Mastodawn

Top 10 last week's threats by uploads 🌐
⬆️ #Asyncrat 533 (472)
⬇️ #Xworm 350 (476)
⬇️ #Dcrat 268 (452)
⬆️ #Vidar 249 (227)
⬆️ #Agenttesla 243 (157)
⬆️ #Stealc 215 (212)
⬇️ #Remcos 196 (207)
⬆️ #Salatstealer 189 (183)
⬆️ #Lumma 183 (137)
⬆️ #Quasar 158 (156)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=090326&utm_content=linktoregister#register

OTX Bot 5d ago

VOID#GEIST Malware Delivers Multiple RATs through Multi-Stage Attack CTIA

VOID#GEIST is actively targeting Windows systems using phishing emails and malicious scripts. It installs remote access trojans such as XWorm,
AsyncRAT and Xeno RAT to allow attackers to control infected computers.

Pulse ID: 69ab76815510954864898d9c
Pulse Link: https://otx.alienvault.com/pulse/69ab76815510954864898d9c
Pulse Author: cryptocti
Created: 2026-03-07 00:51:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AsyncRAT #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #RemoteAccessTrojan #Trojan #Windows #Worm #XWorm #XenoRAT #bot #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

CyberVeille.ch Mar 3

📢 Campagne stego sur archive.org livrant Remcos et AsyncRAT via injecteur .NET
📝 Selon un billet de blog technique signé « Kirk » (28 février 2026), une campagne active détourne archive.org comme plateforme de distribution en dissimulant des inject...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-02-campagne-stego-sur-archive-org-livrant-remcos-et-asyncrat-via-injecteur-net/
🌐 source : https://www.derp.ca/research/archive-org-stego-campaign/
#AsyncRAT #IOC #Cyberveille

Campagne stego sur archive.org livrant Remcos et AsyncRAT via injecteur .NET

Selon un billet de blog technique signé « Kirk » (28 février 2026), une campagne active détourne archive.org comme plateforme de distribution en dissimulant des injecteurs .NET dans des images JPEG 4K via stéganographie, afin de livrer en parallèle les RATs Remcos 7.1.0 Pro et AsyncRAT 1.0.7. — Contexte et technique de stéganographie 🧪 — Les images (3840x2160) contiennent un bloc base64 de DLL .NET placé après le marqueur EOF JPEG (FF D9) à l’offset 1 390 750, encadré par des marqueurs qui ont évolué de BaseStart/-BaseEnd (24 fév.) à IN-/==-in1 (25–28 fév.). Un dropper PowerShell télécharge l’image (WebClient.DownloadData), extrait le bloc par regex, puis charge l’assembly en mémoire ([Reflection.Assembly]::Load). Les DLL injectées se font passer pour Microsoft.Win32.TaskScheduler.dll et embarquent l’injecteur Mandark (RunPE), avec un durcissement croissant (ConfuserEx, ressources chiffrées, RSA-1024, obfuscation).

CyberVeille

ANY.RUN Mar 2

Top 10 last week's threats by uploads 🌐
⬆️ #Xworm 476 (303)
⬆️ #Asyncrat 472 (363)
⬇️ #Dcrat 452 (527)
⬆️ #Vidar 227 (174)
⬆️ #Stealc 212 (176)
⬇️ #Remcos 208 (262)
⬇️ #Salatstealer 183 (219)
⬇️ #Agenttesla 157 (247)
⬇️ #Quasar 156 (192)
⬇️ #Gh0st 155 (161)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=020326&utm_content=linktoregister#register

#cybersecurity #infosec

ANY.RUN Feb 23

Top 10 last week's threats by uploads 🌐
⬆️ #Dcrat 527 (429)
⬇️ #Asyncrat 364 (432)
⬇️ #Xworm 303 (370)
⬆️ #Remcos 268 (250)
⬇️ #Agenttesla 247 (523)
⬆️ #Salatstealer 219 (215)
⬇️ #Quasar 192 (212)
⬇️ #Stealc 176 (258)
⬇️ #Vidar 174 (256)
⬆️ #Lumma 172 (154)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=230226&utm_content=linktoregister#register

#cybersecurity #infosec

ANY.RUN Feb 16

Top 10 last week's threats by uploads 🌐
⬇️ #Agenttesla 523 (548)
⬇️ #Asyncrat 432 (435)
⬆️ #Dcrat 429 (379)
⬆️ #Xworm 370 (366)
⬇️ #Stealc 258 (360)
⬇️ #Vidar 256 (345)
⬆️ #Remcos 254 (232)
⬆️ #Worm 250 (121)
⬆️ #Reverseloader 224 (167)
⬆️ #Quasar 212 (200)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=160226&utm_content=linktoregister#register

#cybersecurity #infosec

ANY.RUN Feb 9

Top 10 last week's threats by uploads 🌐
⬆️ #Agenttesla 549 (306)
⬇️ #Asyncrat 435 (443)
⬆️ #Dcrat 379 (225)
⬇️ #Xworm 366 (435)
⬇️ #Stealc 360 (475)
⬇️ #Vidar 345 (455)
⬆️ #Salatstealer 235 (206)
⬇️ #Remcos 234 (307)
⬆️ #Gh0st 225 (166)
⬇️ #Quasar 200 (207)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=090226&utm_content=linktoregister#register

#cybersecurity #infosec

ANY.RUN Feb 2

Top 10 last week's threats by uploads 🌐
⬆️ #Stealc 475 (311)
⬆️ #Vidar 456 (309)
⬆️ #Asyncrat 444 (360)
⬇️ #Xworm 435 (861)
⬆️ #Remcos 307 (277)
⬆️ #Agenttesla 307 (157)
⬆️ #Reverseloader 303 (143)
⬆️ #Dcrat 227 (88)
⬇️ #Quasar 208 (233)
⬇️ #Salatstealer 206 (221)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=020226&utm_content=linktoregister#register

#cybersecurity #infosec

ANY.RUN Jan 27

⚠️ In 2025, #Lumma led detections with 31K+ cases, while #XWorm saw sharp growth, up 4.3x year over year.

#AsyncRAT and #Remcos followed with ~16K detections each, while #Quasar and #Vidar entered the top list, signaling renewed RAT and stealer diversification.

📈 Learn more in our 2025 threat landscape report: https://any.run/cybersecurity-blog/malware-trends-2025/?utm_source=mastodon&utm_medium=post&utm_campaign=malware_trends_25&utm_term=270126&utm_content=linktoblog

#cybersecurity #infosec