Zumindest scheint es aktuell keine Gefahren mehr durch ‚Würmer‘, ‚Viren‘ oder ‚Trojaner‘ zu geben?! 🤓

#virus #worm #wurmer #trojan #security #itsecurity #windows #zeroday #ai #anthropicclaude #anthropicmythos

March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day

In March 2026, 31 high-impact vulnerabilities were identified requiring prioritization for remediation, with 29 receiving Very Critical Risk Scores. Affected vendors included Cisco, Microsoft, Google, ConnectWise, and others, with Microsoft and Apple accounting for approximately 32% of vulnerabilities. Notably, the Interlock Ransomware Group exploited CVE-2026-20131, a zero-day deserialization vulnerability in Cisco Secure Firewall Management Center, as early as January 2026 to compromise enterprise networks. The group deployed custom remote access trojans and facilitated ransomware operations through crafted HTTP requests executing arbitrary Java code as root. Additional campaigns involved the DarkSword iOS exploit kit delivering GHOSTKNIFE, GHOSTSABER, and GHOSTBLADE payloads, and the Coruna exploit kit deploying PlasmaLoader malware. Nine vulnerabilities enabled remote code execution across multiple platforms. One vulnerability dated back nine years, emphasizing continued exploitation of legacy unpatched

Pulse ID: 69de0077cbff2dc8d99b17ff
Pulse Link: https://otx.alienvault.com/pulse/69de0077cbff2dc8d99b17ff
Pulse Author: AlienVault
Created: 2026-04-14 08:53:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cisco #ConnectWise #CyberSecurity #Google #HTTP #InfoSec #Java #Malware #Microsoft #OTX #OpenThreatExchange #RAT #RansomWare #RemoteAccessTrojan #RemoteCodeExecution #Trojan #Vulnerability #Word #ZeroDay #bot #iOS #AlienVault

REFUNDEE: Inside a Shadow Panel Phishing-as-a-Service Operation

An open directory discovery at refundonex[.]com exposed a complete Phishing-as-a-Service and RAT-as-a-Service platform targeting Spanish and Portuguese-speaking victims. The investigation uncovered 3,788 files including weaponized LNK, VBS, and AES-encrypted PowerShell payloads delivering a remote access trojan. The platform, called Shadow Panel, operates from Bulgarian infrastructure and offers capabilities including remote shell execution, screenshot capture, file management, browser credential theft, clipboard hijacking for cryptocurrency wallets, and multi-operator support. The C2 panel's frontend JavaScript was publicly accessible, revealing 29 API endpoints and the complete architecture. Infrastructure analysis linked the operation to nikola4010@proton[.]me through WHOIS data and historical malicious domain associations dating back to 2021, indicating a long-running cybercriminal operation with minimal detection coverage.

Pulse ID: 69dd066f59e22e6d1ee7315b
Pulse Link: https://otx.alienvault.com/pulse/69dd066f59e22e6d1ee7315b
Pulse Author: AlienVault
Created: 2026-04-13 15:06:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Bulgaria #Clipboard #CyberSecurity #Endpoint #InfoSec #Java #JavaScript #LNK #Nim #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #RemoteAccessTrojan #Trojan #VBS #bot #cryptocurrency #AlienVault

Fake recruiter campaign targets crypto developers with RAT

A sophisticated fake recruitment campaign named 'graphalgo' has been active since May 2025, targeting JavaScript and Python developers in the cryptocurrency sector. Attackers approach victims through LinkedIn, Facebook, and Reddit with fabricated job opportunities from fake blockchain companies like Veltrix Capital. The campaign uses malicious dependencies hidden in npm and PyPI packages, delivered through coding test repositories on GitHub. Notable is the bigmathutils package that accumulated over 10,000 downloads before its malicious version was released. The operation deploys a remote access trojan (RAT) with token-protected C2 communication, file manipulation capabilities, and functionality to detect the Metamask browser extension, indicating focus on cryptocurrency theft. The modular campaign design allows threat actors to maintain backend infrastructure while easily replacing compromised frontend elements.

Pulse ID: 69dd073f50edefa3e44adec6
Pulse Link: https://otx.alienvault.com/pulse/69dd073f50edefa3e44adec6
Pulse Author: AlienVault
Created: 2026-04-13 15:09:51

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BlockChain #Browser #CyberSecurity #Facebook #GitHub #InfoSec #Java #JavaScript #LinkedIn #NPM #OTX #OpenThreatExchange #PyPI #Python #RAT #RemoteAccessTrojan #Trojan #bot #cryptocurrency #developers #AlienVault

ASO RAT: Arabic-Language Android Surveillance Platform Targeting Syria

ASO RAT is a custom Android Remote Access Trojan featuring comprehensive device compromise capabilities including SMS interception, camera access, GPS tracking, call logging, file exfiltration, and DDoS functionality. Operating from Frankfurt-based infrastructure with connections to Syria, the platform disguises itself as PDF readers and Syrian government applications. Investigation revealed two active C2 servers, four DDNS domains, eight malicious APK samples with the newest achieving 0/66 antivirus detections, and complete reverse-engineered panel architecture exposing 21 API endpoints. The multi-user panel with role-based access control suggests RAT-as-a-Service operations. Infrastructure includes historical VPS providers and Starlink satellite connections geolocated to Syria. The developer's Arabic-language interface and Syria-themed lures indicate targeting of opposition figures, journalists, and military personnel within the Syrian conflict theater.

Pulse ID: 69dd062fb9ecc388e52457d3
Pulse Link: https://otx.alienvault.com/pulse/69dd062fb9ecc388e52457d3
Pulse Author: AlienVault
Created: 2026-04-13 15:05:19

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APK #Android #Arabic #CyberSecurity #DDoS #DNS #DoS #ELF #Endpoint #Government #InfoSec #Military #OTX #OpenThreatExchange #PDF #RAT #RCE #RemoteAccessTrojan #SMS #Syria #Trojan #bot #AlienVault

Threat Actors Leverage Claude Code Leak as Social Engineering Lure to Distribute Malicious Payloads via GitHub

Cybercriminals are exploiting the recent Claude Code leak incident by using it as a social engineering tactic to deliver malware through GitHub repositories. The attackers have created trojanized versions of the leaked Claude source code, distributing malicious payloads including Vidar stealer version 18.7 and GhostSocks trojan. The campaign demonstrates rapid opportunistic exploitation of high-profile security incidents, with compromised repositories serving as delivery mechanisms. Organizations are advised to implement Zero Trust architecture to mitigate risks from shadow AI instances and trojanized Claude agents. Multiple GitHub repositories have been identified hosting the malicious code, with command and control infrastructure established across multiple IP addresses and domains.

Pulse ID: 69dcfb8e8ffc72d13aa8e7fe
Pulse Link: https://otx.alienvault.com/pulse/69dcfb8e8ffc72d13aa8e7fe
Pulse Author: AlienVault
Created: 2026-04-13 14:19:58

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #GitHub #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RCE #Rust #SMS #SocialEngineering #Trojan #Vidar #ZeroTrust #bot #AlienVault

A new Android RAT turning infected devices into potential residential proxy nodes

Mirax is a newly identified Android Remote Access Trojan operating as Malware-as-a-Service, actively targeting European users, particularly in Spanish-speaking regions. Distributed through Meta advertisements and GitHub-hosted droppers, the malware has reached over 200,000 accounts. It employs sophisticated techniques including dynamically fetched HTML overlays, comprehensive keylogging, and remote device control capabilities. A distinctive feature is its integration of SOCKS5-based residential proxy functionality, transforming infected devices into proxy nodes that enable attackers to route traffic through legitimate residential IP addresses. This capability allows operators to bypass geolocation restrictions and evade fraud detection systems while conducting account takeovers and transaction fraud. The malware uses commercial-grade obfuscation through Golden Encryption and establishes persistence through Accessibility Service abuse.

Pulse ID: 69dcfd5f0b3e3ab70a58831d
Pulse Link: https://otx.alienvault.com/pulse/69dcfd5f0b3e3ab70a58831d
Pulse Author: AlienVault
Created: 2026-04-13 14:27:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #CyberSecurity #Encryption #Europe #GitHub #HTML #InfoSec #Malware #MalwareAsAService #OTX #OpenThreatExchange #Proxy #RAT #RemoteAccessTrojan #Trojan #bot #AlienVault

La catena di fornitura software colpita: come CPUID è stata compromessa per distribuire il RAT stealer STX

https://insicurezzadigitale.com/la-catena-di-fornitura-software-colpita-come-cpuid-e-stata-compromessa-per-distribuire-il-rat-stealer-stx/