Tag Malware

August 6, 2025

ZLoader Malware Makes a Comeback Using DNS Tunneling to Conceal C2 Communications

Cybersecurity researchers have identified a new iteration of the ZLoader malware that utilizes Domain Name System (DNS) tunneling for command-and-control (C2) communications, showcasing that threat actors are actively enhancing their toolset after its reappearance a year ago. “Zloader version 2.9.4.0 features significant improvements, including a custom DNS tunnel protocol for C2 communications and an interactive shell supporting over a dozen commands, potentially aiding in ransomware attacks,” Zscaler ThreatLabz noted in a report released on Tuesday. “These enhancements provide added resilience against detection and mitigation efforts.” ZLoader, also known as Terdot, DELoader, or Silent Night, functions as a malware loader capable of deploying subsequent payloads. Following the shutdown of its infrastructure, malware campaigns distributing ZLoader were observed again for the first time in nearly two years in September 2023.

ZLoader Malware Resurfaces Utilizing DNS Tunneling for C2 Communications On December 11, 2024, cybersecurity experts reported the emergence of an updated version of the ZLoader malware, which now employs a Domain Name System (DNS) tunneling technique for its command-and-control (C2) communications. This advancement illustrates a continued evolution of this malicious…

August 4, 2025

Top 5 Malware Threats to Watch Out for in 2025

January 8, 2025
Malware Analysis / Threat Intelligence

The year 2024 witnessed significant cyberattacks, impacting major companies like Dell and TicketMaster with data breaches and infrastructure disruptions. As we move into 2025, this trend is expected to persist. To safeguard against potential malware attacks, organizations must familiarize themselves with the evolving cyber threats. Here are five prevalent malware families you should start preparing to combat now.

Lumma
Lumma is a widely available malware designed to steal sensitive information. Since its emergence on the Dark Web in 2022, it has become a serious threat. This malware effectively collects and exfiltrates data from targeted applications, including login credentials, financial details, and personal information. Regularly updated to enhance its capabilities, Lumma can log extensive information from compromised systems, such as browsing history and cryptocurrency wallet data, and can also facilitate the installation of additional malicious software on infected devices. In 2024, Lumma was distributed through various channels…

Preparing for the Future: Top Malware Threats to Watch in 2025 January 8, 2025 Cybersecurity Insights / Threat Landscape As we step into 2025, the cybersecurity landscape continues to evolve, reflecting a persistent trend of high-profile incidents that plagued organizations throughout 2024. Major corporations, including industry giants like Dell and…

August 3, 2025

DoNot Team Linked to New Tanzeem Android Malware Aimed at Intelligence Gathering

The threat group known as DoNot Team is associated with a new Android malware linked to highly targeted cyber attacks. The malware, identified as Tanzeem (meaning “organization” in Urdu) and its update variant, was discovered by cybersecurity firm Cyfirma in October and December 2024. These applications share nearly identical functionalities, with only slight user interface changes. Cyfirma’s Friday analysis pointed out, “While designed as a chat application, it fails to operate after installation, crashing once the required permissions are granted.” The app’s name indicates a focus on targeting specific individuals or groups both domestically and internationally. DoNot Team, also known as APT-C-35, Origami Elephant, SECTOR02, and Viceroy Tiger, is a hacking group believed to originate from India, notorious for utilizing spear-phishing emails and various Android malware strains in their attacks.

DoNot Team Linked to Emerging Tanzeem Android Malware Targeting Intelligence Gathering January 20, 2025 In a notable development in the cyber threat landscape, the hacking group known as DoNot Team has been associated with a new strain of Android malware. This malware, identified as Tanzeem, which translates to “organization” in…

August 2, 2025

Fake Google Chrome Websites Distribute ValleyRAT Malware Through DLL Hijacking

February 6, 2025
Cyber Attack / Malware

Fraudulent websites posing as Google Chrome have been employed to spread malicious installers for a remote access trojan known as ValleyRAT. First identified in 2023, this malware is linked to a threat actor referred to as Silver Fox, whose previous operations primarily targeted Chinese-speaking regions, including Hong Kong, Taiwan, and Mainland China. According to Morphisec researcher Shmuel Uzan, “This actor has increasingly focused on key organizational roles—especially in finance, accounting, and sales—underscoring a strategic emphasis on high-value positions with access to sensitive data and systems.” Early cyber attack sequences have shown ValleyRAT being delivered alongside other malware types, such as Purple Fox and Gh0st RAT, the latter having been widely utilized by various Chinese hacking groups. Just last month, counterfeit installers for legitimate software were identified as a distribution method for these attacks.

Phony Google Chrome Sites Spread ValleyRAT Malware via DLL Hijacking In a concerning development for cybersecurity, fake websites purporting to offer Google Chrome are being utilized to distribute a remote access trojan known as ValleyRAT. This malware, first identified in 2023, has been linked to a cyber threat actor referred…

July 31, 2025

Belarus-Linked Ghostwriter Utilizes Macropack-Obfuscated Excel Macros to Distribute Malware

Feb 25, 2025
Malware / Cyber Espionage

A new campaign targeting opposition activists in Belarus and Ukrainian military and government entities is using malware-laden Microsoft Excel documents to spread a new variant of PicassoLoader. This operation appears to be an extension of an ongoing effort by the Belarus-aligned threat actor known as Ghostwriter (also referred to as Moonscape, TA445, UAC-0057, and UNC1151), which has been active since 2016. Ghostwriter is believed to align with Russian security interests and promote anti-NATO narratives.

“Preparation for the campaign began in July-August 2024, with active operations starting in November-December 2024,” stated SentinelOne researcher Tom Hegel in a technical report shared with The Hacker News. “Recent findings regarding malware samples and command-and-control (C2) infrastructure suggest that the operation continues to be active.” The attack chain, as analyzed by the cybersecurity firm, is initiated via a Google Drive shared link.

Belarus-Linked Ghostwriter Exploits Obfuscated Excel Macros to Distribute Malware February 25, 2025 Malware / Cyber Espionage A newly uncovered cyber campaign has emerged, targeting opposition activists in Belarus alongside military and governmental entities in Ukraine. This operation utilizes malware-infused Microsoft Excel documents to disseminate a variant of PicassoLoader, a malicious…

July 26, 2025

Supply Chain Attacks on Open Source Software are Becoming Unmanageable

Critical Supply-Chain Attacks Target Developers with Malicious npm and PyPI Packages Recent reports have surfaced regarding a string of supply-chain attacks targeting developers on npm and PyPI, resulting in the distribution of malicious packages designed to compromise systems and steal sensitive information. These incidents highlighted a significant vulnerability within open-source…

July 26, 2025

BBB Shares Tips to Help You Prevent Data Breaches

Rising Threat of Data Breaches: Protecting Your Business and Personal Information In recent months, numerous companies have reported data breaches that have compromised sensitive customer information, highlighting a growing concern among businesses across various sectors. Cybercriminals exploit malware and security vulnerabilities to access this information, often reselling it on the…

July 13, 2025

Critical Vulnerabilities, Threats, and Data Breach Incidents

The ever-changing digital environment is teeming with sophisticated cyber threats, necessitating vigilance and up-to-date knowledge. Our weekly newsletter acts as an essential resource, combining critical cybersecurity updates, expert insights, and practical strategies to empower business leaders in fortifying their defenses against emerging risks. This week’s dispatch features a comprehensive examination…

July 12, 2025

DoNot APT Targets European Ministry with New LoptikMod Malware

Trellix has uncovered a sophisticated spear-phishing assault conducted by the India-linked DoNot APT group, which targeted a European foreign affairs ministry. This article explores the group’s tactics, the LoptikMod malware, and the implications of this cyber espionage for global diplomatic relations. The DoNot APT group, also recognized as APT-C-35 and…

Tag Malware

ZLoader Malware Makes a Comeback Using DNS Tunneling to Conceal C2 Communications

Fake Google Chrome Websites Distribute ValleyRAT Malware Through DLL Hijacking

Belarus-Linked Ghostwriter Utilizes Macropack-Obfuscated Excel Macros to Distribute Malware

Supply Chain Attacks on Open Source Software are Becoming Unmanageable

BBB Shares Tips to Help You Prevent Data Breaches

Critical Vulnerabilities, Threats, and Data Breach Incidents

DoNot APT Targets European Ministry with New LoptikMod Malware

Help Prevent Exploitation, Report Breaches

Sector alert bulletin