Tag: TROJAN

VanHelsing, new RaaS in Town
VanHelsingRaaS is an emerging ransomware-as-a-service (RaaS) launched in March 2025, allowing affiliates to initiate ransomware attacks with a low deposit. It targets multiple platforms and has already infected several victims demanding significant ransom payments. The program’s rapid growth and sophisticated capabilities highlight the evolving ransomware threat.…
Read More
Hackers Hide VenomRAT Malware Inside Virtual Hard Disk Image Files
Summary: Cybersecurity researchers at Forcepoint X-Labs have discovered a new malware campaign utilizing VenomRAT, a remote access trojan, delivered via an uncommon method. Instead of typical documents, attackers are sending .vhd files containing a malicious batch script disguised as harmless purchase orders. This innovative approach leverages virtualization techniques to evade detection by security software and facilitate data theft.…
Read More
Squid Werewolf Cyber Spies Masquerade as Recruiters
This article discusses a sophisticated phishing attack characterized by a deceptive email presenting a job offer. The attack utilizes a password-protected ZIP file containing an LNK file that executes commands to establish persistence and deploy a malicious DLL. It highlights the techniques used by the threat actor to conduct the attack and indicates that the operation bears similarities to prior attacks attributed to the APT37 group.…
Read More
CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
Summary: The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about a new attack campaign targeting Ukraine’s defense sectors using Dark Crystal RAT (DCRat). Attackers are distributing malicious messages via the Signal app, posing as legitimate communication, which include an executable that installs the DCRat malware for remote control and information theft.…
Read More
GrassCall Campaign: The Hackers Behind Job Recruitment Cyber Scams
The “GrassCall” malware campaign is an advanced social engineering attack targeting job seekers in the cryptocurrency and Web3 sectors, orchestrated by the Russian cybercriminal organization “Crazy Evil.” Utilizing fake job interviews, the attackers compromise systems to steal cryptocurrency assets, resulting in hundreds of victims. Affected: cryptocurrency sector, job seekers

Keypoints :

The GrassCall malware campaign is led by the Russian-speaking cyber-criminal organization “Crazy Evil.”…
Read More
Fake Cloudflare Verification Results in LummaStealer Trojan Infections
This article describes an ongoing malware campaign utilizing malicious WordPress plugins to spread the LummaStealer trojan. The malware trick users into running harmful PowerShell commands, thus collecting sensitive data from infected PCs. The campaign exploits fake human verification prompts primarily targeting Windows users. Affected: WordPress websites, Windows operating system users

Keypoints :

LummaStealer is an infostealer malware designed to collect sensitive data.…
Read More
Ukrainian military targeted in new Signal spear-phishing attacks
Summary: Ukraine’s Computer Emergency Response Team (CERT-UA) has issued a warning about targeted attacks utilizing compromised Signal accounts to deliver malware to defense industry employees and military personnel. The attacks involve messages with archives masquerading as meeting reports, leading victims to inadvertently execute harmful files. This activity, tracked as UAC-0200, has seen recent updates in phishing tactics to align with urgent military topics in Ukraine.…
Read More
Microsoft Warns of New StilachiRAT Malware
Summary: Microsoft has revealed details about StilachiRAT, a stealthy malware designed to steal sensitive data from compromised machines by profiling systems, monitoring clipboard content, and extracting credentials from cryptocurrency wallets. Though not widely distributed, the malware exhibits advanced evasion techniques and persistence mechanisms. Microsoft has not linked it to any specific threat group or country as of now.…
Read More
FBI Issues Warning Over Free Online File Converters That Actually Install Malware
Summary: The FBI Denver Field Office has issued a warning regarding an increase in scam websites that masquerade as free online file converters but instead load malware onto users’ systems. This malware can lead to ransomware attacks and the theft of sensitive personal information. Users are advised to remain vigilant and protect their devices with anti-malware solutions.…
Read More
Microsoft identifies new RAT targeting cryptocurrency wallets and more
Summary: Microsoft has discovered a new remote access trojan named StilachiRAT, which utilizes sophisticated evasion techniques to maintain persistence on compromised systems while exfiltrating sensitive data. The malware targets several cryptocurrency wallet extensions and can manipulate system settings and steal credentials. Although the origin of StilachiRAT remains unknown, its capabilities warrant serious attention due to its stealth and extensive data collection functions.…
Read More
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor
In August 2024, ESET researchers uncovered cyberespionage activities by the MirrorFace APT group targeting a Central European diplomatic institute related to Expo 2025 in Osaka, Japan. This marks the first instance of MirrorFace infiltrating a European entity, showcasing new tactics and tools, including the backdoor ANEL and a customized variant of AsyncRAT.…
Read More
New XCSSET Malware Adds New Obfuscation and Persistence Techniques to Infect Xcode Projects | Microsoft Security Blog
A new variant of XCSSET malware has been discovered, which is specifically designed to infect macOS Xcode projects. This sophisticated malware utilizes advanced obfuscation, updated persistence techniques, and novel infection strategies to exfiltrate sensitive information, including digital wallet data. It operates in a stealthy manner, often remaining fileless, which complicates detection and removal efforts.…
Read More
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft | Microsoft Security Blog
In November 2024, Microsoft Incident Response uncovered StilachiRAT, a remote access trojan that employs sophisticated evasion techniques and data exfiltration capabilities, targeting sensitive information such as credentials, digital wallet data, and clipboard contents. StilachiRAT establishes command-and-control connectivity with remote servers, and Microsoft has issued guidance to bolster defenses against this growing threat.…
Read More
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…
Read More
100 Car Dealerships Hit by Supply Chain Attack
Summary: A supply chain attack compromised LES Automotive, a service used by car dealerships, enabling over 100 dealership websites to distribute malicious ClickFix code. This attack employs social engineering tactics to prompt users into executing harmful commands. The ClickFix malware campaign has increasingly targeted various sectors, including the auto and hospitality industries.…
Read More