Found 2 bookmarks
Custom sorting
RansomHub Affiliate leverages Python-based backdoor
RansomHub Affiliate leverages Python-based backdoor
In an incident response in Q4 of 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints. The threat actor later leveraged this access to deploy RansomHub encryptors throughout the entire impacted network. ReliaQuest documented an earlier version of this malware on their website in February 2024.
#guidepointsecurity#EN#2025#incident-response#Python-based#backdoor#ransomware#RansomHub#SocGholish#FakeUpdate
·guidepointsecurity.com·
RansomHub Affiliate leverages Python-based backdoor
New macOS 'KandyKorn' malware targets cryptocurrency engineers
New macOS 'KandyKorn' malware targets cryptocurrency engineers
A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform. The attackers impersonate members of the cryptocurrency community on Discord channels to spread Python-based modules that trigger a multi-stage KandyKorn infection chain. Elastic Security discovered and attributed the attacks to Lazarus based on overlaps with past campaigns concerning the employed techniques, network infrastructure, code-signing certificates, and custom Lazarus detection rules.
#bleepingcomputer#EN#2023#macOS#Lazarus#Discord#Python-based#cryptocurrency#engineers#Targeted
·bleepingcomputer.com·
New macOS 'KandyKorn' malware targets cryptocurrency engineers