Threat actors misuse Node.js to deliver malware and other malicious payloads | Microsoft Security Blog
Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration.
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. The actor has delivered different payloads, including Agent Tesla, Snake Keylogger, and a new undocumented backdoor we are calling TorNet, dropped by PureCrypter malware. The actor is running a Windows scheduled task on victim machines—including on endpoints with a low battery—to achieve persistence. The actor also disconnects the victim machine from the network before dropping the payload and then connects it back to the network, allowing them to evade detection by cloud antimalware solutions. We also found that the actor connects the victim’s machine to the TOR network using the TorNet backdoor for stealthy command and control (C2) communications and detection evasion.
Effective Phishing Campaign Targeting European Companies and Organizations
A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover. A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover.
Ongoing Social Engineering Campaign Refreshes Payloads
On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing Techniques, Tactics, and Procedures (TTPs) that are consistent with an ongoing social engineering campaign being tracked by Rapid7.
We unravel the details of two large-scale StrelaStealer campaigns from 2023 and 2024. This email credential stealer has a new variant delivered through zipped JScript. #2024 #Campaign #EN #JScript #StrelaStealer #analysis #paloaltonetworks
The Titan Stealer: Notorious Telegram Malware Campaign
The Uptycs threat research team discovered a Titan stealer malware campaign, which is marketed and sold by a threat actor (TA) through a Telegram channel.
The Titan Stealer: Notorious Telegram Malware Campaign
The Uptycs threat research team discovered a Titan stealer malware campaign, which is marketed and sold by a threat actor (TA) through a Telegram channel.
![Massive ois[.]is Black Hat Redirect Malware Campaign](https://rdl.ink/render/https%3A%2F%2Fblog.sucuri.net%2Fwp-content%2Fuploads%2F2022%2F11%2FBlogPost_Feature-Image_1490x700_PHP-Login-Stealer.png?width=92&height=&ar=&mode=&format=avif&dpr=2)
