Found 22 bookmarks
Custom sorting
New TorNet backdoor seen in widespread campaign
New TorNet backdoor seen in widespread campaign
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. The actor has delivered different payloads, including Agent Tesla, Snake Keylogger, and a new undocumented backdoor we are calling TorNet, dropped by PureCrypter malware. The actor is running a Windows scheduled task on victim machines—including on endpoints with a low battery—to achieve persistence. The actor also disconnects the victim machine from the network before dropping the payload and then connects it back to the network, allowing them to evade detection by cloud antimalware solutions. We also found that the actor connects the victim’s machine to the TOR network using the TorNet backdoor for stealthy command and control (C2) communications and detection evasion.
#talosintelligence#EN#2025#TorNet#backdoor#campaign#Poland#Germany#analysis#malware
·blog.talosintelligence.com·
New TorNet backdoor seen in widespread campaign
Analyzing DPRK's SpectralBlur
Analyzing DPRK's SpectralBlur
In both his twitter (err, X) thread and in a subsequent posting he provided a comprehensive background and triage of the malware dubbed SpectralBlur. In terms of its capabilities he noted: SpectralBlur is a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2. -Greg He also pointed out similarities to/overlaps with the DPRK malware known as KandyKorn (that we covered in our “Mac Malware of 2024” report), while also pointing out there was differences, leading him to conclude: We can see some similarities ... to the KandyKorn. But these feel like families developed by different folks with the same sort of requirements. -Greg
#objective-see#EN#2024#Analysis#macOS#backdoor#SpectralBlur#malware
·objective-see.org·
Analyzing DPRK's SpectralBlur
Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack
Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack
During routine detection maintenance, our Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. The following analysis is incomplete, as we are trying to identify the puzzle pieces that are still missing.
#bitdefender#EN#2023#macOS#malware#Cross-Platform#Backdoor
·bitdefender.com·
Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack
From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
A new variant of the URSNIF malware, first observed in June 2022, marks an important milestone for the tool. Unlike previous iterations of URSNIF, this new variant, dubbed LDR4, is not a banker, but a generic backdoor (similar to the short-lived SAIGON variant), which may have been purposely built to enable operations like ransomware and data theft extortion. This is a significant shift from the malware’s original purpose to enable banking fraud, but is consistent with the broader threat landscape.
#mandiant#EN#2022#URSNIF#backdoor#Banking#malware#Gozi#CUTWAIL#spam
·mandiant.com·
From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
A new variant of the URSNIF malware, first observed in June 2022, marks an important milestone for the tool. Unlike previous iterations of URSNIF, this new variant, dubbed LDR4, is not a banker, but a generic backdoor (similar to the short-lived SAIGON variant), which may have been purposely built to enable operations like ransomware and data theft extortion. This is a significant shift from the malware’s original purpose to enable banking fraud, but is consistent with the broader threat landscape.
#mandiant#EN#2022#URSNIF#backdoor#Banking#malware#Gozi#CUTWAIL#spam
·mandiant.com·
From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind