Mastodawn

⚠️ Remote access tooling remained active last week. #AsyncRAT, #Remcos, #Warzone, and #Netwire all increased, while #Vidar continued to decline.

📌 Trend to watch: the activity points to attackers prioritizing persistence and operator access over large-scale credential theft. For defenders, that usually means fewer obvious indicators and more time between initial compromise and detection.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=110526&utm_content=linktoenterprise

ANY.RUN May 4

⚠️ RAT activity is on the rise. #XWorm and #AsyncRAT are up, while stealers like #Vidar and #Lumma are declining.

📌 Trend to watch: this suggests a shift toward sustained access and post-compromise operations, not just initial data theft. Lower stealer volume doesn’t reduce risk, it often means fewer early signals but higher impact if missed.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=040526&utm_content=linktoenterprise

#cybersecurity #infosec

ANY.RUN Apr 27

Top 10 last week's threats by uploads 🌐
⬇️ #Xworm 575 (632)
⬆️ #Weedhack 414 (336)
⬇️ #Asyncrat 402 (720)
⬆️ #Gh0st 393 (343)
⬆️ #Dcrat 319 (223)
⬇️ #Remcos 310 (373)
⬆️ #Vidar 301 (266)
⬇️ #Quasar 221 (325)
⬆️ #Rustystealer 204 (175)
⬆️ #Lumma 199 (161)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=270426&utm_content=linktoregister#register

#cybersecurity

CyberVeille.ch Apr 22

📢 FormBook distribué via DLL side-loading et JavaScript obfusqué dans deux campagnes de phishing
📝 ## 🔍 Contexte

Publié le 20 avril 2026 par Eule...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-22-formbook-distribue-via-dll-side-loading-et-javascript-obfusque-dans-deux-campagnes-de-phishing/
🌐 source : https://www.watchguard.com/wgrd-security-hub/secplicity-blog/formbook-malware-analysis-phishing-campaigns-use-dll-side-loading
#AsyncRAT #DLL_side_loading #Cyberveille

FormBook distribué via DLL side-loading et JavaScript obfusqué dans deux campagnes de phishing

🔍 Contexte Publié le 20 avril 2026 par Euler Neto sur le blog Secplicity de WatchGuard, cet article présente une analyse technique de deux campagnes de phishing identifiées par la télémétrie WatchGuard, toutes deux visant à déployer le malware FormBook sur des systèmes Windows. 🎯 Ciblage géographique Les campagnes ciblent des entreprises situées en : Grèce Espagne Slovénie Bosnie-Herzégovine Amérique latine et centrale Les pièces jointes malveillantes portent des noms liés à des commandes ou paiements, rédigés dans la langue locale des victimes.

CyberVeille

ANY.RUN Apr 20

Top 10 last week's threats by uploads 🌐
⬇️ #Asyncrat 720 (831)
⬇️ #Xworm 632 (729)
⬆️ #Remcos 377 (240)
⬇️ #Gh0st 343 (391)
⬆️ #Weedhack 336 (151)
⬆️ #Quasar 325 (309)
⬇️ #Vidar 267 (273)
⬇️ #Dcrat 223 (242)
⬆️ #Blacknet 213 (68)
⬇️ #Stealc 191 (330)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=200426&utm_content=linktoregister#register