Malware
Nitrokod Malware Drops Cryptominer
Nitrokod is the name of a newly discovered piece of malware. Nitrokod is the first-stage tool in a long-term infection chain that culminates with the downloading of a cryptomining tool on the victim's system. Unlike... Read more
0ktapus Phishing Kit Deployed in Massive Campaign
A large-scale phishing campaign that was executed recently affected over a hundred organizations and companies. The tool used bears the same name as the threat actor behind the phishing campaign - 0ktapus. The... Read more
HYPERSCRAPE Malware Steals Information
HYPERSCRAPE is the name of a piece of malware associated with a threat actor known under the aliases Charming Kitten, APT35 and Phosphorous. Charming Kitten is believed to be an Iranian-based threat actor that... Read more
Escanor RAT Creeps on the Dark Web
A research team with security company Resecurity discovered a new malicious tool being distributed on the dark web. The new malware is a remote admin tool that was dubbed Escanor. The earliest sighting of Escanor... Read more
VileRAT Malware Used to Target Crypto Trading Companies
VileRAT is the name of a piece of multi-functional malware that was used to target a number of entities located in European and Middle-Eastern countries over the course of the last 12 months. VileRAT was responsible... Read more
Logtu Malware Used in Attacks on Eastern European Entities
Security researchers published a report on a series of cyber attacks targeting military industrial entities located in Eastern Europe and Afghanistan. The attacks took place back in January 2022 and are linked to a... Read more
Background.js is a Suspicious File - Find Out Why
Background.js is a file that has caused some concern among users. A .js file is a chunk of JavaScript code. A file with the specific name "background.js" is commonly associated with Chrome browser extensions and is... Read more
What is Winlogson Cryptominer Malware?
Winlogson is the name of an executable file that comprises the payload of a cryptomining malware tool. Winlogson is very obviously named the way it is to resemble the legitimate Winlogon process as closely as... Read more
Beware! Grenam Malware Masquerades as MS Paint
Grenam is the name of one part of a family of malicious files that has been identified by Microsoft's security researchers. The threat should be picked up by the instance of Microsoft Defender that you have running on... Read more
Aurora Malware Sold on Hacker Forums
Aurora is the name of a piece of malware being sold and distributed using hacker forums and the dark web. The malicious actor behind Aurora uses Telegram to sell their product, much like dozens of other threat actors,... Read more
ROMCOM RAT
The ROMCOM RAT is a threatening backdoor that is being used by threat developers named Tropical Scorpius, which is related to the Cuba Ransomware, also known as COLDDRAW. The ROMCOM RAT is programmed to delete ransom... Read more
What is FormsApp Malware?
FormsApp is the name of a malicious program that combines features typical for adware and Trojans. FormsApp can enter your system through various means. These include hitting bad redirects that can refer you directly... Read more
Heur.advml.c Detection
Heur.advml.c is the designation given to a heuristic detection that can be brought up by some antivirus applications. In most cases, this is a false positive. Heuristic detection in antivirus software works very... Read more
MagicWeb Malware Used by NOBELIUM APT
Microsoft's Threat Intelligence Center published a report on a new piece of malware associated with a Russian-speaking advanced persistent threat actor known under the aliases APT29, Cozy Bear and, under Microsoft's... Read more
How Malicious is the Diet.exe Cryptominer file?
Diet.exe is the name of a malicious file that acts as a cryptomining tool. Cryptominers are a category of malware that deploys on victim computers, then tries to keep a low profile while the crypto mining malware... Read more
Giddome Backdoor Linked to Russian Threat Actor
Security researchers with Symantec recently published a report on new activity conducted by Russian threat actors and aimed at Ukrainian targets. The threat actor is known by several aliases, including Gamaredon and... Read more
Dracarys Mobile Malware
A powerful and highly hurtful mobile malware is attacking Android users relentlessly. Named the Dracarys Mobile Malware, it can be installed on a targeted device when its user downloads a fake Signal messaging... Read more
RapperBot Malware Borrows from Mirai Botnet
RapperBot is the name of a piece of malware discovered by researchers with FortiGuard Labs. The new bot malware is based on code from the infamous Mirai botnet and has been described as "rapidly evolving". The chief... Read more
