Keypoints :
Critical vulnerability allows full remote control of CentOS systems.…Summary: Recent analysis reveals two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, which have been identified as high-severity threats capable of credential leaks and sensitive data exfiltration. These packages utilize obfuscation and various malicious techniques to evade detection and compromise user security.
Threat Actor: Unknown | unknown Victim: Individuals and institutions using PyPI packages | individuals and institutions using PyPI packages
Key Point :
Both Zebo-0.1.0 and Cometlogger-0.1 exhibit malicious behaviors such as data exfiltration, keylogging, and unauthorized control.…Keypoints :
Fortinet identified two malicious PyPI packages: Zebo-0.1.0 and Cometlogger-0.1.…Summary:
Fortinet’s FortiGuard Labs has identified a high-severity phishing campaign targeting Windows users, utilizing a malicious Excel document to exploit CVE-2017-0199. This campaign spreads a new variant of the Remcos Remote Access Trojan (RAT), allowing attackers to gain full control over victims’ computers.Keypoints:
Phishing emails contain malicious Excel attachments.…Summary:
Winos4.0 is a sophisticated malware framework that compromises Microsoft Windows systems, particularly targeting the education sector through malicious game-related applications. It utilizes a multi-stage attack process to gain control over infected machines, enabling extensive data collection and remote command execution.Keypoints:
Winos4.0 is built on the Gh0strat framework.…FortiGuard Labs reported on a critical security incident involving the Ivanti Cloud Services Appliance (CSA), where an advanced adversary exploited multiple vulnerabilities, including CVE-2024-8190, to gain unauthorized access and control over affected systems. The attack involved chaining zero-day vulnerabilities and demonstrated sophisticated techniques to maintain persistence and exfiltrate sensitive data.…
Short Summary:
The article discusses the Emansrepo Python infostealer, which has been active since November 2023 and is distributed through phishing emails containing fake purchase orders. The malware collects sensitive information from victims’ browsers and files, sending it to the attacker’s email. The article details the attack flow and the evolution of the malware’s capabilities over time.…
Short Summary:
FortiGuard Labs reports on the Underground ransomware, which encrypts files on Windows machines and demands ransom for decryption. The ransomware is deployed by the Russia-based RomCom group, exploiting vulnerabilities and using various infection vectors. The report outlines the ransomware’s methods, victimology, and Fortinet’s protective measures against it.…
Short Summary:
The article discusses a phishing campaign that delivers a new variant of the Snake Keylogger through a malicious Excel document. This keylogger is capable of collecting sensitive information from victims’ computers, including saved credentials, keystrokes, and screenshots. The campaign exploits a known vulnerability to execute its payload and employs various techniques to evade detection.…
Short Summary:
The ValleyRAT campaign targets Chinese-speaking Windows users, utilizing multi-stage malware to monitor and control victims. It employs various techniques, including shellcode execution and sandbox evasion, to maintain a low profile and evade detection. The malware is capable of delivering additional payloads and plugins, posing a significant threat to the targeted systems.…
Short Summary:
This article discusses a sophisticated phishing attack campaign that utilizes multiple layers of obfuscation and evasion techniques to distribute various types of malware, including VenomRAT and PureHVNC. The campaign targets organizations through deceptive emails, leading to the execution of malicious payloads and the collection of sensitive information from infected systems.…
“`html Short Summary:
The FortiGuard Labs team has identified a malicious PyPI package named zlibxjson version 8.2, which poses a high risk to users by stealing sensitive information such as Discord tokens, browser cookies, and saved passwords. The report emphasizes the importance of security practices in managing software dependencies to prevent such threats.…
Impacted Users: iPhone users in IndiaImpact: Possible financial loss; stolen information can be used for future attacksSeverity Level: Medium
The FortiGuard Labs Threat Research team recently observed a number of social media posts commenting on a fraud campaign targeting India Post users. India Post is India’s government-operated postal system.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
Spyware is malicious software engineered to covertly monitor and gather information from a user’s computer without their awareness or consent. It can record activities like keystrokes, browsing behavior, and personal information, often transmitting this data to a third party for espionage or theft.…
Affected Platforms: Linux DistributionsImpacted Users: Any organizationImpact: Remote attackers gain control of the vulnerable systemsSeverity Level: High
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers, such as VCRUMS stored on AWS or SYK Crypter distributed via DriveHQ.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
The past few years have seen a significant increase in the number of Rust developers. Rust is a programming language focused on performance and reliability. However, for an attacker, its complicated assembly code is a significant merit.…
FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.…