Articles Archive

Almost every cyber attack begins at a key ingredient: an Infostealer

Infostealers commit close to the perfect crime. They sneak into your computer, grab your logins, passwords, and anything of value, and then delete themselves on the…

Jun 19, 2024 1 min read

Blog Post

Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.

I wrote a piece recently about Copilot+ Recall, a new Microsoft Windows 11 feature which — in the words of Microsoft CEO Satya Nadella- takes “screenshots” of…

Jun 8, 2024 11 min read

Uncategorized

Iluria Stealer; a Variant of Another Discord Stealer

EXECUTIVE SUMMARY At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics employed by malicious actors who target organizations and individuals. The…

Jun 8, 2024 7 min read

Malware

Sapphire Werewolf polishes Amethyst stealer to attack over 300 companies

The adversaries use the open-source SapphireStealer to create their own Infostealer malware for collecting employee authentication data from Russian companies. Since March 2024, the BI.ZONE Threat Intelligence team…

Jun 8, 2024 7 min read

Malware

A Catalog of Hazardous AV Sites – A Tale of Malware Hosting

Executive summary In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files such as APK, EXE and…

May 29, 2024 7 min read

Botnets

Botnets Are Dead, Long Live Infostealers (A Comparison)

The landscape of cyber threats has been shifting dramatically in recent years, with a notable transition from traditional botnets to a more insidious form of malware:…

May 24, 2024 4 min read

Analysis

Analysis of APT attack cases targeting domestic companies using Dora RAT (Andariel Group)

AhnLab SEcurity intelligence Center (ASEC) recently confirmed cases of APT attacks by the Andariel group targeting domestic companies and institutions. The organizations identified as targets of…

May 20, 2024 8 min read

Atomic Stealer

An Infostealer’s Brewin’: Cuckoo & AtomicStealer Get Creative

Summary So far, 2024 really has been the year of the infostealer when it comes to macOS malware. Families like AtomicStealer, Cuckoo, and CloudJump are getting…

May 17, 2024 7 min read

Citrix

Initial Access Brokers, Infostealers, and Everything Between Them

Introduction Hudson Rock recently shed light on how a compromised Citrix account without MFA was potentially used to deploy a devastating ransomware attack on Change Healthcare. This attack…

May 15, 2024 4 min read

Discord

Identity Behind Massive Discord Spying Tool Revealed due to Infostealer Infection

This article aims to shed light on the identity behind a massive Discord spying tool and raise concerns about the possibility of private Discord data being…

May 6, 2024 4 min read

Citrix

Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare

In late February 2024 Change Healthcare suffered a devastating ransomware attack which led to major disruptions to the company’s platform, estimated at a staggering $872,000,000 The…

May 1, 2024 3 min read

Electron

Distribution of Infostealer Made With Electron

AhnLab SEcurity intelligence Center (ASEC) has discovered an Infostealer strain made with Electron. Electron is a framework that allows one to develop apps using JavaScript, HTML,…

Apr 30, 2024 2 min read