In March 2024, Zscaler ThreatLabz observed new activity from Kimsuky (aka APT43, Emerald Sleet, and Velvet Chollima), an advanced persistent threat actor backed by the North Korean government. This …
Author: ZScaler
ValleyRAT is a remote access trojan (RAT) that was initially documented in early 2023. Its main objective is to infiltrate and compromise systems, providing remote attackers with unauthorized …
Smoke (a.k.a. SmokeLoader or Dofoil) is a malware loader that has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads including various trojans, ransomware, and …
At Zscaler ThreatLabz, we regularly monitor the Google Play store for malicious applications. Over the past few months, we identified and analyzed more than 90 malicious applications uploaded to …
HijackLoader (a.k.a. IDAT Loader) is a malware loader initially spotted in 2023 that is capable of using a variety of modules for code injection and execution. It uses a …
Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. As detailed in our previous blog, Zloader reemerged following an almost two-year …
Zscaler ThreatLabz researchers recently encountered a significant number of websites associated with fraudulent activities being hosted on popular web hosting and blogging platforms. Threat actors intentionally create these sites …
Recently, a zero-day command-injection vulnerability, assigned to CVE-2024-3400, was found in the Palo Alto Networks PAN-OS. It was assigned the maximum severity score of 10.0 and can be exploited …
Pikabot is a malware loader that originally emerged in early 2023 with one of the prominent features being the code obfuscation that it leverages to evade detection and thwart …
On February 19, 2024, ConnectWise released an advisory disclosing critical vulnerabilities impacting ScreenConnect Remote Monitoring and Management (RMM) software. The first vulnerability, tracked as CVE-2024-1709, allows threat actors …
Beginning in December 2023, Zscaler’s ThreatLabz discovered a threat actor creating fraudulent Skype, Google Meet, and Zoom websites to spread malware. The threat actor spreads SpyNote RAT to Android …
Zscaler’s ThreatLabz discovered a suspicious PDF file uploaded to VirusTotal from Latvia on January 30th, 2024. This PDF file is masqueraded as an invitation letter from the Ambassador …
Pikabot is a malware loader that originally emerged in early 2023. Over the past year, ThreatLabz has been tracking the development of Pikabot and its modus operandi. There …
Qakbot (aka QBot or Pinkslipbot) is a malware trojan that has been used to operate one of the oldest and longest running cybercriminal enterprises. Qakbot has evolved from a …
Zloader (aka Terdot, DELoader, or Silent Night), is a modular trojan born from the leaked Zeus source code. It surfaced publicly in 2016 during a targeted campaign against German …
Zscaler’s ThreatLabz research team has been tracking the Linux-based malware family known as DreamBus. Not much has changed in the last few years other than minor bug fixes, and …
First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler …
DarkGate is a malware family, dating back to 2018, that gained prominence after the demise of Qakbot with a Malware-as-a-Service (MaaS) offering advertised in underground cybercrime forums starting in …
On November 8 2023, SysAid published an advisory for CVE-2023-47246 regarding a critical zero-day vulnerability on their SysAid On-Premise software. SysAid describes the vulnerability as a path traversal vulnerability …
On October 11, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) published an advisory for AvosLocker, which was a sophisticated double extortion Ransomware-as-a-Service (RaaS) group that was last observed …
Mystic Stealer is a relatively new downloader and information stealer that emerged in early 2023. The malware harvests data from a large number of web browsers and cryptocurrency wallet …
In early September, Zscaler ThreatLabz discovered a new Malware-as-a-Service (MaaS) threat called “BunnyLoader” being sold on various forums. BunnyLoader provides various functionalities such as downloading and executing a second-stage …
In July 2023, Zscaler ThreatLabz discovered new malicious activity perpetuated by the Pakistan-based advanced persistent threat group (APT36). APT36 is a sophisticated cyber threat group with a history of …
HijackLoader is a new malware loader, which has grown in popularity over the past few months. Even though HijackLoader does not contain advanced features, it is capable of using …
The Zscaler ThreatLabz team recently observed a surge in tech-support scams, with a noteworthy focus on the utilization of Windows Action Center notifications to display misleading warning messages to …
Zscaler ThreatLabz recently discovered a new stealing campaign dubbed as the “Steal-It” campaign. In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions of Nishang’s …
In our persistent quest to decode DuckTail’s maneuvers, Zscaler ThreatLabz began an intelligence collection operation in May 2023. Through an intensive three-month period of monitoring, we obtained critical details …
Agniane Stealer fraudulently takes credentials, system information, and session details from browsers, tokens, and file transferring tools. Agniane Stealer also heavily targets cryptocurrency extensions and wallets. Once it obtains the …
In June of 2023, our research team at Zscaler ThreatLabz discovered a threat actor targeting FinTech users in the LATAM region. JanelaRAT involves several tactics, techniques, and procedures (TTPs) …
Recently, while tracking global threat activity, the Zscaler ThreatLabz team discovered a new information stealer family called: Statc Stealer. Statc Stealer is a sophisticated malware that infects devices powered …
In the ever-evolving landscape of cyber threats, banking trojans continue to pose a significant risk to organizations worldwide. Among them, Qakbot, also known as QBot or Pinkslipbot, stands out …
Discover the intricate layers of a new sophisticated and persistent malware campaign targeting businesses in the LATAM region delivering the TOITOIN Trojan. Delve into the multi-stage attack methodology, from …
Zscaler ThreatLabz has discovered a new malware variant, RedEnergy stealer (not to be confused with the australian company Red Energy) that fits into the hybrid Stealer-as-a-Ransomware threat category.
RedEnergy …
Progress Software disclosed one more critical vulnerability CVE-2023-35708 with CVSS Base Score 9.8 in its MOVEit Transfer application on 15th June 2023. An …