Key Takeaways The blog delves into a new infection approach to disseminating the SectopRAT final payload. Providing insight into LummaC stealer and its method of procuring the Amadey bot malware. The Amadey bot replicates itself to ensure persistence, generating an LNK file within the startup folder directory. Upon being started, this LNK file triggers the …
LummaC Stealer Leveraging Amadey Bot to Deploy SectopRAT Read More »
Key Takeaways • The blog highlights a new infection technique for distributing STRRAT version 1.6. It involves a spam email with a PDF attachment that, when opened, downloads a zip file containing the malicious JavaScript, which drops STRRAT. • STRRAT version 1.6 employs two string obfuscation techniques: “Zelix KlassMaster (ZKM)” and “Allatori”, making …
STRRAT’s Latest Version Incorporates Dual Obfuscation Layers Read More »
Keylogger and Gh0st RAT Variant deployed to spy on Users  Threat actors (TAs) have been relentlessly employing diverse techniques to propagate malware by leveraging counterfeit websites of renowned applications. Cyble Research and Intelligence Labs (CRIL) reported on a trojanized version of Telegram specifically aimed at Chinese users. Telegram is a widely used application, …
Sophisticated SiMay RAT Spreads Via Telegram Phishing Site Read More »
CRIL analyzes the phishing campaign masquerading Turkish Government to distribute Android RAT with VNC and Keylogging feature.
Cyble Research & Intelligence Labs analyzes DarkWatchman, a Remote Access Trojan that has been spreading via Phishing sites.
CRIL analyzes Gigabud RAT, the latest Android malware posing as a government agency to steal sensitive information.