Recently, researchers discovered that five malicious versions of AsyncAPI packages were uploaded to the Node Package Manager (npm). These packages contained a remote access trojan designed to steal user credentials and other sensitive information. This supply-chain attack poses a significant risk, as developers who unknowingly downloaded these infected packages could have their systems compromised. The incident highlights the vulnerabilities within the npm ecosystem and the importance of scrutinizing third-party packages before use. Developers and organizations should be vigilant about the packages they incorporate into their projects to avoid similar attacks in the future.
Articles tagged "Trojan"
Found 48 articles
A new remote access Trojan (RAT) called LabubaRAT has been discovered, which poses a significant risk to users by disguising itself as NVIDIA's container runtime toolkit. The malware uses a file named 'nvidia-sysruntime.exe' to trick users into executing it, potentially leading to unauthorized access to their systems. This tactic of impersonation could mislead individuals and organizations, making it easier for attackers to infiltrate networks. Users of NVIDIA software, especially those involved in containerization or graphics processing, should be particularly cautious. The emergence of LabubaRAT serves as a reminder of the ongoing challenges in cybersecurity and the need for vigilance against such deceptive tactics.
A recent report by QiAnXin, a Chinese cybersecurity firm, reveals that the Silver Fox group is using a new Remote Access Trojan (RAT) called MODBEACON, which is developed in Rust. Although their methods, such as SEO poisoning and fake software installers, may seem basic, the group's operation is more intricate, involving several distributors. This complexity raises concerns about the potential reach and effectiveness of their attacks. Organizations and users need to be vigilant about the software they download and the links they click to avoid falling victim to these tactics. The emergence of this Rust-based RAT signifies a shift in how attackers are developing malware, possibly making it harder to detect and mitigate.
A new remote access trojan (RAT) named MODBEACON has been linked to the Chinese cybercrime group Silver Fox. This malware, which is built using the Rust programming language, employs gRPC streaming for its command-and-control (C2) traffic, making it more challenging to detect and analyze. Researchers from QiAnXin noted that while the group may seem low-tech, they are actively using SEO poisoning techniques to distribute malicious software through fake installers. This development is concerning as it indicates a shift towards more sophisticated methods of malware distribution, potentially impacting users who unknowingly download compromised software. Organizations and individuals should be cautious of suspicious downloads and ensure they have strong cybersecurity measures in place.
The Hacker News
A group of hackers, believed to be linked to China, has launched a campaign targeting Indian taxpayers and finance professionals using a fake tax filing tool. This operation, dubbed Operation DragonReturn by Seqrite Labs, involves sending emails that appear to be from the Income Tax Department of India. The goal is to deliver a remote access trojan (DcRAT) that can steal sensitive information from infected systems. This attack not only threatens individual taxpayers but also poses risks to corporate finance teams who handle sensitive financial data. As cyber threats continue to evolve, awareness and vigilance are crucial for those in the affected sectors.
SCM feed for Latest
The Ousaban banking trojan is targeting users in Spain and Portugal through a new phishing campaign. This campaign begins with a deceptive PDF file that appears to be corrupted, luring users to click an 'Update' button. Once activated, the trojan can compromise personal banking information, posing significant risks to individuals' finances. This type of attack demonstrates a shift towards more stealthy methods, making it harder for users to recognize the threat. As phishing techniques continue to evolve, it's crucial for users to remain vigilant and skeptical of unexpected prompts, especially those urging software updates.
A new malware named ChocoPoC is targeting cybersecurity researchers through malicious proof-of-concept (PoC) exploits available on GitHub. This Python-based remote access trojan (RAT) allows attackers to execute commands and steal sensitive data from infected systems. The campaign appears to specifically aim at individuals in the cybersecurity field, raising concerns about the security of research and development environments. Researchers need to be vigilant when downloading and executing code from public repositories, as this can lead to serious data breaches. The incident underscores the ongoing risks associated with open-source software and the need for enhanced security measures in research practices.
A new Brazilian banking trojan named Ousaban is now targeting users in Spain and Portugal through phishing attacks, according to FortiGuard researchers. This malware is designed to steal sensitive banking information, posing a significant risk to individuals and financial institutions in these countries. Phishing typically involves deceptive emails or messages that trick users into revealing personal data or downloading malicious software. As Ousaban spreads, it raises concerns about the vulnerability of online banking systems and highlights the need for robust security measures among users. Both individuals and businesses in Spain and Portugal should remain vigilant against suspicious communications and take steps to protect their financial information.
Securelist
Kaspersky researchers have identified a large-scale campaign that uses compromised ScreenConnect software to deliver AsyncRAT, a type of remote access Trojan. Attackers are exploiting vulnerabilities in the legitimate ScreenConnect application to drop the malicious payload onto targeted systems. This incident raises concerns for users and organizations that rely on ScreenConnect for remote access, as they may unknowingly become victims of this malware. The report details the infection chain and the command and control (C2) infrastructure used in the attack, emphasizing the need for vigilance in software downloads and updates. Users should ensure they are downloading software from official sources and remain cautious of unsolicited software offers.
A new campaign involving the Millenium RAT, a remote access trojan, has reportedly affected over 62,000 devices across more than 160 countries. Researchers from Group-IB have identified that the malware has been rewritten in C++, making it more sophisticated and harder to detect. This malware primarily spreads through Telegram, which has raised concerns about the platform being exploited for malicious purposes. Users of various devices are at risk, as the trojan could allow attackers to gain unauthorized access and control over their systems. This incident underscores the need for users to be vigilant about the software they install and the links they click, particularly in messaging applications.
A new remote access trojan (RAT) called Mistic has emerged, being utilized by a group known as Woodgnat. This group is serving as an initial access broker, collaborating with several ransomware families, including Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. The presence of Mistic in the cybercrime ecosystem is concerning as it facilitates unauthorized access to systems, potentially leading to data theft or ransomware attacks. Organizations need to be aware of this threat, as it could significantly impact their security posture. The rise of Mistic indicates a growing trend where attackers are using specialized tools to breach defenses and deploy more damaging malware.
Researchers at JFrog discovered an npm package that mimics the popular postcss-selector-parser library, which is used in web development. This malicious package is designed to deliver a multi-stage Remote Access Trojan (RAT) on Windows systems. Users who unwittingly install this lookalike package could find their systems compromised, allowing attackers to gain control and potentially access sensitive information. The incident raises concerns about software supply chain security and the need for developers to verify the authenticity of packages before installation. This situation serves as a reminder for developers and organizations to exercise caution and implement security measures to protect against such deceptive tactics.
A new Android banking trojan named Rokarolla has emerged, targeting 217 banking and cryptocurrency applications. This malware operates with a sophisticated toolkit, utilizing 137 different commands to carry out its operations. Users of affected apps may be at risk of having their sensitive financial information compromised. As cybercriminals continue to develop more advanced tactics, it's crucial for users to stay vigilant and ensure they have proper security measures in place. The rise of such malware highlights the ongoing threat to mobile banking and cryptocurrency platforms, making it essential for both users and developers to prioritize security.
Securelist
Recent research has uncovered a long-running cybercrime operation targeting fans of pirated books, movies, and TV shows. In 2026, experts identified new websites associated with this gang, attracting tens of millions of visitors. These sites have been linked to malware distribution, including a Remote Access Trojan (RAT) that allows attackers to control infected devices. This situation poses significant risks for users who access these pirated materials, as they may unknowingly download harmful software. It's crucial for consumers to be aware of these dangers and consider the security implications of engaging with pirated content.
Recent reports from WatchGuard and ESET reveal two banking trojan campaigns targeting users in Latin America and Europe. The Grandoreiro malware is aimed at Windows devices, while the BTMOB RAT is designed for Android users. These campaigns specifically target companies in Spain, Portugal, and Mexico, as well as mobile users in Brazil. The malware's ability to siphon sensitive financial information poses a significant risk to both businesses and individual users. As cybercriminals continue to adapt their tactics, it's crucial for users to remain vigilant and implement security measures to protect their devices and data.