North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup…
Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup…
Go2Tunnel is a tool used by Armored Likho for remote access and network tunneling, establishing reverse SSH tunnels to C2 servers. It…
Storm-2603 configured SSH connections through Visual Studio Code as part of multiple remote access channels during attacks.
NetScaler Gateway (formerly Citrix Gateway) is a secure remote access solution that provides VPN and application access for users.
Zoho Assist was used by Storm-2603 as one of multiple remote access channels during ransomware attacks, alongside Cloudflare tunneling and SSH.
Citrix Receiver is a remote access client whose signed binary was abused for DLL sideloading by Mustang Panda.
A remote access trojan delivered as a second-stage payload in the PolinRider campaign. Unpacked from encrypted payloads fetched via blockchain services like…
OtterCookie is a JavaScript malware family linked to North Korean campaigns, capable of remote access, command execution, screenshot capture, and data theft…
Gh0st RAT is a remote access trojan (RAT) that has been used in various cyber espionage campaigns. It allows attackers to remotely…
ValleyRAT is a malware family associated with Chinese cyber espionage groups. It is used for remote access and data theft, often delivered…