Single Article Archives

Botnets Are Dead, Long Live Infostealers (A Comparison)

The landscape of cyber threats has been shifting dramatically in recent years, with a notable transition from traditional botnets to a more insidious form of malware:…

May 24, 2024 4 min read

Analysis

Analysis of APT attack cases targeting domestic companies using Dora RAT (Andariel Group)

AhnLab SEcurity intelligence Center (ASEC) recently confirmed cases of APT attacks by the Andariel group targeting domestic companies and institutions. The organizations identified as targets of…

May 20, 2024 8 min read

Atomic Stealer

An Infostealer’s Brewin’: Cuckoo & AtomicStealer Get Creative

Summary So far, 2024 really has been the year of the infostealer when it comes to macOS malware. Families like AtomicStealer, Cuckoo, and CloudJump are getting…

May 17, 2024 7 min read

Citrix

Initial Access Brokers, Infostealers, and Everything Between Them

Introduction Hudson Rock recently shed light on how a compromised Citrix account without MFA was potentially used to deploy a devastating ransomware attack on Change Healthcare. This attack…

May 15, 2024 4 min read

Discord

Identity Behind Massive Discord Spying Tool Revealed due to Infostealer Infection

This article aims to shed light on the identity behind a massive Discord spying tool and raise concerns about the possibility of private Discord data being…

May 6, 2024 4 min read

Citrix

Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare

In late February 2024 Change Healthcare suffered a devastating ransomware attack which led to major disruptions to the company’s platform, estimated at a staggering $872,000,000 The…

May 1, 2024 3 min read

Electron

Distribution of Infostealer Made With Electron

AhnLab SEcurity intelligence Center (ASEC) has discovered an Infostealer strain made with Electron. Electron is a framework that allows one to develop apps using JavaScript, HTML,…

Apr 30, 2024 2 min read

Analysis

Redline Stealer: A Novel Approach

A new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious behavior.McAfee telemetry data shows this malware…

Apr 25, 2024 7 min read

CoralRaider

CoralRaider targets victims’ data and social media accounts

Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at…

Apr 25, 2024 12 min read

Activision

Activision: Enable 2FA to secure accounts recently stolen by malware

An infostealer malware campaign has collected millions of logins from users of various gaming websites, including players that use cheats, pay-to-cheat services. The details emerged after Zebleer,…

Mar 30, 2024 3 min read

PyPI

PyPI halts new projects, users for 10 hours due to infostealer influx

A few hours ago, The Python Package Index (PyPi) suspended new project creation and new user registration to mitigate an ongoing malware upload campaign. The research…

Mar 30, 2024 8 min read

Group-IB

Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses

Group-IB discovers new information stealer targeting Vietnam with rare functionality to filter out Facebook accounts with advertising credits...

Feb 22, 2024 16 min read