From Inbox to Intrusion: Multi‑Stage Remcos RAT and C2‑Delivered Payloads in Network

This multi-stage fileless Remcos RAT attack leverages a phishing-delivered JavaScript dropper to trigger a reflective PowerShell loader that executes payloads entirely in memory. The infection chain utilizes obfuscation techniques like rotational XOR and Base64 encoding to reconstruct .NET payloads, significantly reducing the disk-based detection footprint. Stealth is maintained by using aspnet_compiler.exe as a LOLBin to proxy malicious execution and dynamically retrieving the final payload from a remote C2 server.

Pulse ID: 69cd1ac8518646002a1a0fbc
Pulse Link: https://otx.alienvault.com/pulse/69cd1ac8518646002a1a0fbc
Pulse Author: AlienVault
Created: 2026-04-01 13:16:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#ASPNet #ASPNet_Compiler #CyberSecurity #InfoSec #Java #JavaScript #NET #OTX #OpenThreatExchange #Phishing #PowerShell #Proxy #RAT #Remcos #RemcosRAT #bot #AlienVault

How to Use Proxy to Trap Property Access

Proxy intercepts get/set. Validation. Logging. Magic.

#javascript #proxy #trap #howto

https://www.youtube.com/watch?v=Ih7sfWhFl3w

Phantom Footprints: Tracking GhostSocks Malware

GhostSocks is an emerging threat that turns compromised devices into residential proxy nodes, enabling attackers to evade detection. Originally marketed on Russian underground forums as Malware-as-a-Service, it has gained popularity due to its partnership with Lumma Stealer. Written in GoLang, GhostSocks uses SOCKS5 proxy protocol and TLS encryption to blend malicious traffic into normal network activity. It also incorporates backdoor functionality for running arbitrary commands and deploying additional payloads. Darktrace observed an increase in GhostSocks activity, detecting it alongside Lumma Stealer in customer networks. The malware's versatility in converting devices into proxy nodes while enabling covert network access illustrates how threat actors maximize the value of compromised infrastructure.

Pulse ID: 69cbf2e5f01a923f01d49ea8
Pulse Link: https://otx.alienvault.com/pulse/69cbf2e5f01a923f01d49ea8
Pulse Author: AlienVault
Created: 2026-03-31 16:14:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Darktrace #Encryption #Golang #InfoSec #LummaStealer #Malware #MalwareAsAService #OTX #OpenThreatExchange #Proxy #RAT #Russia #TLS #bot #socks5 #AlienVault

New Infographic Alert!

I’ve summarized the key takeaways from our latest article into this visual guide. If you want to dive deeper into the details and explore the full analysis, check out the link below!

🔗 https://app.cyberyozh.com/blog/best-ip-rotation-services/

#2026 #DataViz #ip-rotation #proxy

No, Mozilla is not rolling out a "free #VPN" with #Firefox.

It's merely a #proxy, traffic is encrypted via TLS only, and you need a user account.

Since there is a 50GB per-month limit, it follows some amount of traffic logging and accounting must take place on Mozillas servers, as well.

Which begs the question: What data exactly is collected, and may fall under US jurisdiction, potentially to be handed over to US law enforcement, without you even being notified, due to gag orders?

This may still be better than nothing, but it's no alternative to a real VPN, and also deliberately misleading marketing.

#Media and #journalists should not simply adopt such wording without question.

https://blog.mozilla.org/en/firefox/built-in-vpn/

7 Steps to Easily Configure #OpenLiteSpeed as a Reverse #Proxy for #Metabase

This article provides a guide to configure OpenLiteSpeed as a reverse proxy for Metabase.
What is OpenLiteSpeed?
OpenLiteSpeed Web Server is great for building and deploying web applications. The WebAdmin Console enables you to quickly configure features that allow you to deliver a fast web ...
Continued 👉 https://blog.radwebhosting.com/configure-openlitespeed-as-a-reverse-proxy-for-metabase/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #debian #letsencrypt #proxyserver #openjdk #installguide #jre #reverseproxy #vps

Исправление частых ошибок Squid при настройки Kerberos MS AD DC

Первая статья + некоторые мало описанные в интернете ошибки Squid с Kerberos и AD, их диагностика и решение Читать

https://habr.com/ru/articles/1016422/

#squid #proxy #linux #error

#psocks v0.5.0 release includes a refactored API that implements flexible multi-list configuration using a separate configuration file https://codeberg.org/YGGverse/psocks

#SOCKS #Rust #proxy #privacy

Install and Configure #SOCKS #Proxy Server on Rocky Linux VPS

This article provides a guide for how to install and configure SOCKS proxy server on Rocky Linux VPS.

In this tutorial, we'll go through the process of installing and configuring a SOCKS proxy server on a Rocky Linux VPS. We will also discuss enabling SSH tunnelling from a PC using the SOCKS proxy server. This will allow you to route your ...
Continued 👉 https://blog.radwebhosting.com/install-and-configure-socks-proxy-server-on-rocky-linux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #vpsguide #proxyserver #rockylinux #installguide

Install and Configure #SOCKS #Proxy Server on Rocky Linux VPS

This article provides a guide for how to install and configure SOCKS proxy server on Rocky Linux VPS.

In this tutorial, we'll go through the process of installing and configuring a SOCKS proxy server on a Rocky Linux VPS. We will also discuss enabling SSH tunnelling from a PC using the SOCKS proxy server. This will allow you to route your ...
Continued 👉 https://blog.radwebhosting.com/install-and-configure-socks-proxy-server-on-rocky-linux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #vpsguide #proxyserver #rockylinux #installguide