𝗠𝗮𝗮𝘀: '𝗻𝗶𝗲𝘁 𝗵𝗲𝗹𝗱𝗲𝗿' 𝗱𝗮𝘁 𝗡𝗣𝗢 𝘁𝗼𝗰𝗵 𝗴𝗿𝗼𝗼𝘁 𝗺𝗲𝘁 𝘀𝗼𝗻𝗴𝗳𝗲𝘀𝘁𝗶𝘃𝗮𝗹 𝘂𝗶𝘁𝗽𝗮𝗸𝘁

Cornald Maas zet vraagtekens bij het feit dat de NPO en de NOS dit jaar groot uitpakken met het Eurovisie Songfestival, ondanks het feit dat AVROTROS besloten heeft dat Nederland dit jaar niet meedoet. Dat zegt Cornald Maas, jarenlang werkzaam als commentator en lid van de selectiecommissie,...

https://www.rtl.nl/boulevard/artikel/5592334/maas-niet-helder-dat-npo-toch-groot-met-songfestival-uitpakt

#NPO #Songfestival #Maas

Mirax RAT Targeting Android via Meta Platforms

Mirax is an Android RAT and banking malware sold via a restricted MaaS model.

Pulse ID: 69e14ecdb23562115a20a74f
Pulse Link: https://otx.alienvault.com/pulse/69e14ecdb23562115a20a74f
Pulse Author: cryptocti
Created: 2026-04-16 21:04:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #InfoSec #MaaS #Malware #OTX #OpenThreatExchange #RAT #bot #cryptocti

Mirax Trojan Hijacks Android Devices for Proxy Network

Meet Mirax, a sneaky new Android banking trojan that's not only stealing credentials, but also hijacking devices to create a powerful proxy network - putting European users at risk. This emerging malware is a triple threat, combining a malware-as-a-service model, remote access capabilities, and residential proxies to wreak havoc…

https://osintsights.com/mirax-trojan-hijacks-android-devices-for-proxy-network?utm_source=mastodon&utm_medium=social

#AndroidBankingTrojan #EmergingThreats #Malwareasaservice #ResidentialProxies #Maas

💬 Telegram plays an important role in many underground businesses. Threat actors commonly stand up channels to market and support malicious activities such as malware-as-a-service (MaaS) subscriptions. While investigating ScreenConnect servers, a remote access support tool commonly abused by threat actors, we found an interesting business that we had never seen before. This actor used telegram as a storefront and support channel for an underground Remote Access Toolkit Online (RATO) platform. Technically RATO is a service that bundles cPanel and ScreenConnect technology to help its cyber criminal customers remotely access victim machines and manage scams, phishing, and malware (e.g. Latrodectus).

🐀 🔴 We discovered several servers that matched a ScreenConnect signature but these instances did not serve the typical ScreenConnect web content. Instead, their service is called "RATO PLATFORM" and the portal page shows the slogan "Can't catch the RAT__". We've found several telegram channels that promote services named "RATO", use the rat head logo (see attached image), or the domain rato[.]to. Based on their telegram chat content, it's clear their business model is focused on enabling cybercrime.

@rato_support
@ratofaqs
@rato_backup
@rato_hosting
@Rato2_bot

Consistent with RATO’s “BulletProof & Anti-Red Hosting” feature, we saw many RATO instances on ASNs with a high concentration of malicious activity (e.g., AS202412). Additionally, RATO infrastructure shows strong ties to Indonesia including Indonesian IP addresses in passive DNS and domains within the same cloudflare account used for serving online gambling to Indonesian-speaking users. Collectively, RATO and its customers operate a large number of domains. Here are some examples:

asakusubinitohas[.]com
bmw320ikaka[.]co
cpusx[.]com
newoneazu[.]com
ratmail[.]pro
rato[.]page
rato[.]to
ratodemo[.]pro
sesrecipt[.]com
silk-gen[.]com
sunostart[.]com
viewyourstatementonline[.]com

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #phishing #malware #maas #telegram #indonesia #screenconnect #latrodectus #rat #rmm #remotemonitoringmanagement #downloader #spam #rato

Stealer Campaign Impacting SLTT macOS Users

MacSync Stealer is a macOS infostealer operating as Malware-as-a-Service (MaaS), distributed through SEO poisoning and fake ClickFix CAPTCHAs. The campaign has evolved through three iterations since November 2025, shifting from fake download sites to malicious ChatGPT conversations and finally to sophisticated shell-based loaders with dynamic AppleScript payloads. Threat actors use Google-sponsored search results to redirect victims to fake CAPTCHA pages that trick users into executing malicious terminal commands. The stealer targets browser credentials, cryptocurrency wallets, SSH keys, cloud provider credentials, and Keychain data. A critical capability includes trojanizing Ledger hardware wallet applications to capture seed phrases. The February 2026 campaign generated over 18,000 clicks in three days, with Russian-language comments suggesting operators work within a Russian-speaking ecosystem. The malware employs API key-gated C2 infrastructure and in-memory execution for evasion.

Pulse ID: 69d7ed2e323d7edb856fa161
Pulse Link: https://otx.alienvault.com/pulse/69d7ed2e323d7edb856fa161
Pulse Author: AlienVault
Created: 2026-04-09 18:17:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CAPTCHA #ChatGPT #Cloud #CyberSecurity #Edge #Google #InfoSec #InfoStealer #MaaS #Mac #MacOS #Malware #MalwareAsAService #OTX #OpenThreatExchange #RAT #Russia #SEOPoisoning #SSH #Trojan #bot #cryptocurrency #AlienVault

Kaspersky Uncovers CrystalX RAT with Extensive Spyware and Stealer Capabilities

Meet CrystalX, a sinister new remote-access tool that's being sold as a ready-made menace, packing an alarming combination of spyware, stealer, and prankware capabilities that put your digital security at risk. This malicious toolkit is the latest threat to watch out for, and Kaspersky researchers are sounding the alarm.

https://osintsights.com/kaspersky-uncovers-crystalx-rat-with-extensive-spyware-and-stealer-capabilities

#Crystalx #RemoteAccessTool #Rat #Maas #Spyware

🚨 #Miolab Stealer is an advanced #MaaS threat targeting Apple devices.

🔐 It uses fake system prompts and native macOS tools to steal credentials and business-sensitive files quietly.

Get actionable insights and speed up triage: https://any.run/malware-trends/miolab/?utm_source=mastodon&utm_medium=post&utm_campaign=miolab&utm_term=060426&utm_content=linktomtt

#cybersecurity #infosec

A laughing RAT: CrystalX combines spyware; stealer; and prankware features

In March 2026, a new MaaS active campaign was discovered promoting previously unknown malware in private Telegram chats. The Trojan features an extensive arsenal of capabilities. On the panel provided to third‑party actors, in addition to the standard features of RAT‑like malware, a stealer, keylogger, clipper, and spyware are also available.

Pulse ID: 69ccba2f8538ade72d6e71e6
Pulse Link: https://otx.alienvault.com/pulse/69ccba2f8538ade72d6e71e6
Pulse Author: AlienVault
Created: 2026-04-01 06:24:47

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #KeyLogger #MaaS #Malware #OTX #OpenThreatExchange #RAT #SpyWare #Telegram #Trojan #bot #AlienVault