Warzone RAT Dismantled, Members Arrested

International crackdown dismantles Warzone RAT, leading to key arrests in Malta and Nigeria.

In an international law enforcement operation, the U.S. Department of Justice continues its fight against cybercriminals. The operation dismantled a network that sold and supported the Warzone Remote Access Trojan (RAT). Also, this malware allowed cybercriminals to stealthily infiltrate victims’ computers, resulting in data theft and other malicious activities. Warzone RAT Masters Arrested and Charged… Continue reading Warzone RAT Dismantled, Members Arrested

Mispadu Banking Trojan Exploits SmartScreen Flaw

One more malware family makes use of CVE-2023-36025

Recent research uncovers a new sample of Mispadu malware that uses a SmartScreen bypass flaw to integrate itself into the system. This banking trojan from 2019 uses the vulnerability discovered in late 2023 to target mainly LATAM users. Mispadu Trojan Uses SmartScreen Bypass The extensive research regarding Mispadu malware done by Unit 42, among other… Continue reading Mispadu Banking Trojan Exploits SmartScreen Flaw

CrackedCantil Dropper Delivers Numerous Malware

CrackedCantil is a versatile dropper malware, capable of unleashing multiple malicious payloads.

CrackedCantil is a unique dropper malware sample that operates with a wide variety of malware families. Infecting with one may effectively mean up to five other malware types running in the system. Let’s break down on what it is, how it spreads, and why it is so dangerous. What is CrackedCantil? CrackedCantil is a dropper… Continue reading CrackedCantil Dropper Delivers Numerous Malware

PUABundler:Win32/CandyOpen Analysis & Removal Guide

CandyOpen is a malware used to download unwanted software

PUABundler:Win32/CandyOpen is an unwanted program that acts as a browser hijacker and can download junk apps to your system. Specifically, it points at a thing known as OpenCandy adware, that is known for its indecent behavior. Let’s break it down and see what the PUABundler/Candyopen on a real-world example. What is PUABundler:Win32/CandyOpen? As I’ve said… Continue reading PUABundler:Win32/CandyOpen Analysis & Removal Guide

Seven Common Types of Malware – Analysis & Description

Being aware of the types of malware is key to protecting your devices and systems from potential cyberattacks.

In the intricate landscape of cybersecurity, comprehending the various forms of malware is crucial. This article offers an in-depth look at the most pervasive malware types, from Loaders to Keyloggers. We’ll explore their mechanisms, impacts, and how they compromise digital security, providing you with the knowledge to better safeguard against these ever-evolving cyber threats. Let’s… Continue reading Seven Common Types of Malware – Analysis & Description

PUABundler:Win32/PiriformBundler

PiriformBundler is a detection name for software developed by Piriform

PUABundler:Win32/PiriformBundler is the detection of an unwanted program, developed and issued by Piriform Software. While applications from this developer aren’t inherently malicious, the bundled software they carry and their questionable behavior make them less than desirable. What is PUABundler:Win32/PiriformBundler? PiriformBundler is a detection name for unwanted software developed by Piriform. Microsoft assigns such names to… Continue reading PUABundler:Win32/PiriformBundler

Novice Rugmi Loader Delivers Various Spyware

Analysts uncovered a novice Rugmi Loader, malware that primarily aims at spreading spyware and stealers

The threat landscape meets a new player – Rugmi Loader. This threat specializes in spreading spyware, and is in fact capable of delivering any malware type. Rugmi boasts of its unusual structure, which makes it rather promising among other loaders. What is Rugmi Loader? The Rugmi is a complex loader with multiple components that deliver… Continue reading Novice Rugmi Loader Delivers Various Spyware

Xamalicious Trojan Hits Over 327K Android Devices

Android backdoor, Xamalicious, has been discovered, carrying out various malicious actions on infected devices.

A new Android backdoor, dubbed Xamalicious, was discovered by the researchers at the edge of 2023. This malware exhibits potent capabilities to perform malicious actions on infected devices. Malware reportedly exploits Android’s accessibility permissions to gain access to various sources of user data. What is Xamalicious Malware? As I’ve said in the introduction, Xamalicious is… Continue reading Xamalicious Trojan Hits Over 327K Android Devices

UAC-0099 Targets Ukrainian Companies With Lonepage Malware

UAC-0099 has been using a critical vulnerability in WinRAR software to spread Lonepage malware.

Ukrainian cyberwarfare sees further action as the UAC-0099 threat actor escalates its cyber espionage campaign against Ukrainian firms. Leveraging a severe vulnerability in the popular WinRAR software, the group orchestrates sophisticated attacks to deploy the Lonepage malware, a VBS malware capable of remote command execution and data theft. UAC-0099 Exploits WinRar Vulnerability In most recent… Continue reading UAC-0099 Targets Ukrainian Companies With Lonepage Malware

FalseFont Malware Targets Defence Contractors Worldwide

Iranian hackers joined the big hacking game with a novice malware sample

The Iranian hacking group APT33 has developed a new malware called FalseFont. They use it to target the Defense Industrial Base worldwide. Microsoft reports the surge in its activity in December, 2023. APT33 targets defense firms with FalseFont malware Researchers recently shed light on a new cyber-espionage campaign. The Iranian APT33 group has been deploying… Continue reading FalseFont Malware Targets Defence Contractors Worldwide