New Snake Keylogger variant uses Autolt to deliver and execute malicious payload
Malware Developments
New Snake Keylogger variant uses Autolt to deliver and execute malicious payload
A newly discovered variant of Snake Keylogger leverages AutoIt to deliver and execute its malicious payload, adding an extra layer of obfuscation to evade detection. In this version, the malware is compiled as an AutoIt binary, making static analysis more challenging by embedding the payload within the script. Additionally, AutoIt enables dynamic execution that mimics legitimate automation tools, further complicating detection. READ MORE.
FINALDRAFT malware exploits Outlook for covert command-and-control
A newly discovered malware strain, FINALDRAFT, has been identified leveraging Microsoft's Graph API to use Outlook's mail service for covert command-and-control (C2) communications. This sophisticated backdoor maintains persistence through scheduled tasks while evading detection by masquerading as a legitimate DLL and injecting itself into system processes to operate stealthily. FINALDRAFT is typically delivered via malicious RAR archives that contain a disguised DLL loader alongside decoy documents. Upon execution, it dynamically resolves API calls to avoid static detection and encrypts network traffic to evade monitoring. By exploiting Microsoft Graph API for C2, the malware blends malicious activity with normal email traffic, significantly complicating detection efforts. READ MORE.
New FakeUpdate malware campaigns target macOS with FrigidStealer
The FakeUpdate malware campaigns have become more advanced, with two new cybercriminal groups, TA2726 and TA2727, distributing a new macOS infostealer known as FrigidStealer. This campaign targets multiple platforms, with TA2726 acting as the traffic distributor and TA2727 deploying various payloads, including Lumma Stealer for Windows, Marcher for Android, and FrigidStealer for macOS. READ MORE.
Phishing Campaign Developments
Phishing campaign conceals JavaScript with an invisible unicode method
A new method of JavaScript obfuscation is emerging as a significant threat, leveraging invisible Unicode characters to hide malicious code in plain sight. This approach is being actively exploited in phishing campaigns targeting specific groups, and its ability to conceal malicious payloads within seemingly empty scripts raises serious concerns about detection and mitigation. READ MORE.
Gain deeper Cyber Threat Intelligence (CTI) insights
CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.
Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.
Great dad | Inspired Risk Management and Security | Cybersecurity | AI Governance | Data Science & Analytics My posts and comments are my personal views and perspectives but not those of my employer
21 小时前CyberProof three-eye open examples of malware evolution and sophistication. Do you have signals that these are AI-powered or assistance