Found 8 bookmarks
Custom sorting
Rhadamanthys v0.5.0 - a deep dive into the stealer’s components
Rhadamanthys v0.5.0 - a deep dive into the stealer’s components
  • The Rhadamanthys stealer is a multi-layer malware, sold on the black market, and frequently updated. Recently the author released a new major version, 0.5.0. In the new version, the malware expands its stealing capabilities and also introduces some general-purpose spying functions. A new plugin system makes the malware expandable for specific distributor needs. The custom executable formats, used for modules, are unchanged since our last publication (XS1 and XS2 formats are still in distribution). Check Point Research (CPR) provides a comprehensive review of the agent modules, presenting their capabilities and implementation, with a focus on how the stealer components are loaded and how they work.
#checkpoint#EN#2023#Rhadamanthys#stealer#malware#analysis
·research.checkpoint.com·
Rhadamanthys v0.5.0 - a deep dive into the stealer’s components
New RisePro Stealer distributed by the prominent PrivateLoader
New RisePro Stealer distributed by the prominent PrivateLoader
PrivateLoader is an active malware in the loader market, used by multiple threat actors to deliver various payloads, mainly information stealer. Since our previous investigation, we keep tracking the malware to map its ecosystem and delivered payloads. Starting from this tria.ge submission, we recognized a now familiar first payload, namely PrivateLoader. However, the dropped stealer was not part of our stealer growing collection, notably including RedLine or Raccoon. Eventually SEKOIA.IO realised it was a new undocumented stealer, known as RisePro. This article aims at presenting SEKOIA.IO RisePro information stealer analysis.
#sekoia#EN#2022#PrivateLoader#malware#stealer#RisePro#analysis
·blog.sekoia.io·
New RisePro Stealer distributed by the prominent PrivateLoader
The Case of Cloud9 Chrome Botnet
The Case of Cloud9 Chrome Botnet
The Zimperium zLabs team recently discovered a malicious browser extension, originally called Cloud9, which not only steals the information available during the browser session but can also install malware on a user's device and subsequently assume control of the entire device. In this blog, we will take a deeper look into this malicious browser extension.
#zimperium#EN#2022#browser#extension#Cloud9#malicious#stealer#malware#Analysis
·zimperium.com·
The Case of Cloud9 Chrome Botnet
New RisePro Stealer distributed by the prominent PrivateLoader
New RisePro Stealer distributed by the prominent PrivateLoader
PrivateLoader is an active malware in the loader market, used by multiple threat actors to deliver various payloads, mainly information stealer. Since our previous investigation, we keep tracking the malware to map its ecosystem and delivered payloads. Starting from this tria.ge submission, we recognized a now familiar first payload, namely PrivateLoader. However, the dropped stealer was not part of our stealer growing collection, notably including RedLine or Raccoon. Eventually SEKOIA.IO realised it was a new undocumented stealer, known as RisePro. This article aims at presenting SEKOIA.IO RisePro information stealer analysis.
#sekoia#EN#2022#PrivateLoader#malware#stealer#RisePro#analysis
·blog.sekoia.io·
New RisePro Stealer distributed by the prominent PrivateLoader
The Case of Cloud9 Chrome Botnet
The Case of Cloud9 Chrome Botnet
The Zimperium zLabs team recently discovered a malicious browser extension, originally called Cloud9, which not only steals the information available during the browser session but can also install malware on a user's device and subsequently assume control of the entire device. In this blog, we will take a deeper look into this malicious browser extension.
#zimperium#EN#2022#browser#extension#Cloud9#malicious#stealer#malware#Analysis
·zimperium.com·
The Case of Cloud9 Chrome Botnet