Mastodon Chapril

1 message1 participant0 message aujourd’hui

OTX BotBeaverTail and Tropidoor Malware Distributed via Recruitment EmailsAn attack involving BeaverTail and Tropidoor malware was discovered, targeting victims through fake recruitment emails from a developer community. The attackers provided a BitBucket link containing malicious code, including BeaverTail disguised as 'tailwind.config.js' and a downloader called 'car.dll'. BeaverTail, known for information theft and downloading additional payloads, was found in South Korea. The downloader shares similarities with the Lazarus group's LightlessCan malware. BeaverTail steals credential information and cryptocurrency wallet data from web browsers, while Tropidoor acts as a backdoor, connecting to C&C servers and executing various commands. The attack is suspected to be carried out by North Korean threat actors, highlighting the need for caution when dealing with executable files from unknown sources.Pulse ID: 67eec30f88dc6ea426373c6b Pulse Link: <a href="https://otx.alienvault.com/pulse/67eec30f88dc6ea426373c6b" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67eec30f88dc6ea426373c6b</a> Pulse Author: AlienVault Created: 2025-04-03 17:19:11Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/Browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Browser</a> <a href="https://social.raytec.co/tags/CandC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CandC</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/InformationTheft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InformationTheft</a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Korea</a> <a href="https://social.raytec.co/tags/Lazarus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lazarus</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NorthKorea</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/SouthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SouthKorea</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotTsarBot Trojan Hits 750+ Banking & Crypto Apps!A newly discovered Android banking Trojan, TsarBot, targets over 750 applications globally, including banking, finance, cryptocurrency, and e-commerce apps. It spreads through phishing sites masquerading as legitimate financial platforms and is installed via a dropper disguised as Google Play Services. TsarBot employs overlay attacks to steal credentials, records and remotely controls screens, and uses a fake lock screen to capture device lock credentials. It communicates with its C&C server using WebSocket across multiple ports to receive commands, send stolen data, and execute on-device fraud. The malware's capabilities include screen recording, keylogging, and SMS interception. Evidence suggests the threat actor behind TsarBot is likely of Russian origin.Pulse ID: 67ebfca5b1693b0052687f72 Pulse Link: <a href="https://otx.alienvault.com/pulse/67ebfca5b1693b0052687f72" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ebfca5b1693b0052687f72</a> Pulse Author: AlienVault Created: 2025-04-01 14:48:05Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Android</a> <a href="https://social.raytec.co/tags/Bank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Bank</a> <a href="https://social.raytec.co/tags/BankingTrojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BankingTrojan</a> <a href="https://social.raytec.co/tags/CandC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CandC</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> <a href="https://social.raytec.co/tags/GooglePlay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GooglePlay</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/SMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMS</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotA Deep Dive into Water Arsenal and InfrastructureWater Gamayun, a suspected Russian threat actor, exploits the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) to compromise systems and exfiltrate data. The group uses custom payloads like EncryptHub Stealer variants, SilentPrism and DarkWisp backdoors, as well as known malware like Stealc and Rhadamanthys. Their delivery methods include malicious provisioning packages, signed .msi files, and Windows MSC files. The attackers employ techniques such as LOLBins and encrypted communications to evade detection. Their infrastructure includes C&C servers for managing infected systems and exfiltrating data. The campaign highlights the group's adaptability and sophistication in cyber espionage operations.Pulse ID: 67e7cba2606bdb8acfedda1c Pulse Link: <a href="https://otx.alienvault.com/pulse/67e7cba2606bdb8acfedda1c" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67e7cba2606bdb8acfedda1c</a> Pulse Author: AlienVault Created: 2025-03-29 10:29:54Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/CandC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CandC</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Espionage</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Rhadamanthys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Rhadamanthys</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/Stealc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Stealc</a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Vulnerability</a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> <a href="https://social.raytec.co/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ZeroDay</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

Recherches récentes

Options de recherche

Administré par :

Statistiques du serveur :

#CandC