHOSTENGINE 

MALWARE

ROOTKIT

When Guardians Become Predators: How Malware Corrupts the Protectors

22.11.2024

JarkaStealer

MALWARE

STEALER

Malicious packages for AI integration containing infostealer malware were found in the Python Package Index repository.

21.11.2024

WolfsBane

MALWARE

LINUX BACKDOOR

Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine

21.11.2024

FrostyGoop/BUSTLEBERM

MALWARE

MALWARE 

Attacks on Ukraine’s Energy Infrastructure: Harm to the Civilian Population

21.11.2024

NodeStealer

MALWARE

STEALER

Python NodeStealer Targets Facebook Ads Manager with New Techniques

19.11.2024

BabbleLoader

MALWARE

LOADER

Babble Babble Babble Babble Babble Babble BabbleLoader

18.11.2024

Dolphin 

MALWARE

LOADER

The Abuse of ITarian RMM by Dolphin Loader

18.11.2024

LodaRAT

MALWARE

RAT

LodaRAT: Established Malware, New Victim Patterns

18.11.2024

Mr.Skeleton RAT

MALWARE

RAT

Mr.Skeleton RAT - new malware based on the njRAT code

16.11.2024

DEEPDATA

MALWARE

STEALER

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

15.11.2024

WezRat

MALWARE

RAT

Malware Spotlight:  A Deep-Dive Analysis of WezRat

15.11.2024

PXA Stealer

MALWARE

STEALER

New PXA Stealer targets government and education sectors for sensitive information

14.11.2024

RustyAttr

MALWARE

DOWNLOADER

Stealthy Attributes of Lazarus APT Group: Evading Detection with Extended Attributes

12.11.2024

Flutter

MALWARE

MacOS

APT Actors Embed Malware within macOS Flutter Applications

12.11.2024

RustyStealer

MALWARE

STEALER

Ymir: new stealthy ransomware in the wild

11.11.2024

Gootloader 

MALWARE

LOADER

Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign

08.11.2024

ElizaRAT

MALWARE

RAT

Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT

08.11.2024

 Skuld 

MALWARE

STEALER

Roblox Developers Targeted with npm Packages Infected with Skuld Infostealer and Blank Grabber

08.11.2024

CRON#TRAP

MALWARE

LINUX  

CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging

08.11.2024

BlueNoroff 

MALWARE

CRYPTO

BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence

07.11.2024

SteelFox

MALWARE

TROJAN

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

06.11.2024

Winos4.0

MALWARE

TROJAN

Threat Campaign Spreads Winos4.0 Through Game Application

06.11.2024

ToxicPanda

MALWARE

BANKING

ToxicPanda: a new banking trojan from Asia hit Europe and LATAM

04.11.2024

FakeCall

MALWARE

ANDROID

As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a new variant of a well-known malware previously reported by ThreatFabric and Kaspersky.

1.11.24

LightSpy

MALWARE

iOS

In May 2024, ThreatFabric published a report about LightSpy for macOS. During that investigation, we discovered that the threat actor was using the same server for both macOS and iOS campaigns.

28.10.24

BeaverTail

MALWARE

PYTHON

Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview

28.10.24

Grandoreiro

MALWARE

BANKING

Grandoreiro, the global trojan with grandiose goals

28.10.24

Latrodectus

MALWARE

LOADER

Analyzing Latrodectus: The New Face of Malware Loaders

27.10.24

FASTCash

MALWARE

LINUX

Analysis of a newly discovered Linux based variant of the DPRK attributed FASTCash malware along with background information on payment switches used in financial networks.

27.10.24

TrickMo

MALWARE

BANKING

Expanding the Investigation: Deep Dive into Latest TrickMo Samples

27.10.24

DarkVision RAT

MALWARE

RAT

DarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020, offered on Hack Forums and their website for as little as $60. Written in C/C++, and assembly, DarkVision RAT has gained popularity due to its affordability and extensive feature set, making it accessible even to low-skilled cybercriminals.

27.9.24

DCRat

MALWARE

RAT

DCRat Targets Users with HTML Smuggling

27.9.24

FPSpy

MALWARE

BACKDOOR

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

27.9.24

KLogEXE

MALWARE

KEYLOGGER

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

25.9.24

Taliban Stealer

MALWARE

Stealer

Cyfirma researchers have discovered a website promoting a tool called 'Taliban Stealer'. Once executed, this stealer prompts the user to select what data to collect from the machine, such as passwords, cookies, or cryptocurrency wallets.

25.9.24

Rage Stealer

MALWARE

Stealer

A Comprehensive Analysis of Angry Stealer : Rage Stealer in a New Disguise

25.9.24

X-FILES Stealer

MALWARE

Stealer

X-FILES Stealer: Advanced malware with sophisticated features and ongoing enhancements

25.9.24

QWERTY Stealer

MALWARE

Stealer

QWERTY is a newly discovered infostealer variant observed being hosted on a Linux-based virtual private server located in Germany with limited service exposure.

25.9.24

et Another Silly Stealer (YASS)

MALWARE

Stealer

There's Something About CryptBot: Yet Another Silly Stealer (YASS)

25.9.24

POWERSHELL KEYLOGGER

MALWARE

Keylogger

At CYFIRMA, we are dedicated to delivering timely insights into emerging threats and malicious tactics that pose risks to both organizations and individuals. This report offers an analysis of a newly identified keylogger that operates via a PowerShell script.

25.9.24

Poseidon

MALWARE

Stealer

Poseidon Stealer Uses Sora AI Lure to Infect macOS

25.9.24

Luxy

MALWARE

Stealer

Luxy: A Stealer and a Ransomware in one

25.9.24

Gomorrah

MALWARE

Stealer

Gomorrah Stealer v5.1: An In-Depth Analysis of a .NET-Based Malware

25.9.24

Emansrepo

MALWARE

Stealer

In August 2024, FortiGuard Labs observed a python infostealer we call Emansrepo that is distributed via emails that include fake purchase orders and invoices.

25.9.24

BLX (aka XLABB)

MALWARE

Stealer

BLX Stealer known also as XLABB Stealer is a malware variant initially discovered back last year. New activity attributed to this infostealer has been observed in the wild.

25.9.24

RomCom RAT

MALWARE

RAT

Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware

25.9.24

Splinter

MALWARE

Tool Exploit

Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool

25.9.24

SpAIware

MALWARE

Spyware AI

Spyware Injection Into Your ChatGPT's Long-Term Memory (SpAIware)

24.9.24

Octo2

MALWARE

Android

Octo2: European Banks Already Under Attack by New Malware Variant

24.9.24

Necro

MALWARE

TROJAN

How the Necro Trojan infiltrated Google Play, again

23.9.24

PondRAT

MALWARE

RAT

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

19.9.24

SambaSpy

MALWARE

RAT

Exotic SambaSpy is now dancing with Italian users

18.9.24

MISTPEN

MALWARE

Backdoor

An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader

17.9.24

RustDoor

MALWARE

CRYPTOCURRENCY

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

14.9.24

TrickMo

MALWARE

Banking

A new TrickMo saga: from Banking Trojan to Victim's Data Leak

14.9.24

Hadooken

MALWARE

Linux

Hadooken Malware Targets Weblogic Applications

13.9.24

Ajina.Banker

MALWARE

Banking

Ajina attacks Central Asia: Story of an Uzbek Android Pandemic

13.9.24

Android.Vo1d

MALWARE

TV

Void captures over a million Android TV boxes

13.9.24

Spearal

MALWARE

ISS Backdoor

Targeted Iranian Attacks Against Iraqi Government Infrastructure

13.9.24

Veaty

MALWARE

ISS Backdoor

Targeted Iranian Attacks Against Iraqi Government Infrastructure

9.9.24

WhisperGate

MALWARE

Wrapper

WhisperGate is a multi-stage wiper designed to look like ransomware that has been used against multiple government, non-profit, and information technology organizations in Ukraine since at least January 2022.

9.9.24

Android SpyAgent

MALWARE

Android

New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition

9.9.24

Loki

MALWARE

Backdoor

Loki: a new private agent for the popular Mythic framework

9.9.24

TIDRONE

MALWARE

Military Malware

TIDRONE Targets Military and Satellite Industries in Taiwan

8.9.24

COVERTCATCH

MALWARE

Python

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

5.9.24

KTLVdoor

MALWARE

Backdoor

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

5.9.24

WikiLoader

MALWARE

Loader

Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant

5.9.24

Rocinante

MALWARE

Trojan

Rocinante: The trojan horse that wanted to fly

30.8.24

Masquerades

MALWARE

Backdoor

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

30.8.24

noMu Backdoor

MALWARE

Backdoor

APT Attack Case Analysis Report Using noMu Backdoor

28.8.24

HZ Rat

MALWARE

MacOS

HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat

26.8.24

NGate

MALWARE

Android

NGate Android malware relays NFC traffic to steal cash

25.8.24

sedexp

MALWARE

Linux

Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules

24.8.24

PEAKLIGHT

MALWARE

Downloader

PEAKLIGHT: Decoding the Stealthy Memory-Only Malware

23.8.24

Cthulhu

MALWARE

MacOS

From the Depths: Analyzing the Cthulhu Stealer Malware for macOS

23.8.24

FM11RF08S

MALWARE

Backdoor

MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors

22.8.24

PG_MEM

MALWARE

CRYPTOCURRENCY

PG_MEM: A Malware Hidden in the Postgres Processes

21.8.24

MoonPeak

MALWARE

RAT

MoonPeak malware from North Korean actors unveils new details on attacker infrastructure

21.8.24

Styx

MALWARE

Stealer

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove

21.8.24

TodoSwift

MALWARE

MacOS

TodoSwift Disguises Malware Download Behind Bitcoin PDF

21.8.24

CharmingCypress

MALWARE

Families

CharmingCypress: Innovating Persistence

21.8.24

UULoader

MALWARE

Loader

Meet UULoader: An Emerging and Evasive Malicious Installer.

21.8.24

NUMOZYLOD

MALWARE

Maas

Finding Malware: Unveiling NUMOZYLOD with Google Security Operations

16.8.24

SharpRhino

MALWARE

RAT

SharpRhino – New Hunters International RAT Identified by Quorum Cyber

16.8.24

ValleyRAT

MALWARE

RAT

A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers

16.8.24

Cuckoo

MALWARE

MacOS

Update: Cuckoo Malware Evolves

16.8.24

BANSHEE

MALWARE

MacOS

Beyond the wail: deconstructing the BANSHEE infostealer

7.8.24

GoGra

MALWARE

Backdoor

Cloud Cover: How Malicious Actors Are Leveraging Cloud Services

7.8.24

Chameleon

MALWARE

Mobil Trojan

Chameleon is back in Canada and Europe

6.8.24

LianSpy

MALWARE

Android

LianSpy: new Android spyware targeting Russian users

5.8.24

STRRAT

MALWARE

RAT

Bloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware

5.8.24

BlankBot

MALWARE

Android Banking

BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities

5.8.24

StormBamboo

MALWARE

Backdoor

StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms

3.8.24

BITSLOTH

MALWARE

Backdoor

BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor

2.8.24

BingoMod

MALWARE

RAT

BingoMod: The new android RAT that steals money and wipes data

2.8.24

Linux.BackDoor.TgRat.2

MALWARE

RAT

A trojan for Linux with a wide range of functions and the ability to be remotely controlled via a Telegram bot. The source code is written in Go and encrypted with RSA.

2.8.24

TgRAT

MALWARE

RAT

At the first stage, the dropper checks the parameters (arguments) used for its launch: this impacts the intermediate persistence stage. If there are input arguments, the add_payload stage begins (named after the function that performs it).

2.8.24

SMS Stealer

MALWARE

SMS

Unmasking the SMS Stealer: Targeting Several Countries with Deceptive Apps

2.8.24

Mandrake

MALWARE

Spyware

Mandrake spyware sneaks onto Google Play again, flying under the radar for two years

2.8.24

ModiLoader

MALWARE

Loader

Phishing targeting Polish SMBs continues via ModiLoader

27.7.24

ExelaStealer

MALWARE

Stealer

Some simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65):

27.7.24

Handala’s Wiper

MALWARE

Wipper

CrowdStrike’s Falcon agent caused downtime for millions of computers across the globe beginning July 19. This event caused panic and chaos, which threat actors quickly latch on to gain an edge over defenders.

25.7.24

ACR Stealer

MALWARE

Stealer

ACR Stealer is an information stealer advertised by a threat actor operating under the pseudonym SheldIO, on Russian-speaking cybercrime forums. It is sold as a Malware-as-a-Service (MaaS) since March 2024.

24.7.24

macOS.Macma

MALWARE

macOS

Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma

24.7.24

FrostyGoop

MALWARE

ICS

Impact of FrostyGoop ICS Malware on Connected OT Systems

23.7.24

SocGholish

MALWARE

Downloader

Fake Browser Updates Lead to BOINC Volunteer Computing Software

20.7.24

AuKill

MALWARE

Tool

‘AuKill’ EDR killer malware abuses Process Explorer driver

20.7.24

BUGSLEEP

MALWARE

Backdoor

BugSleep is a backdoor designed to execute the threat actors’ commands and transfer files between the compromised machine and the C&C server.

19.7.24

Demodex

MALWARE

Rootkit

A Comprehensive Look at the Updated Infection Chain of Ghost Emperor’s Demodex Rootkit.

19.7.24

OilAlpha

MALWARE

Mobil App

OilAlpha Malicious Applications Target Humanitarian Aid Groups Operating in Yemen

18.7.24

HotPage

MALWARE

Adware

HotPage: Story of a signed, vulnerable, ad-injecting driver

18.7.24

BeaverTail

MALWARE

Stealer

North Korean Hackers Update BeaverTail Malware to Target MacOS Users

16.7.24

BUGSLEEP

MALWARE

Backdoor

NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS

15.7.24

SYS01 Stealer

MALWARE

Stealer

How SYS01 Stealer Will Get Your Sensitive Facebook Info

13.7.24

DarkGate

MALWARE

RAT

DarkGate: Dancing the Samba With Alluring Excel Files

11.7.24

DodgeBox

MALWARE

Loader

DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1

11.7.24

Poco RAT

MALWARE

RAT

New Malware Campaign Targeting Spanish Language Victims

10.7.24

ViperSoftX

MALWARE

Python

The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution

9.7.24

GuardZoo

MALWARE

Android

Lookout Discovers Houthi Surveillanceware Targeting Middle Eastern Militaries

8.7.24

StrelaStealer

MALWARE

Stealer

StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe

8.7.24

Satanstealer

MALWARE

Stealer

Satanstealer is a new open source infostealing malware shared on GitHub. The malware collects and exfiltrates various types of information such as browser cookies, passwords, registered phone numbers, and email client details.

8.7.24

Poseidon

MALWARE

Stealer

‘Poseidon’ Mac stealer distributed via Google ads

8.7.24

0bj3ctivity

MALWARE

Stealer

0bj3ctivity is an infostealer variant first observed last year in campaigns targeting Italy. A new campaign delivering this malware yet again to Italian users has been reported by CERT-AGID.

8.7.24

Neptune Stealer

MALWARE

Stealer

A new malware strain dubbed Neptune Stealer has been uncovered by researchers. This malware quietly infiltrates systems to extract passwords and financial data, operating discreetly and customizing itself to evade detection.

8.7.24

Kematian Stealer

MALWARE

Stealer

Kematian-Stealer : A Deep Dive into a New Information Stealer

8.7.24

Mekotio

MALWARE

Banking

Mekotio Banking Trojan Threatens Financial Systems in Latin America

5.7.24

GootLoader

MALWARE

Loader

GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks

4.7.24

MerkSpy

MALWARE

Spyware

MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems

3.7.24

SmokeLoader, part 2

MALWARE

Loader

A Brief History of SmokeLoader, Part 2

3.7.24

SmokeLoader, part 1

MALWARE

Loader

A Brief History of SmokeLoader, Part 1

3.7.24

FakeBat loader

MALWARE

Loader

Exposing FakeBat loader: distribution methods and adversary infrastructure

3.7.24

HappyDoor

MALWARE

Backdoor

Kimsuky Group's New Backdoor Appears (HappyDoor)

3.7.24

Xctdoor

MALWARE

Backdoor

Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)

1.7.24

CapraTube

MALWARE

Android

CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts

1.7.24

Snowblind

MALWARE

Android

Beware of Snowblind: A new Android malware

20.6.24

SquidLoader

MALWARE

Loader

LevelBlue Labs Discovers Highly Evasive, New Loader Targeting Chinese Organizations

18.6.24

Hijack Loader

MALWARE

Loader

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion

17.6.24

COATHANGER

MALWARE

RAT

Ministry of Defence of the Netherlands uncovers COATHANGER,a stealthy Chinese FortiGate RAT

17.6.24

BadSpace

MALWARE

Backdoor

Backdoor BadSpace delivered by high-ranking infected websites

17.6.24

NiceRAT

MALWARE

RAT

Botnet Installing NiceRAT Malware

15.6.24

DISGOMOJI

MALWARE

Linux

DISGOMOJI Malware Used to Target Indian Government

15.6.24

Grandoreiro

MALWARE

Banking

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

14.6.24

Script RAT

MALWARE

RAT

In Bad Company: JScript RAT and CobaltStrike

14.6.24

SSLoad Malware

MALWARE

Loader

Dissecting SSLoad Malware: A Comprehensive Technical Analysis

13.6.24

Noodle RAT

MALWARE

RAT

Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups

13.6.24

WARMCOOKIE

MALWARE

Backdoor

Dipping into Danger: The WARMCOOKIE backdoor

12.6.24

ValleyRAT

MALWARE

RAT

Technical Analysis of the Latest Variant of ValleyRAT

11.6.24

More_eggs

MALWARE

Backdoor

More_eggs Activity Persists Via Fake Job Applicant Lures

7.6.24

SPECTR

MALWARE

Stealer

SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

7.6.24

Muhstik

MALWARE

Trojan

Muhstik Malware Targets Message Queuing Services Applications

6.6.24

BoxedApp

MALWARE

App

BoxedApp products are general packers built on top of its SDK, which provides the ability to create Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking).

6.6.24

'Lumma' crypto stealer

MALWARE

Stealer

Russia-linked 'Lumma' crypto stealer now targets Python devs

5.6.24

DarkGate

Malware

RAT

During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans (RATs) by malicious actors.

3.6.24

Lumma Stealer

Malware

Stealer

Fake Browser Updates delivering BitRAT and Lumma Stealer

3.6.24

BitRAT

Malware

RAT

Fake Browser Updates delivering BitRAT and Lumma Stealer

30.5.24

AhMyth

Malware

Android

AhMyth is malware that spreads through a few different infection vectors and uses various means to collect and exfiltrate sensitive information from infected devices.

30.5.24

RedTail

Malware

Cryptocurrency

RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit

30.5.24

PyPI crypto-stealer

Malware

Python

PyPI crypto-stealer targets Windows users, revives malware campaign

29.5.24

AllaSenha

Malware

RAT

ALLASENHA: ALLAKORE VARIANT LEVERAGES AZURE CLOUD C2 TO STEAL BANKING DETAILS IN LATIN AMERICA

25.5.24

ShadowPad

Malware

RAT

BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad.

25.5.24

BloodAlchemy

Malware

RAT

Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy

22.5.24

SolarMarker

Malware

InfoStealer

Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware

21.5.24

No-Justice

Malware

Wipper

No-Justice Wiper - Wiper attack on Albania by Iranian APT)

21.5.24

Cl Wiper

Malware

Wipper

Iranian State Actors Conduct Cyber Operations Against the Government of Albania

20.5.24

LATRODECTUS

Malware

Loader

The LATRODECTUS loader evolves to deliver ICEDID and other malware

20.5.24

Grandoreiro

Malware

Banking

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

18.5.24

SugarGh0st RAT

Malware

RAT

Artificial Sweetener: SugarGh0st RAT Used to Target American Artificial Intelligence Experts

18.5.24

Springtail

Malware

Backdoor

More than one legitimate software package was modified to deliver malware in North Korean group’s recent campaign against South Korean organizations.

16.5.24

LunarMail

Malware

APT

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

16.5.24

LunarWeb 

Malware

APT

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

11.5.24

zEus

Malware

Stealer

zEus Stealer Distributed via Crafted Minecraft Source Pack

10.5.24

Coper

Malware

Android

Coper is a descendant of ExoBotCompat, which was a rewritten version of Exobot.

8.5.24

HijackLoader

Malware

Loader

HijackLoader (a.k.a. IDAT Loader) is a malware loader initially spotted in 2023 that is capable of using a variety of modules for code injection and execution.

7.5.24

MetaStealer

Malware

Stealer

Post-infection traffic triggers signatures for Win32/MetaStealer Related Activity from the EmergingThreats Pro (ETPRO) ruleset.

7.5.24

BASICSTAR

Malware

VBS

CharmingCypress: Innovating Persistence

7.5.24

WIREFIRE

Malware

Python

Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion

6.5.24

Cuckoo

Malware

Apple

Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware

3.5.24

Cuttlefish

Malware

Trojan

The Black Lotus Labs team at Lumen Technologies is tracking a malware platform we’ve named Cuttlefish, that targets networking equipment, specifically enterprise-grade small office/home office (SOHO) routers.

3.5.24

Wpeeper

Malware

Backdoor

Playing Possum: What's the Wpeeper Backdoor Up To?

3.5.24

Graph

Malware

Trojan

Graph: Growing number of threats leveraging Microsoft API

1.5.24

Zloader

Malware

Trojan

Zloader Learns Old Tricks

27.4.24

Brokewell

Malware

Android

Brokewell: do not go broke from new banking malware!

27.4.24

Kaolin RAT

Malware

RAT

From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams

25.4.24

Pupy RAT

Malware

RAT

Analysis of Pupy RAT Used in Attacks Against Linux Systems

25.4.24

GuptiMiner

Malware

Cryptocurrency

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining

24.4.24

CoralRaider

Malware

Stealer

Suspected CoralRaider continues to expand victimology using three information stealers

22.4.24

Redline Stealer

Malware

Stealer

A new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious behavior.

19.4.24

Deuterbear

Malware

Loader

Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear

19.4.24

OfflRouter

Malware

VBA Macro

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

19.4.24

CR4T 

Malware

Backdoor

CR4t Malware: A Shape-Shifting Threat — Threat Intelligence Report

18.4.24

SoumniBot

Malware

Android Banking

SoumniBot: the new Android banker’s unique techniques

18.4.24

MadMxShell

Malware

Backdoor

Malvertising campaign targeting IT teams with MadMxShell

18.4.24

Kapeka

Malware

Backdoor

Kapeka: A novel backdoor spotted in Eastern Europe

15.4.24

LightSpy

Malware

ios

LightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India

11.4.24

BatCloak

Malware

FUD Engine

Analyzing the FUD Malware Obfuscation Engine BatCloak

11.4.24

XploitSPY RAT

Malware

RAT

eXotic Visit campaign: Tracing the footprints of Virtual Invaders

10.4.24

Smoke

Malware

Backdoor

Smoke and (screen) mirrors: A strange signed backdoor

9.4.24

ScrubCrypt

Malware

Crypto

ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins

8.4.24

Latrodectus

Malware

Downloader

Latrodectus: This Spider Bytes Like Ice

8.4.24

SecTopRAT

Malware

RAT

Bing ad for NordVPN leads to SecTopRAT

5.4.24

Rhadamanthys

Malware

Stealer

Rhadamanthys Malware Disguised as Groupware Installer (Detected by MDS)

5.4.24

JSOutProx

Malware

Tool

Resecurity has detected a new version of JSOutProx, targeting financial services and organizations in the APAC and MENA regions. JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET.

5.4.24

Byakugan

Malware

infostealer

Byakugan – The Malware Behind a Phishing Attack

5.4.24

VietCredCare 

Malware

Stealer

Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses

5.4.24

AGENT TESLA

Malware

RAT

AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES

5.4.24

StrelaStealer

Malware

Stealer

SonicWall Capture Labs threat research team has observed an updated variant of StrelaStealer.

5.4.24

Sync-Scheduler

Malware

Stealer

This study provides a detailed overview of Sync-Scheduler, a potent malware written in C++ boasting defense evasion and anti-analysis capabilities.

5.4.24

Rhadamanthys

Malware

Stealer

Recently Updated Rhadamanthys Stealer Delivered in Federal Bureau of Transportation Campaign

3.4.24

Mispadu

Malware

Banking

Breaking Boundaries: Mispadu's Infiltration Beyond LATAM

2.4.24

XZ Backdoor

Malware

Backdoor

Everything I Know About the XZ Backdoor

2.4.24

UNAPIMON

Malware

Backdoor

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

2.4.24

VenomRAT

Malware

RAT

VenomRAT: A remote access tool with dangerous consequences

1.4.24

PROXYLIB

Malware

APP

Satori Threat Intelligence Alert: PROXYLIB and LumiApps Transform Mobile Devices into Proxy Nodes

1.4.24

Vultur

Malware

Android

Android Malware Vultur Expands Its Wingspan

31.3.24

Vultur

Malware

Android

The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim’s mobile device.

31.3.24

Atomic Stealer

Malware

MacOS

Infostealers continue to pose threat to macOS users

30.3.24

TheMoon

Malware

Worm

Linksys Worm ("TheMoon") Captured

30.3.24

DinodasRAT

Malware

RAT

DinodasRAT Linux implant targeting entities worldwide

28.3.24

Agent Tesla

Malware

Loader

Agent Tesla's New Ride: The Rise of a Novel Loader

27.3.24

EvilOSX

Malware

osx

27.3.24

Trochilus RAT

Malware

RAT

Trochilus is a C++ written RAT, which is available on GitHub.

23.3.24

QUARTERRIG

Malware

Dropper

Here, MUSKYBEAT refers to the in-memory dropper component, while STATICNOISE is the final payload / downloader.

23.3.24

BEATDROP

Malware

Dropper

According to Mandiant, BEATDROP is a downloader written in C that uses Atlassian's project management service Trello for C&C.

23.3.24

ROOTSAW

Malware

Spy

Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations

23.3.24

WINELOADER 

Malware

Loader

APT29 Uses WINELOADER to Target German Political Parties

22.3.24

Sign1 Malware

Malware

JavaScript

Sign1 Malware: Analysis, Campaign History & Indicators of Compromise

22.3.24

Revenge RAT

Malware

RAT

Revenge RAT via malicious PPAM in Latin America, Portugal and Spain

22.3.24

AceCryptor

Malware

RAT

Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries

22.3.24

Stealc

Malware

Loader

Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023.

22.3.24

StrelaStealer

Malware

Stealer

StrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server.

22.3.24

AcidRain

Malware

Wipper

A MIPS ELF binary with wiper functionality used against Viasat KA-SAT modems.

22.3.24

AcidPour

Malware

Wipper

AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine

22.3.24

AndroxGh0st

Malware

Android

AndroxGh0st is a Python-based malware designed to target Laravel applications. It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio.

20.3.24

PureCrypter

Malware

Crypter

According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021 The malware has been observed distributing a variety of remote access trojans and information stealers

20.3.24

Smoke Loader

Malware

Loader

Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor

20.3.24

WhiteSnake Stealer

Malware

Stealer

WhiteSnake Stealer: Unveiling the Latest Version – Less Obfuscated, More Dangerous

20.3.24

Taurus Stealer

Malware

Stealer

The GlorySprout or a Failed Clone of Taurus Stealer

20.3.24

KONO DIO DA

Malware

CoinMiner

CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers

20.3.24

AcidRain

Malware

Wiper

A MIPS ELF binary with wiper functionality used against Viasat KA-SAT modems.

20.3.24

NetSupportManager RAT

Malware

RAT

Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago.

20.3.24

ROKRAT

Malware

RAT

APT37's ROKRAT HWP Object Linking and Embedding

18.3.24

SVG

Malware

Malware

Scalable Vector Graphics (SVG) files are a popular format for web graphics because they can be resized without losing quality. However, cybercriminals are now exploiting SVGs to deliver malware, posing a new threat to unsuspecting users.

18.3.24

AZORult

Malware

Stealer

From Delivery To Execution: An Evasive Azorult Campaign Smuggled Through Google Sites

18.3.24

STEELHOOK

Malware

Stealer

PowerShell script

18.3.24

IRONJAW

Malware

Stealer

the malware was used previously in campaigns from July through August, and September 2023

18.3.24

CREDOMAP

Malware

JavaScript

The government computer emergency response team of Ukraine CERT-UA detected a malicious document "Nuclear Terrorism A Very Real Threat.rtf", opening of which will lead to the download of an HTML file and the execution of JavaScript code (CVE-2022-30190), which will ensure the download and launching the CredoMap malware.

18.3.24

OCEANMAP

Malware

Backdoor

X-Force’s analysis revealed that OCEANMAP has a strong overlap in both technique and .NET implementation. Several of the functions used in OCEANMAP were repurposed from the original CREDOMAP stealer and used as a base to build the new persistent backdoor.

18.3.24

MASEPIE

Malware

Python

Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus

17.3.24

404 Keylogger

Malware

Keylogger

Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victim’s sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard.

17.3.24

RisePro stealer

Malware

Stealer

RisePro stealer targets Github users in “gitgub” campaign

17.3.24

BunnyLoader 3.0

Malware

Loader

Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled

14.3.24

Pelmeni Wrapper

Malware

Wrapper

Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)

14.3.24

RedCurl

Malware

CyberSpy

Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence

14.3.24

zgRAT

Malware

RAT

zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.

14.3.24

CyberGate

Malware

RAT

According to Subex Secure, CyberGate is a Remote Access Trojan (RAT) that allows an attacker to gain unauthorized access to the victim’s system.

14.3.24

Planet Stealer

Malware

Stealer

Planet Stealer is a recently identified infostealing malware variant. This Go-based malware has been advertised for sale on underground forums.

14.3.24

DBatLoader

Malware

Loader

Latest DBatLoader Uses Driver Module to Disable AV/EDR Software

14.3.24

Tweaks Stealer

Malware

Stealer

Tweaks Stealer Targets Roblox Users Through YouTube and Discord

14.3.24

Phemedrone Stealer

Malware

Stealer

Unveiling Phemedrone Stealer: Threat Analysis and Detections

14.3.24

Mispadu

Malware

Banking

According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers.

14.3.24

DarkGate

Malware

Loader

First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation.

13.3.24

PixPirate

Malware

Android

PixPirate: The Brazilian financial malware you can’t see

13.3.24

STRRAT

Malware

RAT

STRRAT is a Java-based RAT, which makes extensive use of plugins to provide full remote access to an attacker, as well as credential stealing, key logging and additional plugins.

13.3.24

VCURMS

Malware

Java

Recently, FortiGuard Labs uncovered a phishing campaign that entices users to download a malicious Java downloader with the intention of spreading new VCURMS and STRRAT remote access trojans (RAT).

12.3.24

BIPClip

Malware

PyPI

RL has discovered a campaign using PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases, which are used for wallet recovery.

12.3.24

CHAVECLOAK

Malware

Banking

FortiGuard Labs recently uncovered a threat actor employing a malicious PDF file to propagate the banking Trojan CHAVECLOAK.

11.3.24

BianDoor

Malware

Backdoor

 

7.3.24

MgBot

Malware

Bot

My Tea’s not cold. An overview of China’s cyber threat

7.3.24

Snake

Malware

InfoStealer

In this Threat Analysis Report, Cybereason Security Services dives into the Python Infostealer, delivered via GitHub and GitLab, that ultimately exfiltrates credentials via Telegram Bot API or other well known platforms.

7.3.24

WogRAT

Malware

RAT

AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system.

7.3.24

SpyNote

Malware

RAT

The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code

6.3.24

OceanLotus

Malware

OSX

According to PcRisk, Research shows that the OceanLotus 'backdoor' targets MacOS computers.

6.3.24

TODDLERSHARK

Malware

VBS

TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant

2.3.24

GUloader

Malware

Loader

GUloader Unmasked: Decrypting the Threat of Malicious SVG Files

2.3.24

BIFROSE

Malware

RAT

The Art of Domain Deception: Bifrost's New Tactic to Deceive Users

2.3.24

GTPDOOR

Malware

Backdoor

GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange

2.3.24

WINELOADER

Malware

Loader

European diplomats targeted by SPIKEDWINE with WINELOADER

1.3.24

MINIBIKE

Malware

Backdoor

A custom backdoor written in C++ capable of file exfiltration and upload, command execution, and more. Communicates using Azure cloud infrastructure.

1.3.24

MINIBUS

Malware

Backdoor

A custom backdoor that provides a more flexible code-execution interface and enhanced reconnaissance features compared to MINIBIKE

1.3.24

LIGHTRAIL

Malware

Backdoor

A tunneler, likely based on an open-source Socks4a proxy, that communicates using Azure cloud infrastructure

28.2.24

Pony

Malware

Stealer

Pony (also known as Fareit or Siplog) is a malware categorized as a loader and stealer, although it is also used as a botnet, being a tool that has been used for more than 10 years and is still in use.

28.2.24

RustDoor

Malware

Backdoor

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

28.2.24

TimbreStealer

Malware

Stealer

When Stealers Converge: New Variant of Atomic Stealer in the Wild

28.2.24

Mispadu

Malware

Banking

According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers.

28.2.24

Cyclops Blink

Malware

Linux

Modular malware framework targeting SOHO network devices

28.2.24

MASEPIE

Malware

Loader

Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus

28.2.24

Nood RAT

Malware

RAT

Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant)

27.2.24

IDAT Loader

Malware

Loader

Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT to a Ukraine Entity in Finland

27.2.24

DarkVNC

Malware

Stealer

DarkVNC is a hidden utility based on the Virtual Network Computing (VNC) technology, initially promoted on an Exploit forum in 2016.

27.2.24

Remcos RAT

Malware

RAT

We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.

27.2.24

DCRat

Malware

RAT

We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.

27.2.24

Ousaban

Malware

Banking

Ousaban: LATAM Banking Malware Abusing Cloud Services

27.2.24

Mekotio

Malware

Banking

Tweet on recent Mekotio Banker campaign

27.2.24

Astaroth

Malware

Banking

First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques.

22.2.24

SSH-Snake

Malware

Worm

SSH-Snake: New Self-Modifying Worm Threatens Networks

22.2.24

KONNI

Malware

RAT

To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer

21.2.24

PlugX

Malware

Stealer

Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats

21.2.24

VietCredCare

Malware

Stealer

Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses

21.2.24

Migo

Malware

Miner

Migo - a Redis Miner with Novel System Weakening Techniques

21.2.24

SysJoker

Malware

Backdoor

Sysjoker is a backdoor malware that was first discovered in December 2021 by Intezer.

21.2.24

BiBi-Linux

Malware

Wipper

According to Security Joes, this malware is an x64 ELF executable, lacking obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire operating system if run with root permissions.

19.2.24

Anatsa 

Malware

Android

Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach

19.2.24

BASICSTAR

Malware

Backdoor

Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers.

18.2.24

Raccoon Stealer v2

Malware

Stealer

Raccoon Stealer v2 – Part 1: The return of the dead

18.2.24

Recordbreaker

Malware

Stealer

An info stealer is malicious software (malware) that seeks to steal private data from a compromised device, including passwords, cookies, autofill information from browsers, and cryptocurrency wallet information.

17.2.24

DeliveryCheck

Malware

Backdoor

According to CERT-UA, this malware makes use of XSLT (Extensible Stylesheet Language Transformations) and COM-hijacking.

17.2.24

TinyTurla-NG

Malware

Backdoor

TinyTurla Next Generation - Turla APT spies on Polish NGOs

17.2.24

GoldDigger

Malware

iOS

Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows

17.2.24

Bumblebee

Malware

Loader

This malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE.

17.2.24

DarkMe

Malware

Loader

CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day

17.2.24

Glupteba

Malware

Bootkit

Diving Into Glupteba's UEFI Bootkit

17.2.24

PikaBot

Malware

Loader

Pikabot is a malware loader that originally emerged in early 2023. Over the past year, ThreatLabz has been tracking the development of Pikabot and its modus operandi.

17.2.24

DSLog

Malware

Backdoor

Ivanti Connect Secure: Journey to the core of the DSLog backdoor

17.2.24

RustDoor

Malware

macOS

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

12.2.24

Warzone RAT

Malware

RAT

The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT.

10.2.24

RustDoor

Malware

Backdoor

New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

10.2.24

RASPBERRY ROBIN

Malware

Worm

RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYS

9.2.24

MoqHao 

Malware

Android

MoqHao evolution: New variants start automatically right after installation

9.2.24

Coyote

Malware

Banking

Coyote: A multi-stage banking Trojan abusing the Squirrel installer

9.2.24

Zardoor

Malware

Backdoor

New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

8.2.24

HijackLoader

Malware

Loader

HijackLoader Expands Techniques to Improve Defense Evasion

8.2.24

Troll Stealer

Malware

Stealer

Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer

7.2.24

BOLDMOVE

Malware

Backdoor

According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475).

7.2.24

BOLDMOVE

Malware

ELF

According to Mandiant, this malware family is attributed to potential chinese background and directly related to observed exploitation of Fortinet's SSL-VPN (CVE-2022-42475). There is also a Windows variant.

7.2.24

COATHANGER

Malware

RAT

Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server that's designed to grant persistent remote access to the compromised appliances.

6.2.24

CrackedCantil

Malware

Stealer

CrackedCantil: A Malware Symphony Breakdown

6.2.24

Ov3r_Stealer

Malware

Stealer

Facebook Advertising Spreads Novel Malware Variant

6.2.24

Epeius

Malware

Spyware

A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets

6.2.24

Skygofree

Malware

Android

Skygofree: Following in the footsteps of HackingTeam

5.2.24

VajraSpy

Malware

RAT

ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group

5.2.24

Pegasus

Malware

Spyware

New spyware attacks exposed: civil society targeted in Jordan

5.2.24

DiceLoader

Malware

Loader

This report aims to detail the functioning of a malware used by FIN7 since 2021, named DiceLoader (also known Icebot), and to provide a comprehensive approach of the threat by detailing the related Techniques...

5.2.24

Phemedrone Stealer

Malware

Stealer

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

5.2.24

Mispadu Stealer

Malware

Stealer

Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019

3.2.24

HeadLace

Malware

Backdoor

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

3.2.24

DirtyMoe

Malware

Backdoor

Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor

2.2.24

BPFdoor

Malware

Rootkit

We discuss proof-of-concept rootkits and malware used by cybercriminals in conjunction with Berkeley Packet Filtering (BPF), a piece of technology that allows programs to execute code in the operating systems of popular cloud-computing platforms. We also show how to detect such threats.

2.2.24

HeadCrab 2.0

Malware

Backdoor

HeadCrab 2.0: Evolving Threat in Redis Malware Landscape

1.2.24

QUIETBOARD

Malware

Python

Evolution of UNC4990: Uncovering USB Malware's Hidden Depths

1.2.24

EMPTYSPACE

Malware

Backdoor

Mandiant has observed UNC4990 leverage EMPTYSPACE (also known as VETTA Loader and BrokerLoader), a downloader that can execute any payload served by the command and control (C2) server, and QUIETBOARD, which is a backdoor that was delivered using EMPTYSPACE.

1.2.24

KRUSTYLOADER

Malware

Loader

KRUSTYLOADER - RUST MALWARE LINKED TO IVANTI CONNECTSECURE COMPROMISES

31.1.24

Grandoreiro

Malware

Banking

Grandoreiro is one of the many Latin American banking trojans such as Javali, Melcoz, Casabeniero, Mekotio, and Vadokrist, primarily targeting countries like Spain, Mexico, Brazil, and Argentina.

31.1.24

Rage Stealer

Malware

Stealer

From Screen Captures to Crypto wallets: Analyzing the Multi-Faceted Threat of Rage Stealer

31.1.24

Monster Stealer

Malware

Stealer

RUSSIAN STEALER LOG AGGREGATOR RELEASES FULLY NATIVE INFOSTEALER

31.1.24

ZLoader

Malware

Trojan

Zloader: No Longer Silent in the Night

29.1.24

LODEINFO

Malware

Backdoor

LODEINFO is a fileless malware that has been observed in campaigns that start with spear-phishing emails since December 2019.

29.1.24

SystemBC

Malware

Trojan

Inside the SYSTEMBC Command-and-Control Server

29.1.24

AllaKore RAT

Malware

RAT

AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development.

29.1.24

CherryLoader

Malware

GO base

CherryLoader: A New Go-based Loader Discovered in Recent Intrusions

29.1.24

RokRAT

Malware

RAT

It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents.

29.1.24

Glupteba

Malware

Cryptomining

Glupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet.

29.1.24

WhiteSnake Stealer

Malware

Python

Info Stealing Packages Hidden in PyPI

20.1.24

WasabiSeed

Malware

VBS

Screentime: Sometimes It Feels Like Somebody's Watching Me

19.1.24

ZuRu

Malware

OSX

Jamf Threat Labs discovers new malware embedded in pirated applications

18.1.24

AndroxGh0st

Malware

Android

CISA and FBI Release Known IOCs Associated with Androxgh0st Malware

17.1.24

Remcos RAT

Malware

RAT

Remcos RAT Being Distributed via Webhards

16.1.24

Phemedrone

Malware

Stealer

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

12.1.24

FBot 

Malware

Linux

Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services

11.1.24

AMOS

Malware

osx

Mac users targeted in new malvertising campaign delivering Atomic Stealer

11.1.24

NoaBot

Malware

Bot

You Had Me at Hi — Mirai-Based NoaBot Makes an Appearance

10.1.24

PikaBot

Malware

Loader

Introducing Pikabot, an emerging malware family that comprises a downloader/installer, a loader, and a core backdoor component.

9.1.24

Lumma Stealer

Malware

Stealer

Deceptive Cracked Software Spreads Lumma Variant on YouTube

9.1.24

Silver RAT

Malware

RAT

A GAMER TURNED MALWARE DEVELOPER : DIVING INTO SILVERRAT AND IT’S SYRIAN ROOTS

6.1.24

SpectralBlur

Malware

macOS

Today will be a quick post on a TA444 (aka Sapphire Sleet, BLUENOROFF, STARDUST CHOLLIMA) Macho family tracked as SpectralBlur we found in August, and how finding it led us to stumble upon an early iteration of KANDYKORN (aka SockRacket). Please read Elastic’s EXCELLENT piece on that family.

6.1.24

No-Justice

Malware

Wipper

Wiper attack on Albania by Iranian APT

5.1.24

Bandook RAT

Malware

RAT

Bandook - A Persistent Threat That Keeps Evolving

5.1.24

Remcos RAT

Malware

RAT

Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion

3.1.24

WhiteSnake Stealer

Malware

Stealer

WhiteSnake Stealer malware sample on MalwareBazaar

3.1.24

RisePro

Malware

Stealer

RisePro is a stealer that is spread through downloaders like win.privateloader. Once executed on a system, the malware can steal credit card information, passwords, and personal data.

1.1.24

Medusa Stealer

Malware

Stealer

On Christmas Eve, Resecurity's HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2).

1.1.24

Jinx

Malware

Stealer

Jinx – Malware 2.0 We know it’s big, we measured it!