2026-02-03 (Tuesday): #GuLoader for #AgentTesla style malware with FTP data exfiltration.

A #pcap of the infection traffic, associated files, and a list of indicators are available at https://www.malware-traffic-analysis.net/2026/02/03/index.html

Two online sandboxes tag this sample as AgentTesla, but I'm not sure what the actual name of this malware is.

- https://tria.ge/260203-tvhlyahx7c
- https://app.any.run/tasks/0840196f-2b8f-415c-8ca7-af0c8f394b0d

Watch out as a new email attack uses fake employee reports to deliver Guloader and Remcos RAT malware, tricking users into running dangerous files disguised as performance reviews.

Read: https://hackread.com/fake-employee-reports-guloader-remcos-rat-malware/

#Malware #Guloader #RemcosRAT #Phishing #CyberSecurity

🔍 Fresh, actionable threat intelligence for security leaders.
This report covers three high-impact malware families affecting Windows and mobile environments:
🔹 #Albiriox, an Android banking trojan offered as MaaS, combining VNC-based remote control and overlays to bypass protections in 400+ financial apps.
🔹 #OctoRAT, a .NET-based Windows RAT with UAC bypass, credential theft, proxying, and full remote control for long-term access.
🔹 #GuLoader, a downloader using heavily obfuscated PowerShell, shellcode, and process injection to deliver RATs and infostealers.

👨‍💻 Explore an exclusive report with #IOCs, YARA, and detection insights in the TI Lookup Premium plan: https://intelligence.any.run/reports/69440c66df2d202c2ce203c3/?utm_source=mastodon&utm_medium=post&utm_campaign=threat_brief_jan&utm_term=060126&utm_content=linktoservice

New to TI Lookup? Start a trial to explore more in-depth analyses of active threats and APTs: https://any.run/plans-ti/?utm_source=mastodon&utm_medium=post&utm_campaign=threat_brief_jan&utm_term=060126&utm_content=linktotiplans

#cybersecurity #infosec

Top 10 last week's threats by uploads 🌐
⬇️ #Xworm 350 (988)
⬇️ #Vidar 184 (278)
⬇️ #Stealc 180 (255)
⬇️ #Asyncrat 176 (319)
⬇️ #Lumma 167 (190)
⬇️ #Quasar 159 (323)
⬇️ #Salatstealer 158 (174)
⬆️ #Mirai 104 (85)
⬇️ #Guloader 73 (153)
⬇️ #Agenttesla 65 (93)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=050126&utm_content=linktoregister#register

#infosec

Top 10 last week's threats by uploads 🌐
⬆️ #Xworm 988 (549)
⬇️ #Quasar 323 (353)
⬆️ #Asyncrat 319 (244)
⬇️ #Vidar 278 (282)
⬆️ #Stealc 255 (220)
⬇️ #Lumma 190 (221)
⬆️ #Gravityrat 188 (46)
⬆️ #Salatstealer 174 (95)
⬇️ #Guloader 153 (197)
⬇️ #Smoke 138 (148)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=291225&utm_content=linktoregister#register

#cybersecurity #infosec

Top 10 last week's threats by uploads 🌐
⬇️ #Xworm 550 (944)
⬇️ #Quasar 354 (364)
⬇️ #Vidar 282 (371)
⬇️ #Asyncrat 247 (396)
⬇️ #Lumma 222 (284)
⬇️ #Stealc 221 (354)
⬆️ #Guloader 197 (181)
⬆️ #Agenttesla 186 (172)
⬇️ #Smoke 148 (153)
⬇️ #Remcos 128 (212)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=221225&utm_content=linktoregister#register

#cybersecurity #infosec

Top 10 last week's threats by uploads 🌐
⬆️ #Xworm 944 (870)
⬇️ #Asyncrat 396 (413)
⬆️ #Vidar 371 (318)
⬇️ #Quasar 364 (395)
⬆️ #Stealc 354 (266)
⬆️ #Lumma 284 (282)
⬇️ #Remcos 213 (269)
⬆️ #Guloader 181 (179)
⬆️ #Agenttesla 173 (141)
⬇️ #Smoke 153 (158)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=151225&utm_content=linktoregister#register

#cybersecurity #infosec

Top 10 last week's threats by uploads 🌐
⬆️ #Xworm 870 (854)
⬆️ #Asyncrat 415 (398)
⬆️ #Quasar 395 (329)
⬇️ #Vidar 318 (327)
⬇️ #Lumma 286 (322)
⬆️ #Remcos 273 (212)
⬇️ #Stealc 266 (296)
⬇️ #Gravityrat 241 (302)
⬆️ #Guloader 179 (172)
⬆️ #Smokeloader 155 (144)

Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=081225&utm_content=linktoregister#register

#cybersecurity #Infosec