Found 25 bookmarks
Custom sorting
Threat actors misuse Node.js to deliver malware and other malicious payloads | Microsoft Security Blog
Threat actors misuse Node.js to deliver malware and other malicious payloads | Microsoft Security Blog
Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration.
#microsoft#EN#2025#Node.js#malware#ClickFix#exfiltration#analysis#campaign
·microsoft.com·
Threat actors misuse Node.js to deliver malware and other malicious payloads | Microsoft Security Blog
Microsoft Warns of Node.js Abuse for Malware Delivery
Microsoft Warns of Node.js Abuse for Malware Delivery
In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads. Microsoft on Tuesday issued a warning over the increasing use of Node.js for the delivery of malware and other malicious payloads. The tech giant has been seeing such attacks aimed at its customers since October 2024 and some of the observed campaigns are still active in April 2025.
#securityweek#EN#2025#malware#node.js#Microsoft#Abuse
·securityweek.com·
Microsoft Warns of Node.js Abuse for Malware Delivery
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry. The campaign uses a social engineering technique called ClickFix to deliver multiple credential-stealing malware in order to conduct financial fraud and theft. […]
#microsoft#EN#2025#Phishing#campaign#credential-stealing#malware#Booking.com#ClickFix
·microsoft.com·
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
How ransomware abuses BitLocker | Securelist
How ransomware abuses BitLocker | Securelist
The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. #BitLocker #Data #Descriptions #Encryption #Incident #Malware #Microsoft #Ransomware #Technologies #Windows #response
#Descriptions#Incident#BitLocker#Microsoft#Windows#Encryption#Ransomware#Malware#response#Data#Technologies
·securelist.com·
How ransomware abuses BitLocker | Securelist
DarkGate malware delivered via Microsoft Teams - detection and response
DarkGate malware delivered via Microsoft Teams - detection and response
While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats. Perhaps predictably, this feature has provided malicious actors a new avenue by which to exploit untrained or unaware users.
#cybersecurity.att.com#EN#2024#Microsoft#Teams#phishing#malware
·cybersecurity.att.com·
DarkGate malware delivered via Microsoft Teams - detection and response
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
#microsoft#EN#2022#Raspberry-Robin#malware#ecosystem#FakeUpdates#DEV-0651
·microsoft.com·
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 is a deep dive on the attacker behavior and will provide investigation guidance.
#microsoft#2021#LemonDuck#lemoncat#EN#malware#botnet#infrastructure
·microsoft.com·
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
#microsoft#EN#2022#Raspberry-Robin#malware#ecosystem#FakeUpdates#DEV-0651
·microsoft.com·
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 is a deep dive on the attacker behavior and will provide investigation guidance.
#microsoft#2021#LemonDuck#lemoncat#EN#malware#botnet#infrastructure
·microsoft.com·
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 is a deep dive on the attacker behavior and will provide investigation guidance.
#microsoft#2021#LemonDuck#lemoncat#EN#malware#botnet#infrastructure
·microsoft.com·
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure