PHP Obfuscator with Backdoor
An online tool offers a service to obfuscate PHP code, but it also silently inserts a backdoor into the code that allows any other PHP code to be executed!
Urgent security alert for Fedora 41 and Fedora Rawhide users
Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access.
APT29 Uses WINELOADER to Target German Political Parties | Mandiant
APT29 used a new backdoor variant publicly tracked as WINELOADER to target German political parties.
Secret Backdoor Codes in Safe Locks
Senator Ron Wyden has found that the DoD banned the use of such locks for U.S. government systems, but deliberately kept information about the backdoors from the public.
Malicious PyPI package opens backdoors on Windows, Linux, and Macs
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
Chinese hackers abuse VLC Media Player to launch malware loader
Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.
Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica
Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."
Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529
In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.
New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
Bitdefender researchers have discovered a new backdoor targeting Mac OS users.
New RustDoor macOS malware impersonates Visual Studio update
A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.
A backdoor with a cryptowallet stealer inside cracked macOS software
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.
Analyzing DPRK's SpectralBlur
In both his twitter (err, X) thread and in a subsequent posting he provided a comprehensive background and triage of the malware dubbed SpectralBlur. In terms of its capabilities he noted: SpectralBlur is a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2. -Greg He also pointed out similarities to/overlaps with the DPRK malware known as KandyKorn (that we covered in our “Mac Malware of 2024” report), while also pointing out there was differences, leading him to conclude: We can see some similarities ... to the KandyKorn. But these feel like families developed by different folks with the same sort of requirements. -Greg
Russian military hackers target Ukraine with new MASEPIE malware
Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour.
Malicious PyPI package opens backdoors on Windows, Linux, and Macs
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
Chinese hackers abuse VLC Media Player to launch malware loader
Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.
Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica
Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."
Malicious PyPI package opens backdoors on Windows, Linux, and Macs
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
Chinese hackers abuse VLC Media Player to launch malware loader
Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.
Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica
Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."
A cascade of compromise: unveiling Lazarus' new campaign
We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns
Disclosing the BLOODALCHEMY backdoor
BLOODALCHEMY is a new, actively developed, backdoor that leverages a benign binary as an injection vehicle, and is a part of the REF5961 intrusion set.
Trojanized Free Download Manager found to contain a Linux backdoor
Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.
TETRA Radio Code Encryption Has a Flaw: A Backdoor
A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.
Emerging Threat! Exposing JOKERSPY
Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.
Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack
During routine detection maintenance, our Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. The following analysis is incomplete, as we are trying to identify the puzzle pieces that are still missing.
Malicious PyPI package opens backdoors on Windows, Linux, and Macs
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
Chinese hackers abuse VLC Media Player to launch malware loader
Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.
Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica
Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."
A Shady Chinese Firm’s Encryption Chips Got Inside NATO and NASA
The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.