HijackLoader is a modular malware loader that is used to deliver second-stage payloads including Amadey, Lumma Stealer, Racoon Stealer v2, and Remcos RAT. HijackLoader decrypts and parses a PNG image to load the next stage.
Zloader, a modular trojan based on the leaked ZeuS source code, has recently introduced a new anti-analysis feature in versions 2.4.1.0 and 2.5.1.0 to prevent execution on machines that differ from the original infection.
Threat actors utilize fraudulent websites hosted on popular legitimate platforms to spread malware and steal data. To evade detection, attackers employ obfuscation methods and checks on referral URLs.
The backdoor uses techniques such as multiple stages of DLL sideloading and DNS tunneling for command-and-control (C2) communication as a means to evade endpoint and network security solutions, respectively.
Previous versions of Pikabot used advanced string encryption techniques, which have been replaced with simpler algorithms. Previously, the strings were encrypted using a combination of AES-CBC and RC4 algorithms.
The attackers leverage YouTube by enticing users to watch videos on "How to increase FPS" that contain links to their Discord groups. Once they join, the attackers provide them with links to malicious files disguised as game tweaks and modifications.
The attackers used fake Russian-language online meeting sites hosted on a single IP address to distribute malicious APK and BAT files targeting Windows and Android users.
The adversary used a PDF file posing as an invitation from the Ambassador of India to a wine-tasting event, which contained a malicious link leading to the WINELOADER malware.
The Zloader static configuration is now encrypted using RC4 with a hardcoded alphanumeric key, and the network encryption employs 1,024-bit RSA with RC4 and the Zeus "visual encryption" algorithms.
DreamBus is a sophisticated malware that targets various applications and exploits vulnerabilities such as CVE-2023-38646 and CVE-2023-33246 to deploy modules and mine cryptocurrency.
Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.