Cybersecurity experts have identified a malicious Go module that disguises itself as an SSH brute-force tool but secretly transmits stolen credentials to its operator. According to researcher Kirill Boychenko from Socket, the package immediately sends the victim’s IP address, username, and password to a hardcoded Telegram bot upon the first successful login. The module, named […]
Cybersecurity experts have uncovered a rapidly growing social engineering method known as ClickFix, which has been increasingly adopted by attackers since early 2024. This technique impacts both Windows and macOS devices, convincing users to unknowingly run harmful commands under the guise of routine troubleshooting steps. According to recent findings, thousands of enterprise and personal systems
Hackers Exploit ClickFix Technique to Target Windows and macOS Devices Read More »
A new and sophisticated supply chain attack has been uncovered, targeting developers through a malicious Go module package. This package disguises itself as a legitimate SSH brute force tool but secretly collects and transmits stolen credentials to cybercriminal operators. Disguised Package with Hidden Malicious Intent The malicious package, named “golang-random-ip-ssh-bruteforce,” promotes itself as a fast
Malicious Go Module Acts as SSH Brute Forcer, Steals Passwords via Telegram Read More »
Threat actors are increasingly using a deceptive method known as ClickFix to spread a powerful backdoor called CORNFLAKE.V3. How ClickFix Works According to Google-owned Mandiant, the campaign is operated by UNC5518, an access-as-a-service group. Attackers lure victims to fake CAPTCHA pages, tricking them into following instructions that ultimately provide attackers with access to their systems.
Cybercriminals Use CORNFLAKE.V3 Backdoor with ClickFix and Fake CAPTCHA Read More »
A newly discovered malware called RingReaper is actively targeting Linux servers, raising serious concerns due to its advanced evasion strategies that undermine traditional endpoint detection and response (EDR) solutions. How RingReaper Operates RingReaper functions as a post-exploitation agent that takes advantage of the Linux kernel’s io_uring interface, a modern asynchronous I/O system designed for high-performance
RingReaper Malware Targets Linux Servers, Evades EDR Read More »
North Korean Linux Rootkit Leak Exposes Advanced Espionage Tools In a major cybersecurity incident, sensitive hacking tools and technical documentation linked to a North Korean threat actor have been leaked online. The disclosure, first highlighted in Phrack Magazine, includes advanced exploit methods, system compromise logs, and, most concerning, a stealth Linux rootkit capable of bypassing
North Korean Hackers Leak Stealthy Linux Malware Online Read More »
Malicious Python and npm Packages Uncovered in Supply Chain Attacks Cybersecurity researchers have uncovered a malicious package on the Python Package Index (PyPI) that introduced harmful behavior through a hidden dependency, enabling persistence and remote code execution. The package, named termncolor, achieved its malicious activity via a dependency called colorinal, as detailed by Zscaler ThreatLabz.
Supply Chain: Malicious PyPI, npm Packages Exploit Dependencies Read More »
Palo Alto Networks Releases Comprehensive Malware Analysis Tutorial on Remcos RAT Palo Alto Networks has published a highly detailed malware analysis tutorial, showcasing the dissection of a complex .NET-based loader that ultimately delivers the Remcos remote access trojan (RAT). Abuse of Legitimate Environments The case underlines a growing threat trend: adversaries increasingly misuse legitimate development
Palo Alto Releases Mega Malware Analysis Guide for Analysts Read More »
ERMAC V3.0 Banking Trojan Source Code Leak Unveils Malware Infrastructure Cybersecurity experts have exposed the internal workings of the Android banking trojan ERMAC 3.0, revealing significant flaws in the attackers’ infrastructure. According to a report by Hunt.io, “The latest version 3.0 shows a major upgrade in the malware’s capabilities, extending its form injection and data
ERMAC V3.0 Banking Trojan Leak Exposes Malware Infrastructure Read More »
Taiwan Servers Compromised by UAT-7237 Using Advanced Custom Tools A newly identified and sophisticated malware campaign is targeting Windows systems through a multi-stage attack framework named PS1Bot. This framework combines PowerShell and C# modules to execute extensive data theft operations while avoiding conventional detection methods. The PS1Bot malware represents an advanced shift in cyberattack tactics,
Taiwan Servers Hacked by UAT-7237 with Custom Tools Read More »