CyberArk Labs discovered a new malware called Vare that is distributed over the popular chatting service, Discord. Vare has been used to target new malware operators by using social engineering tactics on them. Additionally, we have found that Vare uses Discord’s infrastructure as a backbone for its operations. This malware is linked to a new group called “Kurdistan 4455” based out of southern Turkey and is still early in its forming stage.

We detected Mac malware MacStealer spreading via websites, social media, and messaging platforms Twitter, Discord, and Telegram. Cybercriminals lure victims to download it by plagiarizing legitimate play-to-earn (P2E) apps’ images and offering jobs as beta testers.

We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022.

The rise of publicly-accessible Al models like ChatGPT has produced some interesting attempts to create malware. How seriously should defenders take them?

A suspected Chinese actor used a zero-day vulnerability in FortiOS and custom malware for espionage.

With victims refusing to pay, cybercriminal gangs are now releasing stolen photos of cancer patients and sensitive student records.

We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems.

Jamf Threat Labs has spotted a family of Mac malware, XMRig, that spreads through pirated versions of Final Cut Pro, Photoshop and Logic Pro X.

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy's…

You may have heard about the cryptojacking malware on macOS. Read about a new one spotted by Jamf Threat Labs.

Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.

Last October, Trustwave SpiderLabs blogged about the use and prevalence of HTML email attachments to deliver malware and phishing for credentials.

We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures.

During the past 4 months Microsoft Onenote file format has been (ab)used as Malware carrier by different criminal groups. While the main infection vector is still on eMail side - so nothing really relevant to write on - the used techniques, the templates and the implemented code to inoculate Malware changed a lot. So it…

Key Findings:

• The use of Microsoft OneNote documents to deliver malware via email is increasing.
• Multiple cybercriminal threat actors are using OneNote documents to deliver malware.
• While some campaigns are targeted at specific industries, most are broadly targeted and include thousands of messages.
• In order to detonate the payload, an end-user must interact with the OneNote document.
• Campaigns have impacted organizations globally, including North America and Europe.
• TA577 returned from a month-long hiatus in activity and began using OneNote to deliver Qbot at the end of January 2023.

HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
Aqua Nautilus researchers discovered a new elusive and severe threat that has been infiltrating and residing on servers worldwide since early September 2021. Known as HeadCrab, this advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers. The HeadCrab botnet has taken control of at least 1,200 servers.

This blog will delve into the details of the HeadCrab attack, examining its methods of operation, techniques used to evade detection, and steps organizations can take to safeguard their systems.

We have recently written about malvertising campaigns that leverage Google paid advertisements to try and trick people into downloading malware instead of the software they were looking for. This malware then stole login credentials from the affected system.

Find out why one of our Android experts has been obsessing over a little black box from Amazon.

We have analyzed more than 800 IT job ads and resumes on the dark web. Here is what the dark web job market looks like.

SEO poisoning is gaining momentum as threat actors leverage malicious ads to deliver malware through web browser searches.