admin

admin

Fake Google Chrome Websites Distribute ValleyRAT Malware Through DLL Hijacking

February 6, 2025
Cyber Attack / Malware

Fraudulent websites posing as Google Chrome have been employed to spread malicious installers for a remote access trojan known as ValleyRAT. First identified in 2023, this malware is linked to a threat actor referred to as Silver Fox, whose previous operations primarily targeted Chinese-speaking regions, including Hong Kong, Taiwan, and Mainland China. According to Morphisec researcher Shmuel Uzan, “This actor has increasingly focused on key organizational roles—especially in finance, accounting, and sales—underscoring a strategic emphasis on high-value positions with access to sensitive data and systems.” Early cyber attack sequences have shown ValleyRAT being delivered alongside other malware types, such as Purple Fox and Gh0st RAT, the latter having been widely utilized by various Chinese hacking groups. Just last month, counterfeit installers for legitimate software were identified as a distribution method for these attacks.

Phony Google Chrome Sites Spread ValleyRAT Malware via DLL Hijacking In a concerning development for cybersecurity, fake websites purporting to offer Google Chrome are being utilized to distribute a remote access trojan known as ValleyRAT. This malware, first identified in…

Hackers Target SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

July 30, 2025
Vulnerability / Threat Intelligence

Threat actors have been found exploiting a critical SAP NetWeaver vulnerability, now patched, to introduce the Auto-Color backdoor in an April 2025 attack on a U.S.-based chemicals firm. According to a report from Darktrace shared with The Hacker News, the attacker accessed the company’s network over three days, attempted to download suspicious files, and communicated with infrastructure associated with the Auto-Color malware. The vulnerability, identified as CVE-2025-31324, is a severe unauthenticated file upload flaw in SAP NetWeaver that allows remote code execution (RCE) and was fixed by SAP in April. Auto-Color, first reported by Palo Alto Networks Unit 42 in February, operates similarly to a remote access trojan, providing remote access to compromised Linux systems. It has been linked to attacks against universities and government entities in North America and Asia between November and December 2024.

Hackers Exploit SAP Vulnerability to Target U.S. Chemical Company with Auto-Color Malware On July 30, 2025, cybersecurity experts reported a significant breach involving a critical vulnerability in SAP NetWeaver, previously patched by SAP. In an incident that unfolded over three…

Cybercriminals Leverage ClickFix Technique to Distribute NetSupport RAT in Recent Attacks

February 11, 2025
Malware / Cyber Attack

In a disturbing trend since early January 2025, cybercriminals have been utilizing the ClickFix method to distribute a remote access trojan known as NetSupport RAT. This malware, often spread through deceptive websites and fraudulent browser updates, provides attackers with full control of the victim’s device. This access allows them to monitor the screen in real time, manipulate the keyboard and mouse, upload and download files, and execute harmful commands.

Originally developed as a legitimate tool for IT support under the name NetSupport Manager, the software has been weaponized by malicious actors to target organizations and harvest sensitive information, including screenshots, audio, video, and files. According to eSentire, “ClickFix involves injecting a fake CAPTCHA webpage onto compromised sites, tricking users into executing malicious PowerShell commands that download and activate malware payloads.”

Cyber Actors Leverage ClickFix Technique to Distribute NetSupport RAT in Recent Cyber Incidents February 11, 2025 In a troubling development in the cybersecurity landscape, threat actors have been utilizing a technique known as ClickFix to effectively deliver the NetSupport Remote…

Google Unveils Open Beta for Device Bound Session Credentials in Chrome, Enhancing Patch Transparency with Project Zero

July 30, 2025
Device Security / AI Security

Google has launched an open beta for its Device Bound Session Credentials (DBSC), a security feature aimed at protecting users from session cookie theft attacks. Initially introduced as a prototype in April 2024, DBSC binds authentication sessions to specific devices, preventing malicious actors from using stolen cookies to access accounts from unauthorized devices. “Available in the Chrome browser on Windows, DBSC enhances security after login by linking session cookies—small files that remember user information—to the device used for authentication,” said Andy Wen, senior director of product management at Google Workspace. This initiative not only secures user accounts post-authentication but also complicates the reuse of session cookies, bolstering session integrity. The company has also…

Google Unveils Open Beta for Device Bound Session Credentials (DBSC) in Chrome, Enhancing Security Measures On July 30, 2025, Google announced the open beta launch of its security feature, Device Bound Session Credentials (DBSC), aimed at bolstering protection against session…

AI Continues to Produce Vulnerable Code

Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Veracode Study Finds Nearly Half of AI-Generated Code is Insecure Rashmi Ramesh (@rashmiramesh_) • August 1, 2025 Image: Shutterstock/ISMG Recent findings from Veracode have raised serious concerns regarding artificial intelligence’s…