17 Dec 2020

This ‘off the shelf’ Tor backdoor malware is now a firm favorite with ransomware operators

On Thursday, Sophos Labs’ Sivagnanm Gn and Sean Gallagher, two cybersecurity researchers, revealed detailed information on malware that has become increasingly popular over the past several months, called SystemBC. SystemBC is a remote access trojan (RAT) that is advertised across dark web forums and has the capability to abuse Tor

Read More
20 Oct 2020

GravityRAT Comes Back to Earth with Android, macOS Spyware

According to researchers, the cybercriminals behind the creation of the sophisticated GravityRAT spyware have released new variants for macOS and Android. This marks the first time the operators behind the remote access trojan have administered new versions since its formation in 2015. According to researchers from Kaspersky, the group has

Read More
06 Oct 2020

Tenda Router Zero-Days Emerge in Spyware Botnet Campaign

A new malware variant has been discovered by researchers and has the capability to conduct espionage and denial-of-service attacks. The malware is a variant of the Mirai botnet and has been named Ttint. Ttint can perform a variety of functions, ranging from remote-access-trojan tactics and spyware capabilities. Researchers at 360Netlab

Read More
28 Sep 2020

Alien Android Banking Trojan Sidesteps 2FA

A new variant of the infamous Cerberus banking Trojan named Alien has been ruthlessly targeting victims’ credentials for over 200 popular mobile apps, including Microsoft Outlook and Bank of America. The banking trojan is gaining access to Android devices worldwide through utilizing an advanced authentication bypass tool that allows it

Read More
04 Sep 2020

Evilnum APT Group Employs New Python RAT

An APT group called Evilnum has reportedly adopted a new Python remote access Trojan (RAT). The new RAT was designed to target financial tech organizations through the creation of highly specific and sophisticating spear phishing attacks. Over the past few weeks, researchers have detected noticeable shifts in Evilnum’s tools, techniques,

Read More
02 Sep 2020

China-based APT Debuts Sepulcher Malware in Spear-Phishing Attacks

A Chinese APT referred to as TA413 has allegedly been distributing a new RAT that has been dubbed Sepulcher. TA413 has been using the RAT in various campaigns over the past six months in attacks against European organizations and government entities, as well as Tibetan dissidents. TA413 has been previously

Read More
20 Aug 2020

CISA Warns of New RAT Aimed at US Defense Contractors

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) previously issued a malware report in which they detailed a new remote-access trojan variant used by APT groups in North Korea. The report claims that the remote access trojan, BLINDINGCAN, is associated with the government of North Korea. The

Read More
18 May 2020

RATicate Group Hits Industrial Firms With Revolving Payloads

According to researchers, a new threat group called RATicate is targeting industrial companies with revolving payloads and is behind several malspam attacks against companies such as LokiBot, Agent Tesla, Netwire, FormBook, and BetaBot. Researchers have attributed at least six separate campaigns to the group, with the first starting in November

Read More
07 May 2020

Lazarus Group Hides macOS Spyware in 2FA Application

Lazarus Group, a cyberthreat group with known links to North Korea, has added a new variant of the Dacls remote-access trojan (RAT) that specifically targets the macOS operating system. The Dacls RAT has been created from an existing Linux version and was first discovered last December when it targeted Windows

Read More
18 Mar 2020

Coronavirus-Themed APT Attack Spreads Malware

An advanced persistent threat (APT) group has been leveraging the current pandemic to spread new malware deemed “Vicious Panda.” Security researchers stated that they had identified two suspicious Rich Text Format files targeting the Mongolian public sector. The RTF files execute a unique remote access trojan that takes screenshots of

Read More