Cybersecurity Wiretap #1: From Frozen#Shadow to CoralRaider with focus on REMCOS (week of 4/22/2024)

AndySvints · April 29, 2024April 28, 2024

Welcome to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week.

Analysis of Ongoing FROZEN#SHADOW Attack Campaign by @Securonix Threat #Research

introduced via phishing emails & redirects to JavaScript that kicks off code exec chain downloading & executing further
https://buff.ly/49Sx4Rr

Analysis of DEV#POPPER by @Securonix Threat Research

attackers set up fake job interviews for devs & asked to download and run soft from GitHub which contained malicious Node JS payload
https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Fletchen Stealer: An Info Stealer with Sophisticated Anti-Analysis Measures by @CyfirmaR

sophisticated info-stealing malware offered as stealer-as-a-service for free
gains persistence using scheduled task and auto-run registry
https://www.cyfirma.com/research/fletchen-stealer-an-information-stealer-with-sophisticated-anti-analysis-measures/

Black Hat SEO Leveraged to Distribute Malware by @Threatlabz

payloads delivered via multi-level zipped files hidden within innocuous content
once executed perform the activities & initiating comm with C2
https://buff.ly/44ihHAx

Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware P1 by @elasticseclabs

wide range of functionality including evasion techniques, privilege escalation, process injection & recording
https://buff.ly/44jiCRm

#FakeBat Malware Distributing via Fake Browser Updates by @esthreat

loader being distributed via compromised websites that contain injected malicious JavaScript that triggers fake browser update notifications
https://buff.ly/3UAA68z

Suspected #CoralRaider continues to expand victimology using three information stealers by @TalosSecurity

new PowerShell command-line arg embedded in LNK file to bypass anti-virus & download final payload
https://blog.talosintelligence.com/suspected-coralraider-continues-to-expand-victimology-using-three-information-stealers/

Thanks a lot for reading.

CoralRaider, Cybersecurity, malware, threats, Wiretap

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Cybersecurity Wiretap #73: From Petya Copycats to Rust Backdoors with a Focus on Open-Source AdaptixC2 (week of 09/08/2025)

AndySvints · September 15, 2025September 14, 2025

Cybersecurity Wiretap #72: From AI Namespace Exploits to Ethereum Powered Malware with a Focus on Sitecore Zero-Days (week of 09/01/2025)

AndySvints · September 8, 2025September 12, 2025

Cybersecurity Wiretap #71: From HTTP/2 DDoS to AI-Powered Ransomware with a Focus on Prompt Injection and Credential Abuse (week of 08/25/2025)

AndySvints · September 1, 2025August 31, 2025

Cybersecurity Wiretap #70: From APT36 Linux Campaigns to Static Tundra Espionage with a Focus on AI-Powered Attack Surfaces (week of 08/18/2025)

AndySvints · August 25, 2025August 24, 2025

Cybersecurity Wiretap #69: From WinRAR Zero-Day to Erlang SSH Flaws with Focus on Remote AI Takeovers (week of 08/11/2025)

AndySvints · August 18, 2025August 17, 2025

Cybersecurity Wiretap #68: From Project AK47 to Prompt Injection Chains with a Focus on Open-Source Registry Threats (week of 08/04/2025)

AndySvints · August 11, 2025August 10, 2025

Cybersecurity Wiretap #67: From Cursor RCE to Fake Telegram Siteswith a Focus on Stealthy InfoStealer Campaigns (week of 07/28/2025)

AndySvints · August 4, 2025August 4, 2025

Cybersecurity Wiretap #66: From Telegram-Based Stealers to ToolShell Campaigns with a Focus on Hypervisor Defense (week of 07/21/2025)

AndySvints · July 28, 2025July 28, 2025