Key TakeawaysCyble Research and Intelligence Labs (CRIL) has observed the usage of an open-source PySilon RAT by multiple threat actors (TAs). The presence of over 300 samples on VirusTotal since June 2023 suggests a significant surge in the PySilon malware’s activity. PySilon RAT was first established in December 2022 as version 1.0 and has since evolved to its current iteration, version 3.6.…
Read More
Introduction

In July 2023, Zscaler ThreatLabz discovered new malicious activity perpetuated by the Pakistan-based advanced persistent threat group (APT36). APT36 is a sophisticated cyber threat group with a history of conducting targeted espionage operations in South Asia. We observed APT36 targeting Indian government sectors using a previously undocumented Windows RAT, new cyber espionage utilities for Linux, new distribution mechanisms, and a new attack vector used against the Linux environment. …

Read More

Published On : 2023-09-17

EXECUTIVE SUMMARY

At Cyfirma, we are committed to providing up-to-date information on the most prevalent threats and tactics used by malicious actors to target both organizations and individuals. In this analysis, we delve into a trending information stealer RedLine. This investigation reveals a novel strain of malware that is being disseminated in the guise of a counterfeit document, packaged within a zip archive that houses a batch script file.…

Read More

The deployment of file-encrypting ransomware by organized cybercriminal gangs is one of the largest cybersecurity risks facing organizations. A network breach that culminates with a ransomware infection often starts with an infection with a type of malware called a loader. This malware acts as a foothold into an organization’s network and is subsequently used to install other payloads such as malware or tools.…

Read More

Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. While investigating a set of suspicious domains, the experts identified that the domain in question has a deb.fdmpkg[.]org subdomain.

Visiting the subdomain with the browser, the researchers noticed a page claiming that the domain is hosting a Linux Debian repository of software named ‘Free Download Manager’.…

Read More
“MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business Accounts

By Oleg Zaytsev (Guardio Labs)

Facebook’s Messenger platform has been heavily abused in the past month to spread endless messages with malicious attachments from a swarm of fake and hijacked personal accounts.…

Read More

Authored by Yashvi Shah

Agent Tesla functions as a Remote Access Trojan (RAT) and an information stealer built on the .NET framework. It is capable of recording keystrokes, extracting clipboard content, and searching the disk for valuable data. The acquired information can be transmitted to its command-and-control server via various channels, including HTTP(S), SMTP, FTP, or even through a Telegram channel.…

Read More
Introduction

The Zscaler ThreatLabz team recently observed a surge in tech-support scams, with a noteworthy focus on the utilization of Windows Action Center notifications to display misleading warning messages to users. While the majority of tech-support scams previously centered around counterfeit notifications related to Windows Defender, scammers have since expanded their tactics to include bogus web pages impersonating other security providers like McAfee and Avast. …

Read More

Affected platforms: WindowsImpacted parties: Any organizationImpact: Remote attackers steal credentials, sensitive information, and cryptocurrencySeverity level: Critical

In August, FortiGuard Labs obtained a Word document containing a malicious URL designed to entice victims to download a malware loader. This loader employs a binary padding evasion strategy that adds null bytes to increase the file’s size to 400 MB.…

Read More
Introduction

Zscaler ThreatLabz recently discovered a new stealing campaign dubbed as the “Steal-It” campaign. In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions of Nishang’s Start-CaptureServer PowerShell script, executing various system commands, and exfiltrating the retrieved data via Mockbin APIs.

Through an in-depth analysis of the malicious payloads, our team observed a geofencing strategy employed by the campaign, with specific focus on targeting regions including Australia, Poland, and Belgium.…

Read More

Affected platforms: Microsoft WindowsImpacted parties: Windows UsersImpact: Collects sensitive information from a victim’s computerSeverity level: Critical

Our FortiGuard Labs captured a phishing campaign that spreads a new Agent Tesla variant. This well-known malware family uses a .Net-based Remote Access Trojan (RAT) and data stealer to gain initial access.…

Read More

In May, we sounded the alarm about PYTA31, an advanced persistent threat actor distributing the “WhiteSnake” malware. Since then, we’ve been rigorously monitoring this group, which has been active from April through mid-August, distributing malicious PyPI packages laced with “WhiteSnake Malware.” 

WhiteSnake Malware, also known as the “WhiteSnake Stealer”, first appeared on hacking forums in early 2022.…

Read More

Estimated reading time: 3 minutes

Overview

In the 1990s, as the internet gained popularity, cybercriminals started developing and distributing basic forms of malware, including password stealers. Early stealer malware primarily targeted login credentials and passwords for online services and email accounts. As technology advanced, so did the capabilities of stealer malware.…

Read More