VulnHub

Real-time Cybersecurity News

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

The Hacker News
Actively Exploited
Malware

Overview

Researchers have identified a new variant of the LOTUSLITE malware, which is being used to target banks in India and policy circles in South Korea. This malware operates as a backdoor, allowing attackers to communicate with a command-and-control server using dynamic DNS over HTTPS. It offers features like remote shell access, file operations, and session management, indicating its use for espionage purposes. The focus on the banking sector suggests that attackers may be seeking sensitive financial information or operational data. This development raises concerns about the security of financial institutions in India and the potential implications for their clients and operations.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Indian banking sector, South Korean policy circles
  • Action Required: Organizations should improve their security measures, including regular updates to antivirus software, network monitoring for suspicious activity, and employee training on recognizing phishing attempts.
  • Timeline: Newly disclosed

Original Article Summary

Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, and session management, indicating a continued espionage-focused capability set rather than

Impact

Indian banking sector, South Korean policy circles

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should improve their security measures, including regular updates to antivirus software, network monitoring for suspicious activity, and employee training on recognizing phishing attempts.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Mirai Botnet Targets Flaw in Discontinued D-Link Routers

SecurityWeek

The Mirai botnet is exploiting a command injection vulnerability found in certain discontinued D-Link routers. This issue emerged about a year after the vulnerability was publicly disclosed and proof-of-concept exploit code was released. Users of these routers are at risk, as the botnet can take control of the devices, potentially turning them into part of a larger network for launching attacks. The fact that these routers are no longer supported by D-Link means that affected users will not receive any official security updates or patches, leaving them vulnerable. It's crucial for individuals and organizations still using these routers to take immediate action to secure their networks, as the exploitation is ongoing.

Apr 22, 2026

Claude Mythos Finds 271 Firefox Vulnerabilities

SecurityWeek

A recent analysis by Claude Mythos has uncovered 271 vulnerabilities in the Firefox web browser. Mozilla has stated that these vulnerabilities could also have been identified by skilled human researchers, indicating a significant level of concern regarding the browser's security. Users of Firefox should be aware of these vulnerabilities, as they could potentially expose them to various cyber threats. The sheer number of flaws raises questions about the effectiveness of current security measures in place for the browser. Mozilla has yet to release specific details about fixes or patches to address these issues, making it critical for users to stay updated on future developments.

Apr 22, 2026

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

The Hacker News

Researchers have identified a new type of malware known as Lotus Wiper, which has been used in attacks against Venezuela's energy systems. This malware, discovered by Kaspersky, has been particularly destructive, targeting the energy and utilities sector from late last year into early 2026. The attacks utilize two batch scripts to execute the file-wiping functionality, leading to significant data loss and disruption in the affected systems. This incident is concerning as it highlights the vulnerabilities in critical infrastructure, which can have serious implications for national security and public services. With the energy sector being a vital component of any country's operations, such attacks could hinder essential services and impact everyday life.

Apr 22, 2026

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

SecurityWeek

Recent cyberattacks attributed to North Korean hackers have targeted financial organizations, particularly those involved in cryptocurrency, venture capital, and blockchain. These attacks utilize AppleScript and a tool called ClickFix to exploit vulnerabilities in macOS systems. The campaigns aim to compromise the security of these entities, which are often seen as lucrative targets due to the significant amounts of money involved in digital currencies and investments. This shift in tactics marks a concerning trend in how threat actors approach financial institutions, making it crucial for companies in these sectors to strengthen their cybersecurity measures.

Apr 22, 2026

Researchers Uncover ProxySmart Software Powering 90+ SIM Farms

Infosecurity Magazine

Researchers from Infrawatch have identified the ProxySmart platform as a key enabler for more than 90 SIM farms, which are operations that use many SIM cards to perform automated tasks like sending spam or engaging in fraudulent activities. The ProxySmart software allows these SIM farms to operate at an 'industrial scale,' raising concerns about the potential for widespread abuse, particularly in the realms of online fraud and bot activity. This discovery is significant as it shows how easily accessible tools can facilitate large-scale cybercriminal operations, impacting businesses and consumers alike. As SIM farms can bypass traditional security measures, this poses a challenge for telecommunications companies and law enforcement trying to combat fraud and maintain network integrity.

Apr 22, 2026

The AI era demands a different kind of CISO

CyberScoop

The article discusses the evolving role of Chief Information Security Officers (CISOs) in the context of rapidly advancing AI technologies. With attackers now able to exploit vulnerabilities within minutes, traditional security audits are becoming outdated. CISOs are urged to move towards real-time monitoring and awareness to keep pace with these threats. This shift is crucial as organizations face increasing risks from sophisticated cyber attacks that can bypass static defenses. The call for change emphasizes the need for CISOs to adapt their strategies to ensure better protection for their organizations.

Apr 22, 2026