RAT

Pierluigi Paganini March 22, 2018
TeleRAT, a new Android Trojan that uses Telegram for data exfiltration

Security experts at Palo Alto Networks discovered a new Android Trojan dubbed TeleRAT that uses Telegram Bot API to communicate with the command and control (C&C) server and to exfiltrate data. TeleRAT appears to be originating from and/or to be targeting individuals in Iran, experts found similarities with another Android malware dubbed IRRAT Trojan, which also leverages […]

Pierluigi Paganini March 02, 2018
CannibalRAT, a RAT entirely written in Python observed in targeted attacks

Security researchers from Cisco Talos discovered a new remote access Trojan (RAT) dubbed CannibalRAT that has been written entirely in Python. The CannibalRAT RAT is being used in highly targeted attacks. the experts explained that even if it isn’t very sophisticated it exhibits signs of code cannibalisation from other open-source projects. “The RAT itself is not very sophisticated, […]

Pierluigi Paganini February 20, 2018
Coldroot RAT cross-platform malware targets MacOS without being detected

The former NSA hacker and malware researcher Patrick Wardle is back, this time he spotted a new remote access Trojan dubbed Coldroot RAT. The Coldroot RAT is a cross-platform that is targeting MacOS systems and the bad news is that AV software is not able to detect it. The malware acts as a keylogger on MacOS systems prior to […]

Pierluigi Paganini February 05, 2018
Cisco and FireEye Pointing Finger at North Korea Hacking Group For Adobe Flash 0-Day In The Wild

According to security researchers at Cisco and FireEye a North Korea Hacking Group is behind the attacks that exploited the recently discovered Adobe Flash 0-Day vulnerability. There have been over 1,000 Adobe Flash vulnerabilities since it was released. Designed to make website development easier and providing additional features not supported by standard web browsers, it also adds […]

Pierluigi Paganini January 18, 2018
North Korea Group 123 involved in at least 6 different hacking campaigns in 2017

North Korean hackers belonging to the North Korea Group 123 have conducted at least six different massive malware campaigns during 2017. North Korean hackers have conducted at least six different massive malware campaigns during 2017, most of them against targets in South Korea. Security researchers from Cisco’s Talos group who have monitored the situation for 12 […]

Pierluigi Paganini November 30, 2017
New variants of the UBoatRAT RAT hits targets in East Asia

Palo Alto Networks discovered a custom RAT dubbed UBoatRAT that has been used in targeted attacks on personnel or organizations related to South Korea. Security experts from Palo Alto Networks discovered custom remote access Trojan (RAT) dubbed UBoatRAT that has been used in targeted attacks on personnel or organizations related to South Korea and the video gaming […]

Pierluigi Paganini October 17, 2017
Even With The Best Email Spoofing Defences in The World, HMRC is Spoofed

Even with the most advanced email protections in place and an entire government organization to support them, the bad actors were able to spoof Her Majesty’s Revenue and Customs (HMRC) emails to spread a Java-based remote administration tool to unsuspecting UK recipients. In September 2017, Trustwave identified a scam campaign that pretended to come from HMRC. The […]

Pierluigi Paganini September 02, 2017
Experts spotted a malware campaign using HoeflerText Popups to push RAT Malware

Experts spotted a new EITest campaign leveraging HoeflerText Popups to target Google Chrome users and push NetSupport Manager RAT or Locky ransomware Security expert Brad Duncan with both the SANS Internet Storm Center and Palo Alto Networks’ Unit 42, has spotted a malware campaign leveraging bogus popups that alert users to a missing web-font. The crooks are targeting Google […]

Pierluigi Paganini April 02, 2017
Forcepoint spotted the modular Felismus RAT, it appears the work of skilled professionals

Malware researchers at Forcepoint have discovered a new modular malicious code, dubbed Felismus RAT, that appears the work of skilled professionals. Malware researchers at Forcepoint have discovered a new modular malicious code dubbed Felismus RAT. The malware has been used in highly targeted campaigns, experts believe the Felismus RAT is the work of skilled professionals. […]

Pierluigi Paganini March 17, 2017
New APT Campaign based on Poison Ivy RAT with C&C in China has been reversed by MalwareMustDie

New APT Campaign based on Poison Ivy RAT with C&C in China has been reversed by MalwareMustDie who shared a lot of interesting details about the attack vectors and reverse techniques. Our travel along the great analysis of a fresh, new insidious APT China campaign. An ordinary case of phishing? At the beginning, it seemed […]