Summary :
This article delves into a sophisticated multi-stage malware attack involving XWorm, initiated through a malicious LNK file that executes PowerShell commands to download and execute harmful scripts. The infection chain highlights various techniques used by attackers to steal sensitive information. #XWorm #Malware #CyberSecurity
Keypoints :
Attackers use a multi-stage infection chain starting with a malicious LNK file.…Estimated reading time: 5 minutes
Ghost Locker is a Ransomware-as-a-Service (Raas) created by GhostSec [hacktivist groups]. In October 2023, GhostSec launched the GhostLocker framework. After their successful collaborative operations with the Stormous ransomware group in July 2023, GhostLocker ransomware operators provide various options for their affiliates.…
Estimated reading time: 4 minutes
Recently, we came across a new banking trojan called Coyote, which utilizes a tool/library called Squirrel Installer, developed to install and manage updates of windows applications. The malware looks more evolved than our normal banking trojans and can potentially be at a higher threat level in the coming days. …
Estimated reading time: 4 minutes
Introduction:
Originating in March 2023, Abyss Locker, a recently established ransomware operation, has swiftly targeted companies, transforming into a significant threat across various sectors, such as industrial control systems (ICS), enterprises, and public-sector organizations. It poses a significant threat to both Windows and Linux systems. …
Estimated reading time: 6 minutes
Cerber is a strain of ransomware that was first identified in early 2016. It is a type of malware that encrypts a victim’s files and demands a ransom for the decryption key needed to unlock the files. Cerber, like many other ransomware variants, typically targets individuals and organizations by encrypting their files and demanding a ransom payment (usually in cryptocurrencies like Bitcoin) for the decryption key.…
Estimated reading time: 13 minutes
SEQRITE Labs APT-Team has discovered multiple campaigns of APT SideCopy, targeting Indian government and defense entities in the past few months. The threat group is now exploiting the recent WinRAR vulnerability CVE-2023-38831 (See our advisory for more details) to deploy AllaKore RAT, DRat and additional payloads.…
Estimated reading time: 5 minutes
Our recent research has highlighted the presence of the MedusaLocker ransomware, which first surfaced in mid-2019. Its primary targets are the Hospital and Healthcare industries. MedusaLocker employs AES and RSA encryption techniques to encrypt victims’ data.
Technical analysis
At the start, it performs a check for the presence of a Mutex.…