Dragon Breath, an APT known as Golden Eye Dog and APT-Q-27, has executed a new malicious operation that leverages various DLL sideloading techniques to bypass security detections. Based on reports, the threat operators deceive their victims by offering cracked and compromised versions of popular apps such as Telegram, WhatsApp, and LetsVPN. The actors endorse these apps as customised versions for Chinese users. Moreover, researchers claimed that the threat actors advertise these applications via malvertising techniques and BlackSEO.   Dragon Breath APT operators exploit legitimate applica ..read more

Threat groups have been recently using the AuKill hacking tool to obfuscate their attacks. This emerging tool could enable an attacker to terminate EDR software, which is common among organisations. Researchers confirmed that AuKill had aided at least three ransomware campaigns in the past months. Based on reports, a couple of Medusa Locker ransomware campaigns adopted the new tool in the first two months of this year. The first attack appeared on January 18, and another attack emerged on valentines. The threat actors used the AuKill to kill the EDR security and launched the Medusa Locker rans ..read more

DevOpt, a newly discovered multifunctional backdoor malware, could serve as a tool that could execute several capabilities, such as keylogging, credential stealing, file grabber, and clipper. This detail implies that the malware developers have constantly improved the malicious tool.   DevOpt has various abilities that could allow its operators to execute different forms of malicious campaigns.   The DevOpt malware is a versatile tool that could run different attack processes. Researchers confirmed four types of abilities that the malware could offer its operators. The first ability ..read more

Raspberry Robin malware operators have been utilising a new unique defence bypassing tactic to avoid security detections. Based on reports, the researchers who spotted the new technique explained that sophisticated malware has new features that could eliminate the detection process of a targeted system. In avoiding security solutions, the malware implemented obfuscation methods and multiple other capabilities, such as anti-debugging and evasion. Researchers will try to uncover the techniques and strategies used by the group to counteract their bypassing capabilities.   One of the abilitie ..read more

The notorious Play ransomware has made a couple of custom tools dubbed Grixba and VSS Copying Tool. The threat group coded both tools in [.]net and used them to improve its cybercriminal operations’ efficiency. Moreover, both tools allow their operators to identify users and computers in an infected network, harvest data regarding security, backup, and remote administration software, and copy archives from VSS to bypass locked files. Grixba is an infostealing and network-scanning tool that could enumerate users and devices in a domain. It could also support a scan mode that utilises WinRM, Rem ..read more

An emerging cybercriminal group from Europe, FusionCore, has attracted security researchers’ attention. This malicious threat group have specialised in advertising their hacking services as a Malware-as-a-Service (MaaS). Moreover, the group developed AnthraXXXLocker, their separate ransomware affiliate program. The European hacking group gives its customers various new and custom malware strains like ApolloRAT, Cryptonic crypter, Golden Mine, SarinLocker ransomware, Strontium stealer, Typhon Reborn, RootFinder miner, and RootFinder stealer. They coded most malware strains in C#, C++, and Go. I ..read more

The Medusa ransomware group admits it is the culprit of the recent cyberattack against the Open University of Cyprus. The campaign disrupted the academic institution’s operations. This Cyrus-based university is an online university in Nicosia that offers remote learning. It provides 30 higher-level academic programs to more than 4,000 students. OUC also participates in several scientific research projects. However, the university published an announcement last week about a malicious attack on March 27. The attack disrupted several central services and critical systems of the university.   ..read more

The IcedID malware has new variants specialising in payload delivery instead of online banking fraud campaigns. Reports show several threat actors have adopted the newly emerged variants in seven cybercriminal operations since last year. Researchers explained that the variant had delivered chiefly ransomware.   The first identified IcedID malware variant is Lite.   According to investigations, the IcedID malware variant, Lite, initially appeared in November last year. This variant became a second-stage payload on infected systems of the Emotet malware. Analysts revealed that Lite use ..read more

An unidentified Chinese-backed advanced persistent threat group has utilised the newly discovered Mélofée Linux malware. The researchers found three samples of the previously undocumented malicious tool last year. One of the three samples could launch a kernel-mode rootkit from an open-source project called Reptile. The researchers also added that the software is a kernel version 5.10.112-108.499.amzn 2.x86_64, a rootkit with a limited set of capabilities. One of the confirmed abilities is the hook installation for malware obfuscation. Analysts believe that the threat actors deployed the impla ..read more

Researchers discovered that the Blackguard Stealer malware has new features and upgraded capabilities. The Blackguard developers included new features such as USB propagation, persistence protocol, payload infection, and crypto wallet infection to its infectious capabilities. The latest malware variant contains a clipper module that could behave as a crypto wallet hijacker. Its operators could now hijack crypto wallets on a targeted clipboard and replace it with their address to redirect the cryptocurrency transactions to their controlled wallets. In addition, the new variant could propagate i ..read more