Ransomware gang targets IT workers with new RAT masquerading as IP scanner

Ransomware-as-a-service outfit Hunters International is wielding a new remote access trojan (RAT). “The malware, named SharpRhino due to its use of the C# programming language, is delivered through a typosquatting domain impersonating the legitim… Continue reading Ransomware gang targets IT workers with new RAT masquerading as IP scanner

20,000 FortiGate appliances compromised by Chinese hackers

Coathanger – a piece of malware specifically built to persist on Fortinet’s FortiGate appliances – may still be lurking on too many devices deployed worldwide. How Coathanger persists on FortiGate devices In February 2024, the Dutch Militar… Continue reading 20,000 FortiGate appliances compromised by Chinese hackers

US organizations targeted with emails delivering NetSupport RAT

Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via “nuanced” exploitation and by using an advanced detection evasion method. The malware campaign The campaign, dubbed PhantomBlu, takes t… Continue reading US organizations targeted with emails delivering NetSupport RAT

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware

Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024… Continue reading Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware

Booking.com refund request? It might be an Agent Tesla malware attack

Always be wary of opening unsolicited attachments – they might harbour malware.

That’s a message that is being strongly underlined once again, following the discovery of a cybercrime campaign that is sending out poisoned PDF files – pretending they … Continue reading Booking.com refund request? It might be an Agent Tesla malware attack

Chinese hackers breached Dutch Ministry of Defense

Chinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as a backdoor. “The effects of the intrusion were limited because the victim network was se… Continue reading Chinese hackers breached Dutch Ministry of Defense

Researchers uncover DarkGate malware’s Vietnamese connection

WithSecure researchers have tracked attacks using DarkGate malware to an active cluster of cybercriminals operating out of Vietnam. DarkGate is a remote access trojan (RAT) that has been used in attacks since at least 2018 and is currently available to… Continue reading Researchers uncover DarkGate malware’s Vietnamese connection

Fake Bitwarden installation packages delivered RAT to Windows users

Windows users looking to install the Bitwarden password manager may have inadvertently installed a remote access trojan (RAT). The ZenRAT malware A malicious website spoofing Bitwarden’s legitimate one (located at bitwariden[.]com) has been offer… Continue reading Fake Bitwarden installation packages delivered RAT to Windows users

Attackers can turn AWS SSM agents into remote access trojans

Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers), as well as to non-EC2 machines (e.g., on-premises enterprise servers… Continue reading Attackers can turn AWS SSM agents into remote access trojans