Tag: RAT malware

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware
News

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

The cybersecurity company CrowdStrike has issued a warning that threat actors are taking advantage of the situation to spread Remcos RAT to its clients in Latin America under the pretense of offering a hotfix. CrowdStrike is currently under fire for causing widespread IT disruptions by pushing out a faulty update to Windows devices. The attack chains entail the distribution of a ZIP archive file called "crowdstrike-hotfix.zip," which is the payload for the Remcos RAT malware loader Hijack Loader (also known as DOILoader or IDAT Loader). To be more precise, the archive file also contains a text file called "instrucciones.txt" that contains instructions in Spanish urging users to run an executable file called "setup.exe" to fix the problem read more about Cybercriminals Exploit CrowdS...
Russian Government Software Backdoored to Deploy Konni RAT Malware
News

Russian Government Software Backdoored to Deploy Konni RAT Malware

A backdoor has been included in an installer for a utility that is probably used by the Ministry of Foreign Affairs (MID)'s Russian Consular Department to distribute the remote access trojan Konni RAT (also known as UpDog). The investigation was conducted by German cybersecurity firm DCSO, which concluded that actors with ties to the Democratic People's Republic of Korea (DPRK) were behind the action, which was directed towards Russia. The Konni activity cluster, also known as Opal Sleet, Osmium, or TA406, has a documented history of using Konni RAT against Russian organizations. Since October 2021, at least, the threat actor has also been connected to assaults on MID. In November 2023, Fortinet FortiGuard Labs made public the use of Microsoft Word documents written in Russian as...
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug
News

Lazarus hackers drop new RAT malware using 2-year-old Log4j bug

Lazarus, the infamous North Korean hacker group, is back at it again, using CVE-2021-44228, also known as "Log4Shell," to unleash three families of malware written in DLang that have never been seen before. Two remote access trojans (RATs) called NineRAT and DLRAT as well as a malware downloader called BottomLoader make up the new malware. Lazarus most likely selected the D programming language for new malware development in order to avoid detection because it is not frequently used in cybercrime operations. Code-named "Operation Blacksmith," the campaign began in March 2023 and targets physical security, manufacturing, and agricultural companies globally, according to Cisco read more Lazarus hackers drop new RAT malware using 2-year-old Log4j bug. Get up to date on the lates...