Tag: TROJAN

The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT
Dark Caracal’s latest cyber operation uses Poco RAT, a sophisticated malware targeting Spanish-speaking regions in Latin America, primarily through phishing campaigns. The group employs clever methods to deliver malicious payloads, including trojanized attachments and cloud storage services. Affected: corporate networks, Spanish-speaking users, Latin America

Keypoints :

Dark Caracal has launched a new campaign using the Poco RAT malware.…
Read More
Chinese hackers target Russian govt with upgraded RAT malware
Summary: Chinese-speaking IronHusky hackers are employing an upgraded version of the MysterySnail remote access trojan (RAT) to target Russian and Mongolian government organizations. This new variant, named MysteryMonoSnail, facilitates advanced control over compromised devices via a malicious script disguised as a Word document, allowing attackers to manage files and processes effectively.…
Read More
Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT
Summary: Researchers highlight a significant rise in XorDDoS malware, which has primarily targeted U.S. systems between November 2023 and February 2025. The trojan, originally known for attacking Linux systems, has now expanded its reach to Docker servers and other internet-connected devices, with nearly 42 percent of affected devices located in the U.S.…
Read More
State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns
Summary: Various state-sponsored hacking groups from Iran, North Korea, and Russia have adopted the ClickFix social engineering tactic to deploy malware in a series of phishing campaigns from late 2024 into early 2025. This approach has evolved from cybercrime applications to being utilized by nation-state actors, who manipulate targets into executing malicious commands under the guise of technical fixes.…
Read More
Python and MITRE ATT&CK Part 8
Credential theft is a significant threat in cybersecurity, occurring when attackers exploit weak password practices or use sophisticated techniques like keyloggers to gain unauthorized access to systems. Organizations are advised to implement strict password policies and training to mitigate risks in their environments. Affected: Organizations, Cybersecurity Sector

Keypoints :

Credential access is a primary focus for attackers once they have gained access to a system with admin rights.…
Read More
Understanding and Threat Hunting for RMM Software Misuse
Threat actors are increasingly exploiting Remote Monitoring and Management (RMM) software to conduct sophisticated cyberattacks, using tools like AnyDesk, Atera Agent, and MeshAgent for unauthorized access, data exfiltration, and persistence in compromised networks. This trend highlights the potential risks posed by these tools, which are often embedded in organizational IT workflows.…
Read More
Interlock ransomware evolving under the radar
The Interlock ransomware group, first observed in September 2024, has emerged as a significant cyber threat, employing tactics such as Big Game Hunting and double extortion. Unlike many ransomware organizations, it does not operate as a Ransomware-as-a-Service (RaaS) group and features a Data Leak Site called “Worldwide Secrets Blog” for negotiation and data exposure.…
Read More
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users
Summary: Cheap Android smartphones from Chinese manufacturers have been found pre-loaded with trojanized apps, including counterfeit versions of WhatsApp and Telegram, that enable cryptocurrency theft. The malicious software, referred to as Shibai, is designed to intercept and manipulate cryptocurrency transactions, while also harvesting sensitive data and images.…
Read More
Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents
This report details a sophisticated attack using malicious online file converters to distribute malware, particularly Arechclient2, through impersonation of legitimate services. The analysis includes methods used by attackers and offers protection recommendations. Affected: online file converters, users, organizations, digital workflows

Keypoints :

The FBI issued an alert on March 17, 2025, about malicious online file converters.…
Read More
UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell
This article discusses the latest developments of the Chinese state-sponsored threat actor UNC5174, known for its advanced cyber warfare techniques. The actor has transitioned from using the SUPERSHELL tool to the open source VShell, which has been integrated into their SNOWLIGHT malware campaign. This evolution highlights their persistent espionage activities targeting organizations in Western countries and critical infrastructure sectors, using stealthy methods including fileless malware and sophisticated command-and-control tactics.…
Read More
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
Summary: A new campaign attributed to the China-linked threat actor UNC5174 employs a variant of the SNOWLIGHT malware and the VShell tool to breach Linux and macOS systems. These tools utilize open-source resources for obfuscation and cost-effectiveness, making attribution challenging. The campaign has been linked to attacks exploiting security flaws in Ivanti appliances, affecting multiple sectors worldwide.…
Read More
Renewed APT29 Phishing Campaign Against European Diplomats
An advanced phishing campaign attributed to APT29, a Russia-linked threat group, is targeting diplomatic entities in Europe by impersonating a foreign affairs ministry to distribute invitations for wine tasting events. This campaign features the use of a new loader, GRAPELOADER, alongside an evolved variant of the existing backdoor WINELOADER, both of which enable stealth techniques and payload delivery.…
Read More
Malicious npm Package Disguised as Advcash Integration Triggers Reverse Shell
The article discusses a malicious npm package, @naderabdi/merchant-advcash, which embeds a reverse shell trigger disguised as a legitimate payment processing module for the Advcash payment platform. This security threat is aimed at end users making transactions, leading to severe implications for their system’s security. Affected: npm package, Advcash platform, end users

Keypoints :

A malicious npm package called @naderabdi/merchant-advcash has been discovered.…
Read More
ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading
Summary: Researchers have uncovered a sophisticated remote access trojan named ResolverRAT, primarily targeting the healthcare and pharmaceutical sectors through phishing attacks. The malware utilizes fear-based language in localized emails to induce urgency and uses advanced techniques to evade detection. The campaign’s attributes indicate potential connections to previous phishing campaigns, highlighting a complex and evolving threat landscape.…
Read More