11 Aug 2022

DeathStalker’s VileRAT Continues to Target Foreign and Crypto Exchanges

Threat actor DeathStalker is actively targeting cryptocurrency exchanges located around the world with the VileRAT malware, according to Kaspersky researchers. The researchers published an advisory just days ago in which the campaign is detailed. The campaign reportedly began in September 2020 but revamped its efforts in June 2022, leveraging the

Read More
06 Apr 2022

No-Joke Borat RAT Propagates Ransomware, DDoS

Security researchers at Cyble Research Labs have discovered a new malware strain that extends the abilities of typical trojans, providing for a series of modules for launching various types of malicious activity. Cyble reports that the trojan, boasting advanced functionality, is bring used by attackers to spread ransomware and conduct

Read More
08 Feb 2022

Medusa Malware Joins Flubot’s Android Distribution Network

Flubot, the Android spyware that has been spreading since last year, has joined another mobile threat known to researchers as Medusa. The two powerful trojans boast spyware and RAT capabilities, and are now being used in side-by-side campaigns using a common infrastructure. ThreatFabric was the first to discover that Medusa

Read More
10 Jan 2022

Indian Patchwork hacking group infects itself with remote access Trojan

A group named Patchwork by Malwarebytes has been exposed after it accidentally infected its own development environment with a remote access Trojan (RAT). The group has been traced back to India and is also known by the names Hangover Group, Dropping Elephant, Chinastrats, and Monsoon. The group has been active

Read More
17 Dec 2020

This ‘off the shelf’ Tor backdoor malware is now a firm favorite with ransomware operators

On Thursday, Sophos Labs’ Sivagnanm Gn and Sean Gallagher, two cybersecurity researchers, revealed detailed information on malware that has become increasingly popular over the past several months, called SystemBC. SystemBC is a remote access trojan (RAT) that is advertised across dark web forums and has the capability to abuse Tor

Read More
20 Oct 2020

GravityRAT Comes Back to Earth with Android, macOS Spyware

According to researchers, the cybercriminals behind the creation of the sophisticated GravityRAT spyware have released new variants for macOS and Android. This marks the first time the operators behind the remote access trojan have administered new versions since its formation in 2015. According to researchers from Kaspersky, the group has

Read More
06 Oct 2020

Tenda Router Zero-Days Emerge in Spyware Botnet Campaign

A new malware variant has been discovered by researchers and has the capability to conduct espionage and denial-of-service attacks. The malware is a variant of the Mirai botnet and has been named Ttint. Ttint can perform a variety of functions, ranging from remote-access-trojan tactics and spyware capabilities. Researchers at 360Netlab

Read More
28 Sep 2020

Alien Android Banking Trojan Sidesteps 2FA

A new variant of the infamous Cerberus banking Trojan named Alien has been ruthlessly targeting victims’ credentials for over 200 popular mobile apps, including Microsoft Outlook and Bank of America. The banking trojan is gaining access to Android devices worldwide through utilizing an advanced authentication bypass tool that allows it

Read More
04 Sep 2020

Evilnum APT Group Employs New Python RAT

An APT group called Evilnum has reportedly adopted a new Python remote access Trojan (RAT). The new RAT was designed to target financial tech organizations through the creation of highly specific and sophisticating spear phishing attacks. Over the past few weeks, researchers have detected noticeable shifts in Evilnum’s tools, techniques,

Read More
02 Sep 2020

China-based APT Debuts Sepulcher Malware in Spear-Phishing Attacks

A Chinese APT referred to as TA413 has allegedly been distributing a new RAT that has been dubbed Sepulcher. TA413 has been using the RAT in various campaigns over the past six months in attacks against European organizations and government entities, as well as Tibetan dissidents. TA413 has been previously

Read More