Malware analysis

QSC: Multi-Plugin Malware Framework Installs Backdoor on WindowsQSC: Multi-Plugin Malware Framework Installs Backdoor on Windows

QSC: Multi-Plugin Malware Framework Installs Backdoor on Windows

The QSC Loader service DLL named "loader.dll" leverages two distinct methods to obtain the path to the Core module code.…

3 months ago
New NonEuclid RAT Evades Antivirus and Encrypts Critical FilesNew NonEuclid RAT Evades Antivirus and Encrypts Critical Files

New NonEuclid RAT Evades Antivirus and Encrypts Critical Files

A NonEuclid sophisticated C# Remote Access Trojan (RAT) designed for the.NET Framework 4.8 has been shown to pose a significant…

3 months ago
Malicious Solana Packages Attacking Devs Abusing Slack And ImgBB For Data TheftMalicious Solana Packages Attacking Devs Abusing Slack And ImgBB For Data Theft

Malicious Solana Packages Attacking Devs Abusing Slack And ImgBB For Data Theft

Malicious packages "solanacore," "solana login," and "walletcore-gen" on npmjs target Solana developers with Windows trojans and malware for keylogging and…

3 months ago
PHP Servers Vulnerability Exploited To Inject PacketCrypt Cryptocurrency MinerPHP Servers Vulnerability Exploited To Inject PacketCrypt Cryptocurrency Miner

PHP Servers Vulnerability Exploited To Inject PacketCrypt Cryptocurrency Miner

Researchers observed a URL attempts to exploit a server-side vulnerability by executing multiple commands through PHP's system() function. It downloads…

3 months ago
EAGERBEE Malware Updated It’s Arsenal With Payloads & Command ShellsEAGERBEE Malware Updated It’s Arsenal With Payloads & Command Shells

EAGERBEE Malware Updated It’s Arsenal With Payloads & Command Shells

The Kaspersky researchers investigation into the EAGERBEE backdoor revealed its deployment within Middle Eastern ISPs and government entities of novel…

3 months ago
Weaponized Python Scripts Deliver New SwaetRAT MalwareWeaponized Python Scripts Deliver New SwaetRAT Malware

Weaponized Python Scripts Deliver New SwaetRAT Malware

The Python script leverages low-level interactions with the Windows operating system, which imports crucial libraries like `System.Reflection`, `ctypes`, and `wintypes`,…

3 months ago
Lumma Stealer Attacking Users To Steal Login Credentials From BrowsersLumma Stealer Attacking Users To Steal Login Credentials From Browsers

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised EXE installer, as analysis revealed…

3 months ago
DigiEver IoT Devices Exploited To Deliver Mirai-based MalwareDigiEver IoT Devices Exploited To Deliver Mirai-based Malware

DigiEver IoT Devices Exploited To Deliver Mirai-based Malware

A new Mirai-based botnet, "Hail Cock Botnet," has been exploiting vulnerable IoT devices, including DigiEver DVRs and TP-Link devices with…

3 months ago
Beware Of Malicious SharePoint Notifications That Delivers Xloader MalwareBeware Of Malicious SharePoint Notifications That Delivers Xloader Malware

Beware Of Malicious SharePoint Notifications That Delivers Xloader Malware

Through the use of XLoader and impersonating SharePoint notifications, researchers were able to identify a sophisticated malware delivery campaign.  A…

3 months ago
Careto – A legendary Threat Group Targets Windows By Deploy Microphone Recorder And Steal FilesCareto – A legendary Threat Group Targets Windows By Deploy Microphone Recorder And Steal Files

Careto – A legendary Threat Group Targets Windows By Deploy Microphone Recorder And Steal Files

Recent research has linked a series of cyberattacks to The Mask group, as one notable attack targeted a Latin American…

4 months ago