Malware
Siloscape Malware Goes After Kubernetes Clusters
Cybercriminals have been heavily focused on Kubernetes clusters over the past year. They have unleashed several large-scale campaigns and malware families, which target Kubernetes clusters. The latest malware to adopt... Read more
Remove FaceFish Backdoor
The Facefish Backdoor is a multi-purpose implant, which targets Linux systems exclusively. Its name is inspired by the fact that all communication between the implant and the control server is encrypted via the... Read more
Remove NativeZone Malware
The NativeZone Malware is part of the hacking toolkit of the Nobelium APT, a cybercrime organization best known for its attack against the SolarWinds software vendor. Recently, their name made the news yet again, but... Read more
Remove ASPXSpy Malware
ASPXSpy Malware is an open-source piece of malware, which is being used by multiple Advanced Persistent Threat (APT) actors around the world. It is very small in size, and thanks to being open-source it can be... Read more
Vietnamese Malware Campaign by OceanLotus Targeting Macs
A new version of a previously known backdoor targeting Mac computers has been spotted in the wild by security researchers. The malware is thought to be related to the Vietnamese threat actor known as OceanLotus.... Read more
Remove IdleBuddy
IdleBuddy is a misleading piece of software, which targets Mac and Windows users. It may be distributed through software bundles, fake downloads, updaters and installers, or other shady downloads. According to its... Read more
APT28 Unleashes the SkinnyBoy Malware
The Russian Advanced Persistent Threat (APT) group, tracked under the aliases APT28 or Fancy Bear, has recently released a new piece of malware into the wild. The malware, dubbed SkinnyBoy, was used against several... Read more
Remove EnvyScout Malware
The APT29 hackers, also tracked under the group name Nobelium, have recently unleashed a new attack campaign, which uses a whole new array of malware samples. The previously undetected malware families are likely to... Read more
Remove VaporRage Malware
Nobelium, or APT29, is a cybercrime organization believed to operate from Russia. They gained popularity in the beginning of 2021 because of their attack against the SolarWinds software vendor. For this campaign, the... Read more
Remove FlexiSpy
FlexiSpy is a commercial product, which his being sold as a legitimate application used for parental control and employee monitoring. However, it ticks all checkboxes if you compare it to popular spyware – it manages... Read more
XCodeGhost Malware on iOS Devices
XCodeGhost is the name of a modified, malicious version of Apple's official XCode development environment that is used for creating and publishing mobile iOS applications. XCodeGhost was first discovered back in 2015... Read more
Remove Bloody Stealer
The Bloody Stealer is a new malware project, which is being rented out by its developers who appear to be from a Russian-speaking country. Ads for the Bloody Stealer can be found on several Russian hacking forums, and... Read more
Remove Ducky Stealer
The Ducky Stealer is a malicious application being rented out and sold on hacking forums, primarily frequented by Russian users. Unfortunately, malware developers have been focusing on selling their products to the... Read more
Remove BoomBox Malware
The BoomBox Malware is a custom implant developed by the hackers of Nobelium, an Advanced Persistent Threat (APT) group, which recently made the news because of their attacks against SolarWinds. The BoomBox Malware... Read more
BazaFlix Spam Campaign Spreads the BazarCall Malware
The operators of the BazarCall malware are utilizing a new type of attack to deliver malicious email attachments to their victims. The attack, dubbed BazaFlix, focuses on the usage of fake messages and emails, which... Read more
Apostle Malware Evolves from Wiper to Ransomware
The Apostle Malware is an interesting threat that was first spotted on the compromised networks of Israeli users and companies. The strange threat appears to be designated to work as a disk wiper, but because of bugs... Read more
Xvidsetup.exe Fake Update on Mac
Xvidsetup.exe is the name of a fake browser video plugin updater that contains malware. You may find it on malicious websites, disguised in a fake video player that prompts you to install the Xvidsetup.exe file in the... Read more
Simps Botnet Borrows Features from Mirai and Gafgyt Malware
Botnet projects have been on the rise ever since Mirai Botnet's source code was published online. This allowed cybercriminals to create dozens of spin-offs, many of which had fairly 'successful' campaigns. Typically,... Read more
