1.MoonPeak malware from North Korean actors unveils new details on attacker infrastructure by @TalosSecurity
- campaign consists of distributing a variant of the open-source XenoRAT malware we’re calling “MoonPeak,” a remote access trojan (RAT) being active
https://blog.talosintelligence.com/moonpeak-malware-infrastructure-north-korea/
2.Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials by @LabsSentinel
- Python script that sends spam via 9 SaaS providers, has been repurposed by multiple threat actors branding tool as their own, common occurrence in cloud hacktool scene
3.Technical Analysis of Copybara by @Threatlabz
- primarily spread through voice phishing (vishing) attacks, where victims receive instructions over the phone to install the Android malware
https://www.zscaler.com/blogs/security-research/technical-analysis-copybara
4.Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware by #PaloAlto‘s #Unit42
- showcased new shift to extorting victims rather than their traditional tactic of selling/publishing stolen data
https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/
5.PEAKLIGHT: Decoding the Stealthy Memory-Only Malware by @Mandiant
- new memory-only dropper using a complex, multi-stage infection process
- decrypts and executes a PowerShell-based downloader
6.”WireServing” Up Credentials: Escalating Privileges in Azure Kubernetes Services by @Mandiant
- attacker with access to vulnerable MS Azure Kubernetes Services cluster could have escalated privileges & accessed creds for services used by the cluster.
7.NGate Android malware relays NFC traffic to steal cash by @ESETresearch
- Attackers were able to clone NFC data from victims’ physical payment cards using NGate and relay this data to attacker device that was then able to emulate the original card
8.Be careful what you pwish for – Phishing in PWA applications by @ESETresearch
- standard phishing delivery combined with novel method of phishing; targeting Android and iOS users via PWAs
- installing PWA/WebAPK does not warn about installing 3rd-party app
9.A Comprehensive Analysis of Angry Stealer : Rage Stealer in a New Disguise by @CyfirmaR
- 32-bit Win32 exe written in .NET, deploys 2 payloads
- primary payload – potent data-stealing malware, targets sensitive info & exfils it via Telegram
10.CVE-2024-30078 Remote Code Execution Vulnerability Analysis and Exploitation by @CyfirmaR
- vuln in Wi-Fi drivers in multiple Win OS versions, potentially enabling attacker within the Wi-Fi range to remotely execute malicious code on susceptible systems
11.QWERTY INFORMATION STEALER by @CyfirmaR
- hosted on Linux-based VPS in Frankfurt,DE
- gathers system info & IE data
- downloads & executes additional payloads, indexes all files & uploads to C2 server
- uses ‘qwerty’ in HTTP calls during exfiltration
https://www.cyfirma.com/research/qwerty-information-stealer/
Thanks a lot for reading.