ANY.RUN1d ago

⚠️ Stealer activity surged last week. #Vidar, #Stealc, and #SalatStealer all increased, while #AsyncRAT and #DCRat also continued to grow.

📌 Trend to watch: credential theft is gaining momentum alongside remote access malware, giving attackers more opportunities to move from initial compromise to persistent access. For SOC teams, that means validating credential-related alerts quickly becomes even more important.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=010626&utm_content=linktoenterprise

#cybersecurity

ANY.RUNMay 18

⚠️ Overall RAT activity cooled down last week, with #AsyncRAT, #XWorm, and #Remcos all declining, while stealers like #Vidar and #Stealc continued to grow.

📌 Trend to watch: this points to a shift toward credential access and large-scale delivery activity. For defenders, that usually means higher alert volume, broader exposure, and more pressure on early-stage triage.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=180526&utm_content=linktoenterprise
#cybersecurity

ANY.RUNMay 11

⚠️ Remote access tooling remained active last week. #AsyncRAT, #Remcos, #Warzone, and #Netwire all increased, while #Vidar continued to decline.

📌 Trend to watch: the activity points to attackers prioritizing persistence and operator access over large-scale credential theft. For defenders, that usually means fewer obvious indicators and more time between initial compromise and detection.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=110526&utm_content=linktoenterprise

ANY.RUNMay 4

⚠️ RAT activity is on the rise. #XWorm and #AsyncRAT are up, while stealers like #Vidar and #Lumma are declining.

📌 Trend to watch: this suggests a shift toward sustained access and post-compromise operations, not just initial data theft. Lower stealer volume doesn’t reduce risk, it often means fewer early signals but higher impact if missed.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=040526&utm_content=linktoenterprise

#cybersecurity #infosec

ANY.RUNApr 27

Top 10 last week's threats by uploads 🌐
⬇️ #Xworm 575 (632)
⬆️ #Weedhack 414 (336)
⬇️ #Asyncrat 402 (720)
⬆️ #Gh0st 393 (343)
⬆️ #Dcrat 319 (223)
⬇️ #Remcos 310 (373)
⬆️ #Vidar 301 (266)
⬇️ #Quasar 221 (325)
⬆️ #Rustystealer 204 (175)
⬆️ #Lumma 199 (161)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=270426&utm_content=linktoregister#register

#cybersecurity

CyberVeille.chApr 22

📢 FormBook distribué via DLL side-loading et JavaScript obfusqué dans deux campagnes de phishing
📝 ## 🔍 Contexte

Publié le 20 avril 2026 par Eule...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-22-formbook-distribue-via-dll-side-loading-et-javascript-obfusque-dans-deux-campagnes-de-phishing/
🌐 source : https://www.watchguard.com/wgrd-security-hub/secplicity-blog/formbook-malware-analysis-phishing-campaigns-use-dll-side-loading
#AsyncRAT #DLL_side_loading #Cyberveille

FormBook distribué via DLL side-loading et JavaScript obfusqué dans deux campagnes de phishing

🔍 Contexte Publié le 20 avril 2026 par Euler Neto sur le blog Secplicity de WatchGuard, cet article présente une analyse technique de deux campagnes de phishing identifiées par la télémétrie WatchGuard, toutes deux visant à déployer le malware FormBook sur des systèmes Windows. 🎯 Ciblage géographique Les campagnes ciblent des entreprises situées en : Grèce Espagne Slovénie Bosnie-Herzégovine Amérique latine et centrale Les pièces jointes malveillantes portent des noms liés à des commandes ou paiements, rédigés dans la langue locale des victimes.

CyberVeille
ANY.RUNApr 20

Top 10 last week's threats by uploads 🌐
⬇️ #Asyncrat 720 (831)
⬇️ #Xworm 632 (729)
⬆️ #Remcos 377 (240)
⬇️ #Gh0st 343 (391)
⬆️ #Weedhack 336 (151)
⬆️ #Quasar 325 (309)
⬇️ #Vidar 267 (273)
⬇️ #Dcrat 223 (242)
⬆️ #Blacknet 213 (68)
⬇️ #Stealc 191 (330)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=200426&utm_content=linktoregister#register

#cybersecurity #infosec

Anonymous 🐈️🐾☕🍵🏴🇵🇸 Apr 14

Top 10 last week's threats by uploads 🌐
⬆️ #Asyncrat 832 (693)
⬆️ #Xworm 730 (640)
⬇️ #Gh0st 391 (396)
⬇️ #Stealc 330 (409)
⬆️ #Salatstealer 320 (320)
⬆️ #Quasar 309 (283)
⬇️ #Vidar 274 (343)
⬇️ #Remcos 244 (296)
⬆️ #Dcrat 242 (238)
⬇️ #Lumma 185 (187)
Explore malware in action:
https://app.any.run/?utm_source=twitter&utm_medium=post&utm_campaign=top_ten&utm_term=130426&utm_content=linktoregister

#Top10Malware

Anonymous 🐈️🐾☕🍵🏴🇵🇸 Apr 14

Top 10 last week's threats by uploads 🌐
⬆️ #Asyncrat 832 (693)
⬆️ #Xworm 730 (640)
⬇️ #Gh0st 391 (396)
⬇️ #Stealc 330 (409)
⬆️ #Salatstealer 320 (320)
⬆️ #Quasar 309 (283)
⬇️ #Vidar 274 (343)
⬇️ #Remcos 244 (296)
⬆️ #Dcrat 242 (238)
⬇️ #Lumma 185 (187)
Explore malware in action:
https://app.any.run/?utm_source=twitter&utm_medium=post&utm_campaign=top_ten&utm_term=130426&utm_content=linktoregister

#Top10Malware

ANY.RUNApr 13

Top 10 last week's threats by uploads 🌐
⬆️ #Asyncrat 832 (693)
⬆️ #Xworm 730 (640)
⬇️ #Gh0st 391 (396)
⬇️ #Stealc 330 (409)
⬆️ #Salatstealer 320 (320)
⬆️ #Quasar 309 (283)
⬇️ #Vidar 274 (343)
⬇️ #Remcos 244 (296)
⬆️ #Dcrat 242 (238)
⬇️ #Lumma 185 (187)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=130426&utm_content=linktoregister#register

#cybersecurity #infosec