Malware Campaign Leverages SVGs, Email Attachments, and CDNs to Drop XWorm and Remcos via BAT Scripts

CySecBot 11 September

9 minutes

Table of Content: Introduction Infection Chain Process Tree Campaign 1: – Persistence – BATCH files – PowerShell script – Loader – Xworm/Remcos Campaign 2 Conclusion IOCS Detections MITRE ATTACK TTPs Introduction: Recent threat campaigns have revealed an evolving use of BAT-based loaders to deliver Remote Access Trojans, including XWorm and Remcos. These campaigns often begin […]

The post Malware Campaign Leverages SVGs, Email Attachments, and CDNs to Drop XWorm and Remcos via BAT Scripts appeared first on Blogs on Information Technology, Network & Cybersecurity | Seqrite.

breaking news

Kosovo man pleads guilty to running online criminal marketplace BlackDB

GlobalDefenseBot 11 September

3 minutes

Kosovo man Liridon Masurica pleaded guilty to running the cybercrime marketplace BlackDB. He was arrested in 2024. Kosovo citizen Liridon Masurica (33) of Gjilan, aka @blackdb, pleaded guilty to running the BlackDB cybercrime market. Kosovo police arrested Masurica on December 12, 2024 and he was extradited to the US. The online criminal marketplace BlackDB.cc has […]

ChillyHell macOS Malware Resurfaces, Using Google.com as a Decoy

CySecBot 11 September

1 minute

A previously dormant macOS threat, ChillyHell, is reviving. Read how this malware can bypass security checks, remain hidden,…

breaking news

Attackers abuse ConnectWise ScreenConnect to drop AsyncRAT

GlobalDefenseBot 11 September

3 minutes

Hackers exploit ConnectWise ScreenConnect to drop AsyncRAT via scripted loaders, stealing data and persisting with a fake Skype updater. LevelBlue researchers warn of a campaign abusing ConnectWise ScreenConnect to deploy AsyncRAT. Attackers use VBScript/PowerShell loaders and achieve persistence via a fake Skype updater. ConnectWise ScreenConnect is a remote desktop and remote support software designed to enable […]

Chinese APT Hits Philippine Military Firm with New EggStreme Fileless Malware

CySecBot 10 September

1 minute

Bitdefender uncovers EggStreme, a fileless malware by a China-based APT targeting the Philippine military and APAC organisations. Cybersecurity…

New Fileless Malware Attack Uses AsyncRAT for Credential Theft

CySecBot 10 September

1 minute

LevelBlue Labs reports AsyncRAT delivered through a fileless attack chain using ScreenConnect, enabling credential theft and persistence.

New Buterat Backdoor Malware Found in Enterprise and Government Networks

CySecBot 10 September

1 minute

Meet Buterat, a new backdoor malware spreading through phishing and trojanized downloads, giving attackers persistent access to enterprise and government networks.

breaking news

KillSec Ransomware is Attacking Healthcare Institutions in Brazil

GlobalDefenseBot 10 September

4 minutes

KillSec Ransomware claimed responsibility for a cyberattack on MedicSolution, a software solutions provider for the healthcare industry in Brazil. The KillSec Ransomware group has threatened to leak sensitive data unless negotiations are initiated promptly. According to threat intelligence reporting by Resecurity, the root cause of the incident – data exfiltration from insecure AWS S3 bucket. […]

breaking news

Supply chain attack targets npm, +2 Billion weekly npm downloads exposed

GlobalDefenseBot 9 September

3 minutes

Multiple popular npm packages were compromised in a supply chain attack after a maintainer fell for a phishing email targeting 2FA credentials. A supply chain attack compromised multiple popular npm packages with 2B weekly downloads after a maintainer fell for a phishing email mimicking npm, targeting 2FA credentials. Threat actors targeted Josh Junon’s (Qix) to […]

New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs

CySecBot 9 September

1 minute

Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development.