Tag Malware

Fake Google Chrome Websites Distribute ValleyRAT Malware Through DLL Hijacking

February 6, 2025
Cyber Attack / Malware

Fraudulent websites posing as Google Chrome have been employed to spread malicious installers for a remote access trojan known as ValleyRAT. First identified in 2023, this malware is linked to a threat actor referred to as Silver Fox, whose previous operations primarily targeted Chinese-speaking regions, including Hong Kong, Taiwan, and Mainland China. According to Morphisec researcher Shmuel Uzan, “This actor has increasingly focused on key organizational roles—especially in finance, accounting, and sales—underscoring a strategic emphasis on high-value positions with access to sensitive data and systems.” Early cyber attack sequences have shown ValleyRAT being delivered alongside other malware types, such as Purple Fox and Gh0st RAT, the latter having been widely utilized by various Chinese hacking groups. Just last month, counterfeit installers for legitimate software were identified as a distribution method for these attacks.

Phony Google Chrome Sites Spread ValleyRAT Malware via DLL Hijacking In a concerning development for cybersecurity, fake websites purporting to offer Google Chrome are being utilized to distribute a remote access trojan known as ValleyRAT. This malware, first identified in 2023, has been linked to a cyber threat actor referred…

Read More

Fake Google Chrome Websites Distribute ValleyRAT Malware Through DLL Hijacking

February 6, 2025
Cyber Attack / Malware

Fraudulent websites posing as Google Chrome have been employed to spread malicious installers for a remote access trojan known as ValleyRAT. First identified in 2023, this malware is linked to a threat actor referred to as Silver Fox, whose previous operations primarily targeted Chinese-speaking regions, including Hong Kong, Taiwan, and Mainland China. According to Morphisec researcher Shmuel Uzan, “This actor has increasingly focused on key organizational roles—especially in finance, accounting, and sales—underscoring a strategic emphasis on high-value positions with access to sensitive data and systems.” Early cyber attack sequences have shown ValleyRAT being delivered alongside other malware types, such as Purple Fox and Gh0st RAT, the latter having been widely utilized by various Chinese hacking groups. Just last month, counterfeit installers for legitimate software were identified as a distribution method for these attacks.

Belarus-Linked Ghostwriter Utilizes Macropack-Obfuscated Excel Macros to Distribute Malware

Feb 25, 2025
Malware / Cyber Espionage

A new campaign targeting opposition activists in Belarus and Ukrainian military and government entities is using malware-laden Microsoft Excel documents to spread a new variant of PicassoLoader. This operation appears to be an extension of an ongoing effort by the Belarus-aligned threat actor known as Ghostwriter (also referred to as Moonscape, TA445, UAC-0057, and UNC1151), which has been active since 2016. Ghostwriter is believed to align with Russian security interests and promote anti-NATO narratives.

“Preparation for the campaign began in July-August 2024, with active operations starting in November-December 2024,” stated SentinelOne researcher Tom Hegel in a technical report shared with The Hacker News. “Recent findings regarding malware samples and command-and-control (C2) infrastructure suggest that the operation continues to be active.” The attack chain, as analyzed by the cybersecurity firm, is initiated via a Google Drive shared link.

Belarus-Linked Ghostwriter Exploits Obfuscated Excel Macros to Distribute Malware February 25, 2025 Malware / Cyber Espionage A newly uncovered cyber campaign has emerged, targeting opposition activists in Belarus alongside military and governmental entities in Ukraine. This operation utilizes malware-infused Microsoft Excel documents to disseminate a variant of PicassoLoader, a malicious…

Read More

Belarus-Linked Ghostwriter Utilizes Macropack-Obfuscated Excel Macros to Distribute Malware

Feb 25, 2025
Malware / Cyber Espionage

A new campaign targeting opposition activists in Belarus and Ukrainian military and government entities is using malware-laden Microsoft Excel documents to spread a new variant of PicassoLoader. This operation appears to be an extension of an ongoing effort by the Belarus-aligned threat actor known as Ghostwriter (also referred to as Moonscape, TA445, UAC-0057, and UNC1151), which has been active since 2016. Ghostwriter is believed to align with Russian security interests and promote anti-NATO narratives.

“Preparation for the campaign began in July-August 2024, with active operations starting in November-December 2024,” stated SentinelOne researcher Tom Hegel in a technical report shared with The Hacker News. “Recent findings regarding malware samples and command-and-control (C2) infrastructure suggest that the operation continues to be active.” The attack chain, as analyzed by the cybersecurity firm, is initiated via a Google Drive shared link.

Supply Chain Attacks on Open Source Software are Becoming Unmanageable

Critical Supply-Chain Attacks Target Developers with Malicious npm and PyPI Packages Recent reports have surfaced regarding a string of supply-chain attacks targeting developers on npm and PyPI, resulting in the distribution of malicious packages designed to compromise systems and steal sensitive information. These incidents highlighted a significant vulnerability within open-source…

Read MoreSupply Chain Attacks on Open Source Software are Becoming Unmanageable

BBB Shares Tips to Help You Prevent Data Breaches

Rising Threat of Data Breaches: Protecting Your Business and Personal Information In recent months, numerous companies have reported data breaches that have compromised sensitive customer information, highlighting a growing concern among businesses across various sectors. Cybercriminals exploit malware and security vulnerabilities to access this information, often reselling it on the…

Read MoreBBB Shares Tips to Help You Prevent Data Breaches

Critical Vulnerabilities, Threats, and Data Breach Incidents

The ever-changing digital environment is teeming with sophisticated cyber threats, necessitating vigilance and up-to-date knowledge. Our weekly newsletter acts as an essential resource, combining critical cybersecurity updates, expert insights, and practical strategies to empower business leaders in fortifying their defenses against emerging risks. This week’s dispatch features a comprehensive examination…

Read MoreCritical Vulnerabilities, Threats, and Data Breach Incidents

DoNot APT Targets European Ministry with New LoptikMod Malware

Trellix has uncovered a sophisticated spear-phishing assault conducted by the India-linked DoNot APT group, which targeted a European foreign affairs ministry. This article explores the group’s tactics, the LoptikMod malware, and the implications of this cyber espionage for global diplomatic relations. The DoNot APT group, also recognized as APT-C-35 and…

Read MoreDoNot APT Targets European Ministry with New LoptikMod Malware

RFK Jr. Directs HHS to Provide Medicaid Information of Undocumented Migrants to DHS

This week saw a surge in demonstrations against the Trump administration, particularly surrounding the deployment of U.S. Marines and the National Guard to Los Angeles. This historic move raises concerns regarding the long-term implications of military presence in urban areas, specifically the limitations and allowances for troops stationed there during…

Read MoreRFK Jr. Directs HHS to Provide Medicaid Information of Undocumented Migrants to DHS

Hackers Exploit Job Recruiters with Malicious Resumes

Fraud Management & Cybercrime, Social Engineering Russian-Speaking Hacker Group FIN6 Employs Job Fraud Tactics Prajeet Nair (@prajeetspeaks) • June 11, 2025 Image: Shutterstock A financially-motivated hacking group known as FIN6 is reportedly engaging in job fraud by impersonating job candidates to target recruiters, utilizing fake resumes hosted on reputable cloud…

Read MoreHackers Exploit Job Recruiters with Malicious Resumes