.webp)
Cyber Security News
Remcos Everywhere! Attacking From a Weaponized Zip File
Cybersecurity circles are abuzz with the latest campaign involving the notorious Remote Control System (RAT), Remcos.
Security Affairs
Remcos RAT campaign targets US accounting and tax return preparation firms
Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Ahead of the U.S. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported. Remcos is […]
The Hacker News
New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT
Ukrainian entities in Finland targeted in a malicious campaign distributing Remcos RAT using IDAT Loader.
.webp)
Cyber Security News
Threats Actors Delivering Remcos RAT Distributed as UUE (Uuencoding) File
Researchers have confirmed the accuracy of the Remcos RAT malware being distributed through UUE (UUEncoding) files compressed with Power Archiver.
The Hacker News
Remcos RAT Spreading Through Adult Games in New Attack Wave
reaking News: Remcos RAT, a stealthy remote access trojan, is now spreading in South Korea disguised as adult-themed games via webhards
.webp)
Cyber Security News
Hackers Using Weaponized Virtual Hard Disk Files to Deliver Remcos RAT
Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious Remote Control Software (RAT), Remcos.
Cyber Security News
Researchers Uncover the Bond Between the Infamous Remcos RAT and GuLoader
Threat actors adopting the use of two software GuLoader (also known as CloudEyE Protector) and Remcos (Remote administration tool) for malicious purposes
Security Affairs
Ukraine CERT-UA warns of phishing attacks employing Remcos software
The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a new wave of attacks against state authorities to deploy the Remcos software. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a phishing campaign aimed at state authorities that involves the use of the legitimate remote access software Remcos. The phishing emails, […]
The Hacker News
Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe
New phishing campaign targets European entities using Remcos RAT & Formbook via DBatLoader malware!
The Record
Remcos software deployed in spying attempt on Ukraine’s government, CERT says
Hacking group UAC-0050 tried to deploy the remote management software Remcos in an effort to spy on government agencies, Ukraine said.
The Hacker News
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT
The threat actor UAC-0050 is using phishing attacks to distribute the Remcos RAT while employing new strategies to avoid detection.
The Record
Remcos, again: Ukrainian agencies targeted in a new spying campaign
In a recent campaign, the hacking group tracked as UAC-0050 attempted to spread the Remcos remote access tool, according to research by Ukraine's computer emergencies response team (CERT-UA).
Security Affairs
IDAT Loader used to infect a Ukraine entity in Finland with Remcos RAT
A new malware campaign is targeting a Ukraine entity in Finland with Remcos RAT distributed via a loader called IDAT Loader.
Bleeping Computer
New IDAT loader version uses steganography to push Remcos RAT
A hacking group tracked as 'UAC-0184' was observed utilizing steganographic image files to deliver the Remcos remote access trojan (RAT) onto the systems of a Ukrainian entity operating in Finland.
DarkReading
Remcos RAT Spyware Scurries Into Machines via Cloud Servers
Attackers use phishing emails that appear to come from reputable organizations, dropping the payload using public cloud servers and an old Windows UAC bypass technique.
.webp)
Cyber Security News
Hackers using Weaponized PDF Files to Deliver Remcos RAT
Cybercriminals have launched a sophisticated campaign targeting individuals and utilizing weaponized PDF files to deploy dangerous RATs.
DarkReading
UAC-0184 Targets Ukrainian Entity in Finland With Remcos RAT
The IDAT Loader malware was used to deliver the cyber espionage tool, employing steganography, a seldom-seen technique in real-world attacks.
The Hacker News
Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT
Threat actors are deploying fake websites with trojanized software to infect unsuspecting users with Fruity downloader malware.
Infosecurity News
Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks
Weekly attacks targeting Ukraine decreased by 44% between October 2022 and February 2023
The Hacker News
CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks
CERT-UA has issued a warning of cyber attacks targeting state authorities using a legitimate remote access software.
DarkReading
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure
Disguised as harmless PDF documents, LNK files trigger a PowerShell script, initiating a Rust-based injector called Freeze[.]rs and a host of malware infections.
The Record
Hackers using Remcos malware to spy on Ukraine have become stealthier, researchers find
Cybersecurity researchers have discovered that a hacking group targeting Ukraine is using a new method to efficiently and secretly transfer malicious data.
The Cyber Express
Unmasking New Year-themed Spam Emails: A Closer Look at the Remcos RAT Connection
As the New Year festivities unfold, cyber threats take on a deceptive facade, with malicious actors exploiting the celebratory spirit
The Hacker News
QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks
🕵️♂️ Despite infrastructure disruption, QakBot malware operators are still active in an ongoing phishing campaign, delivering Ransom Knight ransomwa
Cyber Security News
Massive Phishing Attack Targeting 40+ Prominent Companies
Remcos is categorized as a Remote Access Trojan (RAT), granting attackers complete control over compromised computers.
Cyber Security News
Hackers Exploiting Windows SmartScreen Zero-day Vulnerability to Deploy Remcos RAT
Microsoft released multiple security patches as part of their Patch Tuesday in which three zero-day vulnerabilities were also patched.
Infosecurity News
WinRAR Vulnerability Affects Traders Worldwide
Group-IB said cyber-criminals used the flaw to create archives packaged with DarkMe, GuLoader and Remcos RAT
The Hacker News
TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks
TA558 hackers are using steganography to hide and distribute malware like Agent Tesla, FormBook, Remcos RAT, LokiBot.
The Hacker News
Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing
Cybersecurity experts uncover a sophisticated multi-stage attack! 🛡️ Malware including Venom RAT, Remcos RAT, and more deployed via invoice-themed ph
Bleeping Computer
Old Windows ‘Mock Folders’ UAC bypass used to drop malware
A new phishing campaign targets organizations in Eastern European countries with the Remcos RAT malware with aid from an old Windows User Account Control bypass discovered over two years ago.
Cyber Security News
Malware Trends 2024: Lessons From 2023 - A Detailed Report
Remcos (1,385 detections in Q1) and AgentTesla (1,769 in Q4) were the two most prevalent examples, closely followed by NjRAT and AsyncRAT.
Cyber Security News
Beware of New Fileless Malware that Propagates Through Spam Mail
Threat actors have used phishing emails to distribute fileless malware. The attachment consists of a .hta (HTML Application) file, which can be used for deploying other malware like AgentTesla, Remcos, and LimeRAT.
Bleeping Computer
Russia-Ukraine war exploited as lure for malware distribution
Threat actors are distributing malware using phishing themes related to the invasion of Ukraine, aiming to infect their targets with remote access trojans (RATs) such as Agent Tesla and Remcos.
Trend Micro
TargetCompany Ransomware Abuses FUD Obfuscator Packers
In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.
.jpg)
The Hacker News
Ande Loader Malware Targets Manufacturing Sector in North America
Blind Eagle expands its cyber attack realm! Now targeting North America's manufacturing sector with phishing emails.
Cyber Security News
Beware! Hackers Abusing Public Cloud Infrastructure to Host DBatLoader Malware
phishing campaigns have been identified by the security analysts at SentinelOne using the DBatLoader malware loader.
Cyber Security News
Hackers Use Steganography Methods To Hide Malware In PNG File
Steganography is employed by threat actors to hide malicious payloads in benign files such as pictures or documents.
Cyber Security News
Top 3 Malware Threatening Businesses in Q2 2023
ANY.RUN, an interactive online sandbox for fast malware analysis, has published the results of its research into the top cyber threat trends in Q2 2023.
The Record
AceCryptor malware has surged in Europe, researchers say
Researchers at ESET say they spotted thousands of new infections with AceCryptor, which allows malware to slip into systems without being detected by anti-virus software.
SecurityWeek
US, Australian Cybersecurity Agencies Publish List of 2021's Top Malware
A new joint cybersecurity advisory from CISA and the Australian Cyber Security Centre details 2021’s top malware strains.
Infosecurity News
Cyber-Criminals Exploit Invasion of Ukraine
Rise in malspam campaigns exploiting attack on Ukraine by Russia
Bleeping Computer
Microsoft: Phishing attack targets accountants as Tax Day approaches
Microsoft is warning of a phishing campaign targeting accounting firms and tax preparers with remote access malware allowing initial access to corporate networks.
The Hacker News
New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks
Malicious actors are leveraging the legitimate Rust-based injector Freeze[.]rs to deploy the XWorm malware in targeted environments.
The Record
U.S. and Australian security agencies release list of 2021's 'top' malware strains
The most commonly seen malware strains in 2021 include Agent Tesla, Qakbot, TrickBot, GootLoader and several others, according to a new list released by CISA and the Australian Cyber Security Centre.
Bleeping Computer
WinRAR zero-day exploited since April to hack trading accounts
A WinRar zero-day vulnerability tracked as CVE-2023-38831 was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts.
The Hacker News
New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
Beware Latin America! BBTok banking trojan strikes Brazil & Mexico. Crafty phishing emails, unique payloads, and a sneaky approach.
SecurityWeek
Qakbot Hackers Continue to Push Malware After Takedown Attempt
Qakbot cybercriminals continue to push malware, which shows they are still operational after the recent takedown attempt.
Infosecurity News
Crypto Wallets Under Attack By DoubleFinger Malware
The malware discovered by Kaspersky employs a multistage attack method
The Hacker News
Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
Cybercriminals are currently employing ASMCrypt, an advanced iteration of DoubleFinger, to evade detection by security tools.
The Hacker News
WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders
The recent WinRAR vulnerability was exploited as a zero-day since April to compromise traders' devices and withdraw money.
Bleeping Computer
Cybersecurity agencies reveal last year’s top malware strains
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released today a list of the most detected malware strains during last year in a joint advisory with the Australian Cyber Security Centre (ACSC).
The Hacker News
Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal
Multiple threat actors are exploiting a design flaw inFoxit PDF software to deliver various malware.
The Hacker News
Hackers Abusing Windows Search Feature to Install Remote Access Trojans
Malicious actors are exploiting a legitimate Windows search feature to download arbitrary payloads and compromise systems with RATs like AsyncRAT.
Cyber Security News
Hackers Exploit Windows Search Feature to Execute Malware on Infected Systems
Malware authors persistently seek novel approaches to exploit unsuspecting users in the active cyber threat landscape.
Bleeping Computer
Microsoft build tool abused to deliver password-stealing malware
Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign.
The Hacker News
New Yashma Ransomware Variant Targets Multiple English-Speaking Countries
🚨 Yashma ransomware is on the rampage, hitting English-speaking nations, Bulgaria, China, and Vietnam! Leaked builders are fueling these attacks.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
Cyber Security News
HijackLoader Using Weaponized PNG Files To Deliver Multiple Malware
HijackLoader, a modular malware loader observed in 2023, is evolving with new evasion techniques, as it is a variant using a PNG image to
The Hacker News
SmokeLoader Infecting Targeted Systems with Amadey Info-Stealing Malware
An information-stealing malware called Amadey is being distributed by means of another backdoor called SmokeLoader.
DarkReading
Trigona Ransomware Trolling for 'Poorly Managed' MS-SQL Servers
Vulnerable MS-SQL database servers have external connections and weak account credentials, researchers warn.
The Hacker News
Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns
Researchers have observed a surge in email phishing campaigns delivering Latrodectus, a new malware loader believed to be the successor to IcedID.
DarkReading
Unkillable? Qakbot Infections Fly On Even After Its High-Profile Raid
A literal seven-nation (cyber) army wasn't enough to hold back the famous initial access broker (IAB) for long — it's been chugging along, spreading ransomware, despite a massive takedown in August.
Security Affairs
Security Affairs newsletter Round 461 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Hackers Use New .NET Loader Malware to Deliver Wide Range of Payloads
An unrecorded .NET Loader was identified during routine threat hunting that downloads, decrypts, and executes a malicious payloads.
CyberSecurity Dive
The 11 most-prevalent malware strains of 2021 fuel cybercrime
Cybercriminals remain the most prolific users of malware, wielding these top strains to deliver ransomware and steal data.
The Hacker News
Beware: New DoubleFinger Loader Targets Cryptocurrency Wallets with Stealer
oubleFinger loader is a multi-stage, highly sophisticated crimeware that targets your Bitcoin wallets.
Security Affairs
Security Affairs newsletter Round 406 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Clop ransomware claims the hack of 130 orgs using GoAnywhere MFT flaw CISA adds Fortra […]
The Hacker News
New DotRunpeX Malware Delivers Multiple Malware Families via Malicious Ads
dotRunpeX is a new malware injector that's distributing various known malware families via phishing emails & malicious Google Ads.
The Hacker News
Several Malware Families Using Pay-Per-Install Service to Expand Their Targets
Malware families are making use of PrivateLoader's pay-per-install service in order to expand their victim list.
The Record
Qakbot hackers now pushing Cyclops/Ransom Knight ransomware, Cisco says
Just weeks after an international effort took down the Qakbot botnet's infrastructure, researchers from Cisco Talos say the hackers behind the group have pivoted to spreading ransomware.
Infosecurity News
“TicTacToe Dropper” Malware Distribution Tactics Revealed
A new Fortinet analysis revealed a plethora of final-stage payloads delivered by a series of malware droppers
The Hacker News
Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years
Researchers have uncovered a shellcode-based packer service that has been helping hackers hide their malware for the past 6 years.
Security Affairs
Qakbot is back and targets the Hospitality industry
Experts warn of a new phishing campaign distributing the QakBot malware, months after law enforcement dismantled its infrastructure.
Latest Hacking News
Latest SpyAgent Malware Campaign Abuses Legit RATs To Target Devices
SpyAgent exploits RATs like Teamviewer to deploy other malware and RATs to steal data and gain control on target device.
CyberNews
Cyberattacks against Ukraine surged in 2023
An increase in cyber incidents compared to 2022 underscores the growing challenges in protecting digital realms.
The Hacker News
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors
🚨 TrueBot, the notorious downloader trojan botnet, is back! Cybersecurity researchers reveal its latest activity surge.
Latest Hacking News
Hackers Exploited WinRAR Zero-Day To Target Traders
Days after fixing the vulnerability, details have surfaced online about a WinRAR zero-day vulnerability that went under attack. The researchers noticed active exploitation of the vulnerability to target traders. While the patch has already arrived,
Infosecurity News
Cyber-criminals Shift From Macros to Shortcut Files to Hack Business PCs, HP Report
The report shows an 11% rise in archive files containing malware, including LNK files
The Hacker News
New JinxLoader Targeting Users with Formbook and XLoader Malware
A new malware loader called JinxLoader is being used by threat actors to deliver payloads such as Formbook and XLoader.
The Hacker News
New Zaraza Bot Credential-Stealer Sold on Telegram Targeting 38 Web Browsers
New malware alert! The Zaraza bot steals credentials and is sold on Telegram. It targets 38 web browsers and captures sensitive data.
HACKRead
Russian Hackers Shift Tactics, Target More Victims with Paid Malware
Russian hackers are escalating cyberattacks, leveraging readily available malware and broadening their targets beyond governments.
Infosecurity News
PDF Exploitation Targets Foxit Reader Users
CPR said exploit builders in .NET and Python have been employed to deploy this malware
The Record
Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns
CERT-UA is attributing the surge to a group tracked as UAC-0184, which was also recently spotted targeting an unnamed Ukrainian entity in Finland.
HACKRead
Agent Tesla and Taskun Malware Targeting US Education and Govt Entities
Beware! Agent Tesla & Taskun Malware are targeting US Education & Gov. This cyberattack steals data & exploits vulnerabilities.
CSO
Qakbot malware’s creators ride again, despite FBI takedown
The bad actors behind a dangerous malware campaign may not have been put completely out of action by law enforcement, the Talos research group at Cisco warned today.
The Hacker News
Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant
Iranian hackers deploying SideTwist backdoor in fresh phishing attack. Separate campaign features new variant of Agent Tesla
The Hacker News
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware
Threat actor UAC-0099 continues to target Ukraine with cyberattacks. They exploit a critical WinRAR flaw to deliver the dangerous LONEPAGE malware.
Cyber Security News
The Power of Threat Intelligence Platforms for Faster Threat Investigations Checklist
In cybersecurity, information is what ultimately makes it possible to respond to threats effectively and proactively.
The Hacker News
Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign
APT28, the Russian nation-state threat actor, is using lures related to the Israel-Hamas war to distribute the HeadLace backdoor.
The Hacker News
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version
A newer version of the Hijack Loader malware has been observed with updated anti-analysis techniques to evade detection.
Security Affairs
FUD Malware obfuscation engine BatCloak continues to evolve
Researchers detailed a fully undetectable (FUD) malware obfuscation engine named BatCloak that is used by threat actors. Researchers from Trend Micro have analyzed the BatCloak, a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022. The samples analyzed by the experts demonstrated a remarkable ability to persistently evade […]
The Hacker News
Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable
BatCloak, the undetectable malware obfuscation engine deployed since Sep '22, allowing threat actors to easily load multiple malware families.
Cyber Security News
Hackers Steal Cryptocurrencies Using DoubleFinger Malware Via Weaponized PIF Attachment
Stealing cryptocurrencies is a joint event, and a recent addition to this trend is the DoubleFinger loader malware.
The Cyber Express
Defiance City Hit by Cyber Extortion: Knight Ransomware Group Strikes
The City of Defiance has fallen victim to a cyberattack orchestrated by the notorious Knight ransomware group. The City of
The Hacker News
CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks
Researchers have discovered a new data wiper malware, dubbed CaddyWiper, delivered in cyberattacks against Ukraine.
Security Affairs
Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022
The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million.
Security Affairs
CERT of Ukraine says Russia-linked APT backdoored multiple govt sites
The CERT of Ukraine (CERT-UA) revealed that Russia-linked threat actors have compromised multiple government websites this week. The Computer Emergency Response Team of Ukraine (CERT-UA) said that Russia-linked threat actors have breached multiple government websites this week. The government experts attribute the attack to UAC-0056 group (DEV-0586, unc2589, Nodaria, or Lorec53). “the Government Computer Emergency […]
Infosecurity News
Qakbot Gang Still Active Despite FBI Takedown
Cisco Talos found new evidence that Qakbot-affiliated actors were still distributing ransomware despite the August FBI takedown of the threat group
Security Affairs
ScrubCrypt used to drop VenomRAT along with many malicious plugins
Researchers discovered a sophisticated multi-stage attack that leverages ScrubCrypt to drop VenomRAT along with many malicious plugins.
Bleeping Computer
New NetDooka malware spreads via poisoned search results
A new malware framework known as NetDooka has been discovered being distributed through the PrivateLoader pay-per-install (PPI) malware distribution service, allowing threat actors full access to an infected device.
Loading more articles....