Matanbuchus 3.0 Loader Delivers AstarionRAT in Hands-On Intrusion
Huntress responds to ClickFix intrusion deploying Matanbuchus 3.0 and custom AstarionRAT. Attackers achieved lateral movement within 40 minutes.
20 articles tagged with "Malware"
Huntress responds to ClickFix intrusion deploying Matanbuchus 3.0 and custom AstarionRAT. Attackers achieved lateral movement within 40 minutes.
ESET discovers PromptSpy, the first Android malware weaponizing Google's Gemini AI to maintain persistence by analyzing UI and generating real-time tap instructions to stay pinned in recent apps.
Elastic Security Labs uncovers ClickFix campaign abusing compromised bincheck.io to deliver MIMICRAT, a custom C++ RAT with SOCKS5 tunneling and token impersonation capabilities.
Microsoft warns of ClickFix variant using nslookup commands to stage malware via DNS traffic. Delivers ModeloRAT through fileless attack chain.
Xavier Mertens discovers 846 images reusing the same Base64 steganography technique to deliver .NET malware via Equation Editor exploits. Here's how defenders can hunt for copycats.
Researchers expose three Chrome extension campaigns stealing Meta Business Suite exports, VK accounts, and AI chatbot conversations from over 760,000 users.
SANS researcher uncovers multi-stage malware attack hiding XWorm payload inside a legitimate travel website image using steganography and obfuscated batch scripts.
Security researchers expose an active campaign using layered evasion techniques to deliver Remcos RAT through MSBuild abuse and .NET Reactor-protected loaders.
Learn what ransomware is, how attacks work, the main types including double extortion, and practical steps to defend against this growing threat.
Two AI coding assistants on Microsoft's marketplace steal source code and credentials in real-time. Extensions use hidden iframes and analytics SDKs to profile developers.
Resecurity uncovers stealthy DLL-sideloading malware with APT-grade anti-VM tricks. Multiple ransomware groups now deploying it.
Budget Android TV boxes and tablets ship with backdoors from the factory, turning home networks into criminal infrastructure for ad fraud and proxy services.
Multi-stage malware campaign uses text-based stagers and living-off-the-land binaries to deliver Remcos RAT to enterprise targets.
The initial access malware now delivers payloads through deliberately malformed archives that crash security tools while executing normally on Windows.
Check Point researchers expose a sophisticated cloud-native malware framework designed from the ground up to target AWS, Azure, GCP, and containerized environments.
From VS Code extensions to automation platforms, attackers are targeting the tools developers trust. Here's what security teams need to know.
Malicious extensions have compromised over 15 million users in the past year. Here's how attackers exploit the extension ecosystem and what organizations can do.
First macOS-focused wave of GlassWorm malware discovered on Open VSX marketplace, stealing cryptocurrency wallets, Keychain passwords, and developer credentials through trojanized extensions.
Federal indictments target Tren de Aragua members who used Ploutus malware to steal over $40 million from U.S. ATMs since 2021.
Security researchers uncover sophisticated steganography attack concealing malicious JavaScript within PNG logo files of 17 Firefox browser extensions.