ANY.RUNDec 8

Top 10 last week's threats by uploads 🌐
⬆️ #Xworm 870 (854)
⬆️ #Asyncrat 415 (398)
⬆️ #Quasar 395 (329)
⬇️ #Vidar 318 (327)
⬇️ #Lumma 286 (322)
⬆️ #Remcos 273 (212)
⬇️ #Stealc 266 (296)
⬇️ #Gravityrat 241 (302)
⬆️ #Guloader 179 (172)
⬆️ #Smokeloader 155 (144)

Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=081225&utm_content=linktoregister#register

#cybersecurity #Infosec

ANY.RUNOct 27

Top 10 last week's threats by uploads 🌐
⬆️ #Xworm 955 (927)
⬆️ #Lumma 448 (429)
⬆️ #Quasar 389 (353)
⬇️ #Remcos 309 (360)
⬆️ #Rhadamanthys 268 (248)
⬇️ #Vidar 249 (293)
⬆️ #Asyncrat 232 (141)
⬇️ #Dcrat 228 (248)
⬆️ #Guloader 185 (169)
⬆️ #Smokeloader 167 (145)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=271025&utm_content=linktoregister#register

#Cybersecurity #infosec

The Threat CodexSep 15
SmokeLoader Rises From the Ashes
#SmokeLoader
https://www.zscaler.com/blogs/security-research/smokeloader-rises-ashes
Technical Analysis of SmokeLoader Version 2025 | ThreatLabz

Two new SmokeLoader versions have been identified that fix significant bugs as well as introduce additional measures to evade static and behavior based detections.

ANY.RUNJul 14, 2025
Top 10 last week's threats by uploads 🌐
⬆️ #Lumma 657 (513)
⬆️ #Berbew 451 (78)
⬆️ #Xworm 377 (209)
⬆️ #Remcos 341 (153)
⬆️ #Snake 320 (230)
⬆️ #Asyncrat 242 (171)
⬆️ #Dcrat 189 (92)
⬆️ #Agenttesla 182 (173)
⬆️ #Zombie 182 (153)
⬆️ #Smokeloader 138 (35)
Track them all: https://any.run/malware-trends/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_content=tracker&utm_term=140725
Andreas KlopschJun 7, 2025

🧬 SmokeLoader evades detection by manually loading a clean copy of ntdll.dll, completely bypassing user-mode hooks placed by EDRs and debuggers.

This article breaks down how the malware sidesteps common monitoring techniques — a must-read for analysts tracking stealthy loader behavior.

🔗 https://malwareandstuff.com/examining-smokeloaders-anti-hooking-technique/

#MalwareAnalysis #ReverseEngineering #Infosec #SmokeLoader #CyberSecurity

Examining Smokeloader’s Anti Hooking technique

Hooking is a technique to intercept function calls/messages or events passed between software, or in this case malware. The technique can be used for malicious, as well as defensive cases. Rootkits…

Malware and Stuff
Hackread.comApr 10, 2025

🚨 #OperationEndgame - With the operators out of the picture, law enforcement is closing in on Smokeloader botnet’s paying customers across Europe and North America.

Read: https://hackread.com/smokeloader-users-identified-arrested-operation-endgame/

#CyberSecurity #CyberCrime #Smokeloader #Botnet

Smokeloader Users Identified and Arrested in Operation Endgame

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
The Threat CodexApr 10, 2025
Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns
#SmokeLoader
https://www.europol.europa.eu/media-press/newsroom/news/operation-endgame-follow-leads-to-five-detentions-and-interrogations-well-server-takedowns
Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns – Database seized in May 2024 helps authorities link online personas and their usernames to real-life individuals | Europol

Europol and the Joint Cybercrime Action Taskforce (J-CAT), hosted by Europol, continue to support the investigation of Operation Endgame following the massive botnet takedown in May 2024. The operation shut down major malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee. In early 2025, law enforcement agencies across North America and Europe delivered another significant blow to the malware ecosystem.

Europol
The DefendOps DiariesApr 9, 2025

Smokeloader isn’t your everyday malware—it morphs into new threats and slips past defenses with ease. How long before cybercrime’s most elusive tool gets permanently shut down?

https://thedefendopsdiaries.com/understanding-the-smokeloader-botnet-a-persistent-cyber-threat/

#smokeloader
#cybersecurity
#botnet
#malware
#cybercrime

Understanding the Smokeloader Botnet: A Persistent Cyber Threat

Explore the Smokeloader botnet's impact, adaptability, and law enforcement's efforts to dismantle this persistent cyber threat.

The DefendOps Diaries
GOMOOT Mar 28, 2025

💡 CoffeeLoader il malware che evade le difese sfruttando la GPU

https://gomoot.com/coffeeloader-il-malware-che-evade-le-difese-sfruttando-la-gpu/

#blog #coffeeloader #cybersecurity #gpu #malware #news #picks #ransomware #smokeloader #spuware #stack #tech #tecnologia #zscaler

CoffeeLoader: malware che evade le difese sfruttando le GPU

CoffeeLoader: il malware che sfrutta le GPU per bypassare soluzioni antivirus avanzate rappresentando una minaccia significativa per la sicurezza informatica.

Gomoot : tecnologia e lifestyle Scopri le ultime novità in fatto di hardware,tecnologia e altro
SOC PrimeFeb 5, 2025
CVE-2025-0411, a zero-day #vulnerability in 7-Zip is actively exploited by russian adversaries to target Ukraine in a #SmokeLoader campaign involving homoglyph attacks. Detect exploitation attempts using a set of #Sigma rules from SOC Prime Platform.
https://socprime.com/blog/cve-2025-0411-exploitation-to-target-Ukraine/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post
CVE-2025-0411 Detection: russian Cybercrime Groups Rely on Zero-Day Vulnerability in 7-Zip to Target Ukrainian Organizations - SOC Prime

Detect CVE-2025-0411 exploitation attempts, 7-Zip zero-day vulnerability used in a SmokeLoader campaign against Ukraine, with Sigma rules from SOC Prime.

SOC Prime