Malware analysis Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform

APT36 Hackers Attacking Windows Deevices With ElizaRAT

Aman Mishra — Tue, 05 Nov 2024 10:33:08 +0000

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware like ElizaRAT, which is designed for espionage. It leverages cloud-based services for covert communication and data exfiltration. Recent campaigns have seen significant enhancements in ElizaRAT’s evasion techniques, making it a potent tool for persistent attacks. The integration of ApoloStealer into the […]

The post APT36 Hackers Attacking Windows Deevices With ElizaRAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

LummaC2 Stealer Leverages Customized Control Flow Indirection For Execution

Varshini — Fri, 27 Sep 2024 14:47:50 +0000

The LummaC2 obfuscator employs a novel control flow protection scheme designed specifically for its stealer component, which is part of a broader set of transformations, making it difficult for analysts to reverse engineer the binary. It introduces obfuscated code that is mixed with the original compiler-generated code, requiring a specialized deobfuscator for analysis. The obfuscator’s […]

The post LummaC2 Stealer Leverages Customized Control Flow Indirection For Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat Actors Using New Malware Toolkit That Involves IIS Backdoor, DNS Tunneling

Balaji — Thu, 12 Sep 2024 12:35:33 +0000

The Iranian threat actor APT34, also known as GreenBug, has recently launched a new campaign targeting Iraqi government entities by employing a custom toolset, including a novel IIS backdoor and DNS tunneling protocol. The malware used in this campaign shares similarities with previously reported APT34 malware families, such as Karkoff, Saitama, and IIS Group 2. […]

The post Threat Actors Using New Malware Toolkit That Involves IIS Backdoor, DNS Tunneling appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

New Custom Malware “Tickler” Attack Satellite Devices

Kaaviya — Tue, 03 Sep 2024 10:07:41 +0000

Microsoft identified a new custom multi-stage backdoor, “Tickler,” deployed by the Iranian state-sponsored threat actor Peach Sandstorm between April and July 2024. Targeting sectors like satellite, communications equipment, oil and gas, and government, Tickler has been used to gather intelligence. Peach Sandstorm also conducted password spray attacks on educational and government sectors. The group employed […]

The post New Custom Malware “Tickler” Attack Satellite Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Pootry EDR Killer Malware Wipes Out Security Tools From Windows Machine

Aman Mishra — Wed, 28 Aug 2024 12:37:18 +0000

Windows drivers can be abused to bypass security measures. Attackers can exploit vulnerabilities in legitimate drivers or use stolen or forged digital signatures to load malicious drivers into the operating system’s kernel. These drivers can then interfere with security software, disabling protections and allowing attackers to gain unauthorized access. To mitigate these risks, Microsoft has […]

The post Pootry EDR Killer Malware Wipes Out Security Tools From Windows Machine appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers Toolkit Unveiled, Comprehensive Tools For Various Cyber Attacks

Balaji — Wed, 14 Aug 2024 07:57:02 +0000

Hackers always keep updating their tools and add new ones to adapt to evolving security measures, bypass defenses, and exploit newly discovered vulnerabilities. Staying ahead of the cybersecurity advancements is completely important for them as doing so helps them maintain their ability to carry out successful cyber attacks. Cybersecurity researchers at The DFIR Report recently […]

The post Hackers Toolkit Unveiled, Comprehensive Tools For Various Cyber Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

New APT Actor240524 Weaponizing Official Documents To Deliver Malware

Balaji — Fri, 09 Aug 2024 12:16:46 +0000

A new APT group, dubbed Actor240524, launched a spear-phishing campaign targeting Azerbaijani and Israeli diplomats on July 1, 2024, where the attackers employed a malicious Word document containing Azerbaijani-language content disguised as official documentation to lure victims. The attack indicates a potential focus on disrupting the Azerbaijan-Israel relationship, as the group leverages new Trojan programs, […]

The post New APT Actor240524 Weaponizing Official Documents To Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Beware Of Fake Browser Updates That Installs Malicious BOINC Infrastructre

Raga Varshini — Mon, 22 Jul 2024 10:56:22 +0000

SocGholish malware, also known as FakeUpdates, has exhibited new behavior since July 4th, 2024, as the infection chain still begins with a compromised website prompting a fake browser update. Downloading the update triggers malicious code that fetches additional malware. Unlike prior campaigns where SocGholish installed common RATs, recent attacks involved the execution of additional files […]

The post Beware Of Fake Browser Updates That Installs Malicious BOINC Infrastructre appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

New Poco RAT Weaponizing 7zip Files Using Google Drive

Tushar Subhra — Tue, 16 Jul 2024 09:20:52 +0000

The hackers weaponize 7zip files to pass through security measures and deliver malware effectively. These archived files can hide malicious content, which makes it more difficult for antivirus programs to identify threats. In early 2024, Cofense researchers discovered a new kind of malware known as Poco RAT that mainly targeted individuals who spoke Spanish and […]

The post New Poco RAT Weaponizing 7zip Files Using Google Drive appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

New ShadowRoot Ransomware Attacking Business Via Weaponized PDF’s

Aman Mishra — Tue, 16 Jul 2024 09:15:02 +0000

X-Labs identified basic ransomware targeting Turkish businesses, delivered via PDF attachments in suspicious emails from the internet[.]ru domain. PDF links trigger exe payload downloads, which encrypt files with the “.shadowroot” extension, which is actively compromising various global organizations, including healthcare and e-commerce sectors. A PDF attachment containing a malicious URL linking to a compromised GitHub […]

The post New ShadowRoot Ransomware Attacking Business Via Weaponized PDF’s appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.