Mastodawn

⚠️ Remote access malware remained resilient despite broader declines. #AsyncRAT continued to grow and #Remcos rebounded, while most other major families trended downward.

📌 Trend to watch: when fewer families account for a larger share of activity, defenders can miss the signal by focusing on overall volume alone. Concentrated campaigns often create repeated exposure to the same attack paths, increasing the likelihood of successful compromise.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=080626&utm_content=linktoenterprise

#cybersecurity #infosec

ANY.RUN Jun 1

⚠️ Stealer activity surged last week. #Vidar, #Stealc, and #SalatStealer all increased, while #AsyncRAT and #DCRat also continued to grow.

📌 Trend to watch: credential theft is gaining momentum alongside remote access malware, giving attackers more opportunities to move from initial compromise to persistent access. For SOC teams, that means validating credential-related alerts quickly becomes even more important.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=010626&utm_content=linktoenterprise

#cybersecurity

ANY.RUN May 18

⚠️ Overall RAT activity cooled down last week, with #AsyncRAT, #XWorm, and #Remcos all declining, while stealers like #Vidar and #Stealc continued to grow.

📌 Trend to watch: this points to a shift toward credential access and large-scale delivery activity. For defenders, that usually means higher alert volume, broader exposure, and more pressure on early-stage triage.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=180526&utm_content=linktoenterprise
#cybersecurity

ANY.RUN May 11

⚠️ Remote access tooling remained active last week. #AsyncRAT, #Remcos, #Warzone, and #Netwire all increased, while #Vidar continued to decline.

📌 Trend to watch: the activity points to attackers prioritizing persistence and operator access over large-scale credential theft. For defenders, that usually means fewer obvious indicators and more time between initial compromise and detection.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=110526&utm_content=linktoenterprise

ANY.RUN May 4

⚠️ RAT activity is on the rise. #XWorm and #AsyncRAT are up, while stealers like #Vidar and #Lumma are declining.

📌 Trend to watch: this suggests a shift toward sustained access and post-compromise operations, not just initial data theft. Lower stealer volume doesn’t reduce risk, it often means fewer early signals but higher impact if missed.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=040526&utm_content=linktoenterprise

#cybersecurity #infosec

ANY.RUN Apr 27

Top 10 last week's threats by uploads 🌐
⬇️ #Xworm 575 (632)
⬆️ #Weedhack 414 (336)
⬇️ #Asyncrat 402 (720)
⬆️ #Gh0st 393 (343)
⬆️ #Dcrat 319 (223)
⬇️ #Remcos 310 (373)
⬆️ #Vidar 301 (266)
⬇️ #Quasar 221 (325)
⬆️ #Rustystealer 204 (175)
⬆️ #Lumma 199 (161)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=270426&utm_content=linktoregister#register

#cybersecurity

CyberVeille.ch Apr 22

📢 FormBook distribué via DLL side-loading et JavaScript obfusqué dans deux campagnes de phishing
📝 ## 🔍 Contexte

Publié le 20 avril 2026 par Eule...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-22-formbook-distribue-via-dll-side-loading-et-javascript-obfusque-dans-deux-campagnes-de-phishing/
🌐 source : https://www.watchguard.com/wgrd-security-hub/secplicity-blog/formbook-malware-analysis-phishing-campaigns-use-dll-side-loading
#AsyncRAT #DLL_side_loading #Cyberveille

FormBook distribué via DLL side-loading et JavaScript obfusqué dans deux campagnes de phishing

🔍 Contexte Publié le 20 avril 2026 par Euler Neto sur le blog Secplicity de WatchGuard, cet article présente une analyse technique de deux campagnes de phishing identifiées par la télémétrie WatchGuard, toutes deux visant à déployer le malware FormBook sur des systèmes Windows. 🎯 Ciblage géographique Les campagnes ciblent des entreprises situées en : Grèce Espagne Slovénie Bosnie-Herzégovine Amérique latine et centrale Les pièces jointes malveillantes portent des noms liés à des commandes ou paiements, rédigés dans la langue locale des victimes.

CyberVeille

ANY.RUN Apr 20

Top 10 last week's threats by uploads 🌐
⬇️ #Asyncrat 720 (831)
⬇️ #Xworm 632 (729)
⬆️ #Remcos 377 (240)
⬇️ #Gh0st 343 (391)
⬆️ #Weedhack 336 (151)
⬆️ #Quasar 325 (309)
⬇️ #Vidar 267 (273)
⬇️ #Dcrat 223 (242)
⬆️ #Blacknet 213 (68)
⬇️ #Stealc 191 (330)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=200426&utm_content=linktoregister#register