Russian APT28 Deploys “NotDoor” Backdoor Through Microsoft Outlook
APT28 hackers deploy NotDoor backdoor via Microsoft Outlook macros, using OneDrive sideloading to steal data and evade detection.
New Malware Uses Windows Character Map for Cryptomining
Darktrace reports new malware hijacking Windows Character Map for cryptomining, exposing risks of hidden attacks in everyday software…
XWorm Malware Adopts New Infection Chain to Bypass Security Detection
Cybersecurity researchers have identified a sophisticated evolution in XWorm malware operations, with the backdoor campaign implementing advanced tactics to evade detection systems. The Trellix Advanced Research Center has documented this significant s…
Fake AnyDesk Installer Spreads MetaStealer Through ClickFix Scam
A new and clever ClickFix scam is using a fake AnyDesk installer and Windows search to bypass security,…
Android droppers evolved into versatile tools to spread malware
Android droppers now spread banking trojans, SMS stealers, and spyware, disguised as government or banking apps in India and Asia. ThreatFabric researchers warn of a shift in Android malware: dropper apps now deliver not just banking trojans, but also SMS stealers and spyware, mainly in Asia. Google’s Pilot Program enhances Play Protect by scanning Android […]
Silver Fox APT Exploits Signed Windows Driver to Deliver ValleyRAT
Check Point reports Silver Fox APT using a signed WatchDog driver flaw to disable Windows security and deliver…
North Korea’s ScarCruft Targets Academics With RokRAT Malware
A new report reveals North Korea-linked ScarCruft is using RokRAT malware to target academics in a phishing campaign.…
Crooks exploit Meta malvertising to target Android users with Brokewell
Cybercriminals spread Brokewell via fake TradingView Premium ads on Meta, stealing crypto and data with remote control since July 2024. Bitdefender warns threat actors are abusing Meta ads to spread fake TradingView Premium apps for Android, delivering Brokewell malware to steal crypto and data. “Bitdefender researchers recently uncovered a wave of malicious ads on Facebook […]
North Korea’s APT37 deploys RokRAT in new phishing campaign against academics
ScarCruft (APT37) launches Operation HanKook Phantom, a phishing campaign using RokRAT to target academics, ex-officials, and researchers. Cybersecurity firm Seqrite Labs uncovered a phishing campaign, tracked as dubbed Operation HanKook Phantom, by the North Korea-linked group APT37 (aka Ricochet Chollima, ScarCruft, Reaper, and Group123). Threat actors are using a fake “National Intelligence Research Society Newsletter […]
AI Waifu RAT Exploits Users with Advanced Social Engineering Tactics
A sophisticated new malware campaign has emerged that weaponizes artificial intelligence and social engineering to target niche online communities. Security researchers have identified the “AI Waifu RAT,” a remote access trojan that masquer…