Mastodawn

AhnLab researchers present statistics, trends, and case information on infostealer malware - including distribution volume, distribution methods and disguises - based on data collected and analysed in June 2025. https://asec.ahnlab.com/en/89033/

Virus Bulletin 16h ago

Trelix's Charles Crofford provides a detailed technical analysis of a SquidLoader sample targeting financial services institutions in Hong Kong, highlighting its key features and indicators of compromise, including advanced anti-debugging tricks. https://www.trellix.com/blogs/research/threat-analysis-squidLoader-still-swimming-under-the-radar/

Virus Bulletin 16h ago

ESET researchers provide an overview and analysis of the most relevant forks of AsyncRAT, drawing connections between them & showing how they have evolved. The simplicity and open-source nature of AsyncRAT has made it a popular choice among cybercriminals. https://www.welivesecurity.com/en/eset-research/unmasking-asyncrat-navigating-labyrinth-forks/

Virus Bulletin 17h ago

Brad 1d ago

2025-07-15 (Tuesday): Tracking #SmartApeSG

The SmartApeSG script injected into page from compromised website leads to #ClickFix style fake verification page. ClickFix-ing you way through this leads to a #NetSupportRAT infection.

Compromised site (same as yesterday):

- medthermography[.]com

URLs for ClickFix style fake verification page:

- warpdrive[.]top/jjj/include.js
- warpdrive[.]top/jjj/index.php?W11WzmLj
- warpdrive[.]top/jjj/buffer.js?409a8bdbd9

Running the script for NetSupport RAT:

- sos-atlanta[.]com/lal.ps1
- sos-atlanta[.]com/lotu.zip?l=4773

#NetSupport RAT server (same as yesterday):

- 185.163.45[.]87:443

Virus Bulletin 1d ago

Your research deserves a global stage. The Last-Minute CFP is now open!

We’re excited to open our Call for Last-Minute Papers for hot and emerging topics! Now’s your chance to share new insights, research, or case studies with the global security community.

📅 Don’t wait, submit before 24 August

👉 https://tinyurl.com/2ny4jph8

Virus Bulletin 1d ago

Palo Alto Networks' Rem Dudas & Noa Dekel share hunting tips & mitigation strategies for ClickFix campaigns and provide an inside view of some of the most prominent ClickFix campaigns they've seen so far in 2025. https://unit42.paloaltonetworks.com/preventing-clickfix-attack-vector/

Virus Bulletin 1d ago

EclecticIQ's Arda Büyükkaya describes the emergence of GLOBAL GROUP, a new ransomware-as-a-service (RaaS) brand promoted on the Ramp4u forum, & assesses with medium confidence that GLOBAL GROUP was likely established as a rebranding of the BlackLock RaaS operation. https://blog.eclecticiq.com/global-group-emerging-ransomware-as-a-service

Virus Bulletin 1d ago

Palo Alto Networks' Lior Rochberger looks into a cluster of suspicious activity targeting governmental entities in Southeast Asia. The threat actors behind this campaign use the HazyBeacon Windows backdoor, which leverages AWS Lambda URLs as C2 infrastructure. https://unit42.paloaltonetworks.com/windows-backdoor-for-novel-c2-communication/

Virus Bulletin 1d ago

ANY.RUN 1d ago

👾 #Mamba2FA #phishing kit lets attackers bypass MFA and access victims’ Microsoft 365 accounts.

Used against individuals and businesses, it is gaining popularity, with campaigns seen in Europe, North America, and parts of Asia.

🎯 See analysis: https://any.run/malware-trends/mamba/?utm_source=mastodon&utm_medium=post&utm_campaign=mamba&utm_content=tracker&utm_term=140725

#infosec #cybersecurity

Virus Bulletin 1d ago

The Spamhaus Project 2d ago

🤖 Jan-Jun 2025 Botnet Threat Update out now!

⬆️ Total of 17,258 botnet C&Cs observed, up by +26%.
⬇️ Botnet C&Cs continue to drop for 🇧🇬 Bulgaria (-40%) and 🇲🇽 Mexico (-25%)
➡️ Pentest frameworks represent 43% of Top 20 malware associated with Botnet C&Cs.

🇺🇲 Meanwhile, three US-based networks suffered significant increases for hosting the most active botnet C&Cs….

Find out which ones in the latest FREE report here👇
https://www.spamhaus.org/resource-hub/botnet-c-c/botnet-threat-update-january-to-june-2025

#Botnet #Malware #ThreatIntel