Glupteba, an advanced piece of malware, has been used in several cybercriminal attacks for more than a decade now. But Palo Alto's Unit 42 only brought to light one of the features that made it so effective - its Unified Extensible Firmware Interface (UEFI) bootkit component, which allowed it to intervene and control the operating system (OS) boot process and be extremely difficult to detect and remove, last November 2023.
A new info-stealing malware called "TimbreStealer" is in town. Cisco Talos detected its distribution through a phishing campaign targeting Mexico.
After analyzing 21+ million newly registered domains (NRDs) added from 1 January to 31 March 2024, our researchers found that the new domain registration volume declined by about 32% from the previous quarter.
Threat actors have been abusing App Installer, a Windows 10 feature that makes installing applications more convenient. The abuse could lead to ransomware distribution and was likely carried out by financially motivated actors Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674.
macOS has been gaining the unwanted attention of more and more backdoor operators since late 2023. In February 2024, Bitdefender uncovered RustDoor, which was written in Rust and possibly has ties to the operators of a Windows ransomware.
Group-IB uncovered ResumeLooters, a threat actor group specializing in victimizing job hunters to steal their personally identifiable information (PII).
In the past two decades, at least 41 advanced persistent threat (APT) groups have launched attacks on entities and organizations based in North America.
The Citizen Lab recently uncovered an ongoing online propaganda campaign they have dubbed "PAPERWALL" that has been targeting local news outlets across 30 countries in Europe, Asia, and Latin America.
VexTrio, a traffic distribution system (TDS) provider believed to be an affiliate of ClearFake and SocGholish, among other threat actors, has been active since 2017.
In the past, DarkGate attacks were either lumped together with or classified as BattleRoyal remote access Trojan (RAT) attacks. Recent evidence, however, showed the two malware are not one and the same.