AI Threat Scenario, GuLoader, DarkGate, MirrorBlast, Kutaki Stealer and More

In this version of the Hacker's Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including a newly created scenario that leverages AI Generated malware.
McAfee Labs researchers recently came across an email campaign being used to deliver the GUloader malware via a malicious Scalable Vector Graphics file.
According to the researchers, the infection would begin when the malicious SVG file was opened from an email attachment.
Upon execution of this WSF file, a PowerShell command would be executed to establish a connection with a malicious domain.
A shellcode would then be injected into the MSBuild application, facilitating further malicious actions.
The final stage used the injected shellcode to download and execute the final malicious executable.
The phishing email contains a PDF file and asks the receiver to open the attachment to confirm receipt of a payment.
Upon opening and extracting the attachment, a malicious command file gets executed that includes information-stealing malware - Kutaki.
Victims were lured via PDF files that led them to malicious websites hosting the Microsoft Windows SmartScreen bypass vulnerability CVE-2024-21412, eventually leading them to malicious Microsoft installers.
These fake and malicious MSI installers contained a sideloaded DLL file that decrypted and infected users with a DarkGate malware payload. DarkGate typically operates on a malware-as-a-service model and is one of the most prolific, sophisticated, and active strains of malware.
Net domain inside a PDF file served via the phishing campaign.
Victims must click the button inside the PDF file to begin the CVE-2024-21412 exploit by redirecting victims with the Google DoubleClick open redirect to a compromised web server containing a.URL Internet shortcut file.
These malicious URLs then lead to a compromised SharePoint or a fake OneDrive site used by attackers to evade detection.
Bother versions are generated using the Windows Installer XML Toolset version - 3.11.0.1528; once executed they drop two files into a random directory in ProgramData.
One of them is the legitimate software language interpreter executable and the other is the malicious script.
Once executed, the malicious script sends the victim's machine information to the C2 server.
A new malicious backdoor has been discovered in a compression utility known as xz Utils.
According to Andres Freund, the developer who discovered this backdoor, the malicious code added to versions 5.6.0 and 5.6.1 of xz Utils modifies the way the compression tool functions.
The backdoor manipulates sshd- the executable file used to make remote SSH connections.
Empower your team to understand more about ransomware attacks, methodologies, and behaviors-all through the lens of the attacker.


This Cyber News was published on securityboulevard.com. Publication date: Thu, 30 May 2024 20:13:11 +0000


Cyber News related to AI Threat Scenario, GuLoader, DarkGate, MirrorBlast, Kutaki Stealer and More

AI Threat Scenario, GuLoader, DarkGate, MirrorBlast, Kutaki Stealer and More - In this version of the Hacker's Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including a newly created scenario that leverages AI Generated malware. McAfee Labs researchers recently ...
2 weeks ago Securityboulevard.com
Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer - Malware, like many complex software systems, relies on the concept of software configuration. Configurations establish guidelines for malware behavior and they are a common feature among the various malware families we examine. The configuration data ...
5 months ago Unit42.paloaltonetworks.com
DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals - Vietnam-based cybercriminals are believed to be behind to attacks using DarkGate malware, which have targeted organizations in the UK, US and India since 2018. WithSecure researchers have tracked these attacks to an active cluster of cybercriminals ...
6 months ago Infosecurity-magazine.com
Exploitation of Windows SmartScreen Bypass Flaw Facilitates Deployment of DarkGate RAT - The operators behind the DarkGate malware have been taking advantage of a recently patched flaw in Windows SmartScreen through a phishing scheme. This campaign involves circulating counterfeit Microsoft software installers to spread the malicious ...
2 months ago Cysecurity.news
Fake Corsair job offers on LinkedIn push DarkGate malware - A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine. Cybersecurity company WithSecure ...
6 months ago Bleepingcomputer.com
'BattleRoyal' Hackers Deliver DarkGate RAT Using Every Trick - This fall, an unidentified threat actor executed dozens of varied social engineering campaigns against American and Canadian organizations across a variety of industries, with the goal of infecting them with the multifaceted DarkGate malware. Perhaps ...
5 months ago Darkreading.com
RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - A new version of the ScrubCrypt obfuscation tool is being used to target organizations with the RedLine Stealer malware, fraud sensor network Human Security has warned. Human's Satori Threat Intelligence Team said it has uncovered the new build of ...
6 months ago Infosecurity-magazine.com
GuLoader Malware Using Malicious NSIS Executable to Target E-Commerce Industry - E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month. The malspam activity is notable for transitioning away from malware-laced ...
1 year ago Thehackernews.com
Hackers abuse Windows SmartScreen flaw to drop DarkGate malware - A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. SmartScreen is a Windows security feature that ...
3 months ago Bleepingcomputer.com
Hackers exploit Windows SmartScreen flaw to drop DarkGate malware - A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. SmartScreen is a Windows security feature that ...
3 months ago Bleepingcomputer.com
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors - Earlier this year, Mandiant's Managed Defense threat hunting team identified an UNC2975 malicious advertising campaign promoting malicious websites themed around unclaimed funds. In each investigation under this campaign, Mandiant identified browser ...
5 months ago Mandiant.com
'Ov3r Stealer' Malware Spreads Through Facebook to Steal Crates of Info - The malware by design exfiltrates specific types of data such as geolocation, hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information, according ...
4 months ago Darkreading.com
Fake Browser Updates Targeting Mac Systems With Infostealer - A widely popular social engineering campaign previously only targeting Windows systems has expanded and is now using fake browser updates to distribute Atomic Stealer, a dangerous information stealer, to macOS systems. Experts say this could be the ...
6 months ago Darkreading.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
6 months ago Feeds.fortinet.com
ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware's Prevalence - Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK ...
5 months ago Techrepublic.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
3 months ago Microsoft.com
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
4 months ago Techrepublic.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
4 months ago Techrepublic.com
What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
4 months ago Feeds.dzone.com
How to Use Threat Intelligence Feeds for SOC/DFIR Teams - Threat intelligence feeds provide real-time updates on indicators of compromise, such as malicious IPs and URLs. Security systems can then ingest these IOCs to identify and block potential threats, which essentially grants organizations immunity to ...
4 weeks ago Cybersecuritynews.com
Facebook ads push new Ov3r Stealer password-stealing malware - A new password-stealing malware named Ov3r Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. The fake job ads are for management positions and lead users to a Discord URL where a ...
4 months ago Bleepingcomputer.com
Rhadamanthys Stealer malware evolves with more powerful features - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
5 months ago Bleepingcomputer.com
BattleRoyal Cluster Signals DarkGate Surge - Security researchers have warned against the DarkGate threat actor, who has recently gained notoriety in the realm of remote access Trojans and loaders. Earlier today, Proofpoint confirmed it has been tracking a distinct operator of the DarkGate ...
5 months ago Infosecurity-magazine.com
New Rhadamanthys stealer version enhances features, evasion - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
5 months ago Bleepingcomputer.com
Titan Stealer: A New Golang-Based Information Stealer Malware Emerges - A new Golang-based information stealer malware, dubbed Titan Stealer, is being advertised by threat actors through their Telegram channel. Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi first documented the malware in ...
1 year ago Thehackernews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)