Authors:  Siddartha Malladi and Arpit Kataria ..read more

A new threat has emerged in the realm of cybersecurity, referred to as QwixxRAT.  Both businesses and individual users are at risk, as this Trojan silently infiltrates devices, casting a wide net of data extraction.    Ever vigilant for threats like the Remote Access Trojan (RAT), the Uptycs Threat Research team discovered QwixxRAT (aka Telegram RAT) in early August 2023. The threat actor is widely distributing this malicious tool through Telegram and Discord platforms.  Once installed on the victim’s Windows platform machines, the RAT stealthily collects sensitive data ..read more

The Uptycs threat research team has discovered a new Linux malware, Poseidon, deployed by the APT-36 group, also known as Transparent Tribe. This Pakistan-based advanced persistent threat group is notorious for targeting Indian government organizations, military personnel, and defense contractors.   ..read more

Recently, while monitoring dark web forums and Telegram channels, the Uptycs Threat Research team made a compelling discovery: a formidable menace dubbed The Meduza Stealer.  ..read more

Vm2 (virtual machine 2) is a library that provides a secure and sandboxed environment for executing JavaScript code, primarily used in server-side environments such as Node.js. It lets you create and run JavaScript code within a controlled environment, providing an extra layer of security by isolating code execution from your main application. Thus, potentially unsafe or untrusted code can be executed without impacting the stability or security of the hosting application. Eval (a JS function) is used instead of the vm2 position when the latter isn’t present, which causes some serious securi ..read more

The Uptycs threat research team has discovered a new Linux malware, Poseidon, deployed by the APT-36 group, also known as Transparent Tribe. This Pakistan-based advanced persistent threat group is notorious for targeting Indian government organizations, military personnel, and defense contractors ..read more

The Uptycs threat research team has identified a new variant of credential stealing malware, dubbed Zaraza bot, that uses telegram as its command and control. Zaraza is the Russian word for infection.  Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors. Once the malware infects a victim's computer, it retrieves sensitive data and sends it to a Telegram server where the attackers can access it immediately. Zaraza bot steals login credentials from 38 web browsers including Google Chrome, Micr ..read more

Research by Shilpesh Trivedi and Pratik Jeware Uptycs has already identified three Windows-based malware families that use Telegram this year, including Titan Stealer, Parallax RAT, and HookSpoofer. Attackers are increasingly turning to it, particularly for stealer command and control (C2).  And now the Uptycs threat research team has discovered a macOS stealer that also controls its operations over Telegram. We’ve dubbed it MacStealer ..read more

Contributed by: Nandakumar KJ & Josh Lemon ..read more

Research by: Shilpesh Trivedi and Tejaswini Sandapolla   Uptycs threat research team has discovered a new Infostealer with keylogging and clipper capabilities named HookSpoofer spread by multiple bundlers. A bundler is a collection of two or more files combined together in a single package. The stealer spread by these bundlers is new on various cybercrime forums, comes with various stealing capabilities and sends this data to a telegram bot. The stealer is coded in C# and Uptycs threat research has identified that it is inspired from an open source program, Stormkitty. HookSpoofer is a m ..read more