Phantom Footprints: Tracking GhostSocks Malware

GhostSocks is an emerging threat that turns compromised devices into residential proxy nodes, enabling attackers to evade detection. Originally marketed on Russian underground forums as Malware-as-a-Service, it has gained popularity due to its partnership with Lumma Stealer. Written in GoLang, GhostSocks uses SOCKS5 proxy protocol and TLS encryption to blend malicious traffic into normal network activity. It also incorporates backdoor functionality for running arbitrary commands and deploying additional payloads. Darktrace observed an increase in GhostSocks activity, detecting it alongside Lumma Stealer in customer networks. The malware's versatility in converting devices into proxy nodes while enabling covert network access illustrates how threat actors maximize the value of compromised infrastructure.

Pulse ID: 69cbf2e5f01a923f01d49ea8
Pulse Link: https://otx.alienvault.com/pulse/69cbf2e5f01a923f01d49ea8
Pulse Author: AlienVault
Created: 2026-03-31 16:14:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Darktrace #Encryption #Golang #InfoSec #LummaStealer #Malware #MalwareAsAService #OTX #OpenThreatExchange #Proxy #RAT #Russia #TLS #bot #socks5 #AlienVault

Threat Landscape Brief - 2026
Source: Darktrace Annual Threat Report

Key Metrics:
• 20% YoY rise in disclosed vulnerabilities
• 32M phishing emails detected
• 8.2M targeted VIP accounts
• 28% increase in QR-based phishing
• 70% of Americas incidents initiated via stolen credentials
• Microsoft Azure most targeted cloud
• Docker environments saw 54.3% honeypot targeting

Operational shift:
• Credential abuse > exploit development
• AI-assisted phishing increasing personalization
• DMARC bypass at 70% legitimacy pass rate
• Fresh domains deployed at scale

Strategic implication:
Identity telemetry and behavioral analytics are now mission-critical.

Source: https://www.darktrace.com/blog/what-the-darktrace-annual-threat-report-2026-means-for-security-leaders

Follow @technadu for actionable threat intelligence.
Share your detection strategy insights below.

#Infosec #ThreatIntel #IdentitySecurity #Darktrace #CloudSecurity #Azure #PhishingDefense #ZeroTrust #IAM #SecurityOperations #CyberRisk #TechNadu

FBI IC3, Darktrace, and Fortinet are all reporting sharp increases in ATO fraud, holiday phishing, and malicious retail-themed domains.
• 5,100+ ATO complaints (2025)
• >$262M in reported losses
• 620% surge in phishing attempts
• Fake Amazon/Walmart/Macy’s pages everywhere
• 18k+ new malicious holiday domains
• Active exploits hitting Magento, WooCommerce, Oracle EBS

Stay vigilant this season: confirm URLs manually, use MFA, avoid search-ad logins, and monitor account activity.

Source: https://www.ic3.gov/PSA/2025/PSA251125

💬 What’s your best advice for preventing ATO and holiday scam victims in 2025?
Follow TechNadu for more analysis.

#infosec #cybersecurity #ATO #phishing #holidayfraud #CISO #ThreatIntel #Darktrace #Fortinet #FBI

🚨 Darktrace uncovers ShadowV2 — a DDoS-for-hire platform blending malware & DevOps.
🔹 Python + Go malware, Dockerized
🔹 Exploits AWS EC2 exposed Docker daemons
🔹 Advanced TTPs: HTTP/2 rapid reset, Cloudflare UAM bypass
🔹 Operator UI + APIs → “DDoS-as-a-service”
⚠️ Threat actors are now building cybercrime with cloud-native design principles.

👉 Are defenders ready to detect API-driven, containerized attack platforms?

Follow @technadu for #CyberSecurity + #ThreatIntel updates.

#ShadowV2 #Darktrace #Botnet #DDoS #CloudSecurity #ContainerSecurity #Malware #CyberCrime

We sat down with Nathaniel Jones, VP Security & AI Strategy at Darktrace, to discuss insider tampering, MFA fatigue scams, LLM lateral movement, MaaS operations, and encrypted traffic anomalies.

🔗 Full Q&A here: https://www.technadu.com/detecting-modern-threats-mfa-fatigue-llm-agent-lateral-movement-and-encrypted-traffic-anomalies/607370/

#CyberSecurity #Darktrace #AI #MFAFatigue #DevSecOps

Darktrace’s H1 2025 threat review shows:
- 12.6M+ phishing emails (25% targeting VIPs)
- AI-assisted phishing & ClickFix resurgence
- MFA-bypass phishing kits & SaaS ransomware attacks
- Exploitation of known CVEs in edge systems
- APT activity featuring BlindEagle and LapDogs, and evolved malware like Raspberry Robin

Conventional detection tools aren’t cutting it. Anomaly-based detection is essential for modern SOC resilience.

💬 How are anomaly models evolving in your SOC?

#Cybersecurity #Darktrace #ThreatLandscape #AI #Infosec

Darktrace recent investigation reveals how Scattered Spider actors are evolving their ransomware operations through social engineering and RaaS platforms. From Twilio to MGM attacks, discover their latest tactics and how to defend your organization.

#SecurityLand #BreachBreakdown #Cybersecurity #RansomwareAttack #ThreatIntelligence #Darktrace #ScatteredSpider #RaaS #SocialEnginnering

Read More: https://www.security.land/how-scattered-spider-weaponizes-social-engineering-for-ransomware-attacks/

To all my good security pros across the fediverse...
What are your experiences with and qualified opinions on darktrace.com?

To me it seems like a standard silver bullet promising shit, with some other business controversies on top, and don't believe it at all. Am I all wrong?

Thank you

#darktrace #review #reviews #opinion #opinions #ai #help #security #cybersecurity