Diori Hamani International Airport - Niamey, Niger
https://en.wikipedia.org/wiki/Diori_Hamani_International_Airport
https://www.openstreetmap.org/#map=13/13.481500/2.183610
Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem
A large-scale operation impersonates open-source and freeware projects to capture search traffic, targeting tools such as Ghidra, dnSpy, and SpiderFoot. The professionally designed sites load CloudFront-hosted JavaScript that converts download button clicks into handoffs to a Traffic Distribution System (TDS), which enforces strict gating including first-visit state, click confirmation, anti-bot logic, VPN filtering, and frequency capping. The ecosystem appears primarily built for traffic acquisition and monetization using legitimate ad-tech, but downstream redirect chains repeatedly led selected users to malware delivery infrastructure. The observed payloads include SessionGate (a multi-stage loader with heavy obfuscation delivering potentially unwanted applications), RemusStealer (an infostealer targeting over 20 browsers and hundreds of extensions), and AnimateClipper (a cryptocurrency clipper supporting 20+ blockchain ecosystems). Over 5,000 VirusTotal submissions indicate substantial reach across the ...
Pulse ID: 6a20679f5ade869dcb4bf6b5
Pulse Link: https://otx.alienvault.com/pulse/6a20679f5ade869dcb4bf6b5
Pulse Author: AlienVault
Created: 2026-06-03 17:42:55
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #Cloud #CyberSecurity #DNS #InfoSec #InfoStealer #Java #JavaScript #Malware #Nim #OTX #OpenThreatExchange #RAT #RCE #Rust #VPN #VirusTotal #bot #cryptocurrency #AlienVault
Nimbus RAT: How Threat Actors Are Abusing Microsoft Teams and Google Drive to Deploy a Java RAT
Pulse ID: 6a1ff4cacc5be018f2078d49
Pulse Link: https://otx.alienvault.com/pulse/6a1ff4cacc5be018f2078d49
Pulse Author: Tr1sa111
Created: 2026-06-03 09:32:58
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Google #InfoSec #Java #Microsoft #MicrosoftTeams #Nim #OTX #OpenThreatExchange #RAT #bot #Tr1sa111
Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict
Pulse ID: 6a1fdbc5c73c24d961388407
Pulse Link: https://otx.alienvault.com/pulse/6a1fdbc5c73c24d961388407
Pulse Author: Tr1sa111
Created: 2026-06-03 07:46:13
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Iran #Nim #OTX #OpenThreatExchange #RAT #bot #Tr1sa111
Nimbus RAT: How Threat Actors Are Abusing Microsoft Teams and Google Drive to Deploy a Java RAT
In April 2026, threat actors deployed Nimbus RAT against a legal industry target using Microsoft Teams voice phishing. The attack began with email bombing (282 emails in 90 minutes), followed by a fake IT helpdesk contact via Teams who convinced the victim to grant Quick Assist remote access. Within 20 minutes, a Java-based RAT was deployed that uses Google Drive and Google Sheets for command-and-control, making network traffic appear benign. Analysis of 1,540 suspicious Teams messages across 172 customer environments over 12 months revealed 65% originated from throwaway onmicrosoft.com tenants with IT-themed names. The malware bundles its own Java runtime, implements two credential theft mechanisms, and allows in-memory second-stage code execution. Post-compromise targeting included Signal Desktop attachments and Outlook mailboxes.
Pulse ID: 6a1ac91f182b86c3c2bcfc15
Pulse Link: https://otx.alienvault.com/pulse/6a1ac91f182b86c3c2bcfc15
Pulse Author: AlienVault
Created: 2026-05-30 11:25:19
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Email #Google #InfoSec #Java #Malware #Microsoft #MicrosoftTeams #Nim #OTX #OpenThreatExchange #Outlook #Phishing #RAT #SMS #bot #AlienVault
Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict test
Pulse ID: 6a1e4f5209276b0fa09ef4dd
Pulse Link: https://otx.alienvault.com/pulse/6a1e4f5209276b0fa09ef4dd
Pulse Author: Tr1sa111
Created: 2026-06-02 03:34:42
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Iran #Nim #OTX #OpenThreatExchange #RAT #bot #Tr1sa111
Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict
Pulse ID: 6a1d3cda8201b7cea49b2fcf
Pulse Link: https://otx.alienvault.com/pulse/6a1d3cda8201b7cea49b2fcf
Pulse Author: Tr1sa111
Created: 2026-06-01 08:03:38
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Iran #Nim #OTX #OpenThreatExchange #RAT #bot #Tr1sa111
Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict
Pulse ID: 6a1d08cea58851b6c2bf3a15
Pulse Link: https://otx.alienvault.com/pulse/6a1d08cea58851b6c2bf3a15
Pulse Author: Tr1sa111
Created: 2026-06-01 04:21:34
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Iran #Nim #OTX #OpenThreatExchange #RAT #bot #Tr1sa111
Bartek Jasicki
Airports Bot
OTX Bot
