Pierluigi Paganini
January 06, 2021
Researchers uncovered a malspam campaign that spreads the QNode remote access Trojan (RAT) using fake Trump’s sex scandal video as bait. Security experts from Trustwave uncovered a malspam campaign that is delivering the QNode remote access Trojan (RAT) using fake Trump’s sex scandal video as bait. The spam messages use the subject “GOOD LOAN OFFER!!” […]
Pierluigi Paganini
December 10, 2020
Threat actors behind the njRAT Remote Access Trojan (RAT) are leveraging active Pastebin Command and Control Tunnels to avoid detection. Researchers from Palo Alto Networks’ Unit 42 reported that operators behind the njRAT Remote Access Trojan (RAT), aka Bladabindi, are leveraging Pastebin Command and Control tunnels to avoid detection. “In observations collected since October 2020, […]
Pierluigi Paganini
December 01, 2020
npm security staff removed two packages that contained malicious code to install the njRAT remote access trojan (RAT) on developers’ computers. Security staff behind the npm repository removed two packages that were found containing the malicious code to install the njRAT remote access trojan (RAT) on computers of JavaScript and Node.js developers who imported and […]
Pierluigi Paganini
April 01, 2020
Researchers spotted a campaign using Excel files to spread LimeRAT malware using the 8-year-old and well-known VelvetSweatshop bug. Researchers at the Mimecast Threat Center spotted a new campaign using Excel files to spread LimeRAT malware using the 8-year-old VelvetSweatshop bug. LimeRAT is a powerful Remote Administration Tool publicly available as an open-source project on Github, it […]
Pierluigi Paganini
February 23, 2020
Cisco Talos researchers discovered a new malware, tracked as ObliqueRAT, that was employed targeted attacks against organizations in Southeast Asia. Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. The malware was employed in targeted attacks against […]
Pierluigi Paganini
December 09, 2019
Researchers discovered a new Python-based RAT dubbed PyXie that has been used in campaigns targeting a wide range of industries. Experts at BlackBerry Cylance have spotted a new Python-based remote access Trojan (RAT) that has been used in campaigns targeting a wide range of industries. PyXie has been first observed in the wild in 2018, […]
Pierluigi Paganini
October 01, 2019
Adwind is back, a new variant of the popular RAT is targeting US petroleum industry entities with new advanced features. A new variant of the popular Adwind RAT (aka jRAT, AlienSpy, and JSocket) is targeting entities in the US petroleum industry. The new variant implements advanced features such as multi-layer obfuscation. The malware is distributed via a […]
Pierluigi Paganini
August 15, 2019
Apparently financially-motivated threat actors carried out a long-term campaign against the Balkans involving a backdoor and a RAT to compromise the targets. Security experts from ESET uncovered a long-running campaign carried out by a financially-motivated threat actor. The attackers combined a backdoor dubbed BalkanDoor and a remote access Trojan tracked as BalkanRAT to take control […]
Pierluigi Paganini
August 02, 2019
Experts warn of a phishing campaign targeting US companies in the utility sector aimed at infecting systems with a new LookBack RAT. Security experts at Proofpoint uncovered a phishing campaign targeting US companies in the utility sector aimed at infecting systems with a new LookBack RAT. “Between July 19 and July 25, 2019, several spear-phishing […]
Pierluigi Paganini
July 08, 2019
Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder Introduction In the last period, we observed an increase of the malware spreading using less-known archive types as an initial dropper, in particular, ISO image. The spread of threats exploiting ISO image to hide […]
Uncategorized / September 27, 2025
Hacking / September 27, 2025
