Articles tagged "Trojan"

Found 48 articles

A cybercriminal group known as Bloody Wolf is targeting organizations in Uzbekistan and Russia with a spear-phishing campaign designed to deploy a remote access trojan called NetSupport RAT. This group, which has been active since at least 2023, is focusing its attacks on the manufacturing, finance, and IT sectors. Kaspersky, a cybersecurity firm, is tracking this activity under the name Stan Ghouls. The use of spear-phishing indicates that the attackers are likely customizing their messages to trick specific individuals or organizations into downloading the malicious software. This type of threat can lead to significant data breaches and operational disruptions for the affected companies, making it crucial for them to enhance their email security and user awareness training.

Read Original

Researchers have identified a supply chain attack affecting legitimate npm and PyPI packages, specifically targeting versions of @dydxprotocol/v4-client-js. The compromised versions include 3.4.1, 1.22.1, 1.15.2, and 1.0.31. Attackers have modified these packages to distribute malware designed to steal cryptocurrency wallet credentials and enable remote access through RAT (Remote Access Trojan) software. This incident poses a significant risk to developers and users relying on these packages, as it can lead to unauthorized access to sensitive financial information. Companies and individual developers should review their dependencies and ensure they are using safe versions to mitigate potential risks.

Read Original
Actively Exploited

Bitdefender has identified a new Android malware campaign that uses Hugging Face, a platform typically associated with artificial intelligence and machine learning. This malware, classified as a Remote Access Trojan (RAT), is designed to gain unauthorized access to Android devices, potentially compromising user data and privacy. The campaign raises concerns as it exploits a legitimate platform to distribute malicious software, making it harder for users to detect the threat. Users of Android devices should be particularly cautious and ensure they download apps only from trusted sources to avoid falling victim to this malware. The implications are significant, especially for those who may unknowingly install infected applications, leading to data theft or device control by attackers.

Read Original
Actively Exploited

Researchers have discovered that malicious Python packages were uploaded to the Python Package Index (PyPI), posing a significant risk to developers. The harmful code was hidden within a file that appeared to be a Basque language dictionary but was actually a compressed archive containing a Remote Access Trojan (RAT). This incident could affect any developers who inadvertently install these malicious packages, potentially allowing attackers to gain unauthorized access to their systems. It serves as a reminder for users to be cautious when downloading packages from open-source repositories, as they can be exploited to distribute malware. Vigilance and thorough vetting of software dependencies are crucial for maintaining security.

Read Original

Researchers have identified a new variant of PureRAT, a remote access trojan (RAT), which now includes emojis in its code. The presence of these emojis suggests that the malware may have been generated using AI, pulling comments and content from social media. This finding raises concerns about the evolving tactics of cybercriminals, as they increasingly use advanced technology to craft their malware. Users and organizations should be vigilant, as this type of malware can compromise sensitive information and control systems remotely. The shift to AI-generated malware indicates a potential increase in the sophistication and adaptability of cyber threats.

Read Original

India is currently dealing with a sophisticated espionage campaign that utilizes the Blackmoon trojan. This attack begins with a ZIP file that conceals malicious files, allowing attackers to infiltrate systems. The campaign poses a significant risk to sensitive information and national security, as it targets various sectors within the country. Cybersecurity experts are urging organizations in India to remain vigilant and enhance their security measures to protect against such advanced threats. This incident underscores the ongoing risks of cyber espionage and the need for robust defense strategies.

Read Original
Actively Exploited

A new cybersecurity threat involves a malicious browser extension called NexShield, which uses social engineering tactics to crash users' browsers. This attack is designed to deliver a Python-based Remote Access Trojan (RAT), putting users' systems at risk of further compromise. The method relies on tricking users into installing the extension, which then takes control of their browsers. As a result, individuals and organizations that fall victim could face significant data theft or system damage. Users are advised to be cautious about browser extensions and ensure they are from trusted sources to avoid falling prey to such scams.

Read Original

Cybersecurity researchers at Securonix have reported a new campaign targeting the European hospitality sector, known as PHALT#BLYX. This campaign uses fake booking emails to trick hotel staff into clicking on links that lead to counterfeit blue screen of death (BSoD) error pages. By doing so, attackers aim to install a remote access trojan called DCRat on the victims' systems. This type of malware allows hackers to gain unauthorized access to sensitive information and control over the infected devices. The incident underscores the need for heightened vigilance among hotel employees regarding suspicious emails and links, as these tactics can lead to severe security breaches.

Read Original

The cybercriminal group known as Silver Fox has recently shifted its focus to Indian users, employing income tax-themed phishing emails to spread a remote access trojan called ValleyRAT. This malware is designed to give attackers remote control over infected systems. Researchers from CloudSEK, Prajwal Awasthi and Koushik Pal, noted that the attack utilizes a sophisticated method involving DLL hijacking to ensure the malware remains persistent on the target devices. Users in India should be particularly cautious of emails related to taxes, as they are being used as bait to deliver this malicious software. The rise in such targeted phishing campaigns emphasizes the need for increased awareness and cybersecurity measures among individuals and organizations.

Read Original
Critical
Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan

Hackread – Cybersecurity News, Data Breaches, AI, and More

Actively Exploited

A recent report from cybersecurity firm Ontinue reveals that the open-source monitoring tool Nezha is being misused as a Remote Access Trojan (RAT) by hackers. This abuse allows attackers to bypass security measures and gain control over servers worldwide. The exploitation of Nezha raises significant concerns for organizations using the tool, as it can lead to unauthorized access and potential data breaches. Users of the tool should be particularly vigilant, as this incident demonstrates how legitimate software can be weaponized for malicious purposes. The situation underscores the need for enhanced security protocols and monitoring to protect against such threats.

Read Original

A recent campaign has targeted developers through the Visual Studio Code (VSCode) Marketplace, where 19 malicious extensions have been found since February. These extensions cleverly disguise malware within dependency folders, hiding it in fake PNG files. Developers using these compromised extensions are at risk, as the malware can potentially compromise their systems and projects. This incident raises alarms about the safety of third-party tools within development environments. Users are urged to be cautious when installing extensions and to verify their sources to avoid falling victim to such attacks.

Read Original

North Korea-linked cyber actors are exploiting a recently identified vulnerability in React Server Components known as React2Shell to deploy a new remote access trojan called EtherRAT. This malware utilizes Ethereum smart contracts to manage command-and-control communications and can establish multiple persistence mechanisms on Linux systems. The emergence of EtherRAT marks a concerning development as it allows attackers to maintain access to compromised systems. Companies using React Server Components need to be vigilant and update their systems to mitigate this risk. The situation emphasizes the ongoing threat posed by state-sponsored hacking groups and the importance of timely patching of known vulnerabilities.

+1 more
Read Original

Albiriox is a new banking trojan developed by Russian cybercriminals, marketed through a malware-as-a-service model for a monthly fee. This malware poses a significant threat to Android users by targeting banking information and financial transactions, highlighting the ongoing risks associated with mobile malware.

Read Original

The article reports on a cyber attack campaign by the threat actor Bloody Wolf, which has been targeting Kyrgyzstan since June 2025 and has recently expanded its operations to Uzbekistan. The primary objective of these attacks is to deliver the NetSupport Remote Access Trojan (RAT), posing significant risks to the affected regions' cybersecurity landscape.

Read Original

The newly identified Sturnus Banking Trojan is currently under development and primarily targets messaging applications like WhatsApp, Telegram, and Signal, with a focus on users in Europe. This poses a significant risk to user privacy and security as it aims to exploit sensitive communications.

Read Original
PreviousPage 3 of 4Next