Fried eggs skistomid

Proton66: Compromised WordPress Pages and Malware Campaigns

This intelligence briefing focuses on malware campaigns linked to Proton66, particularly those targeting Android devices through compromised WordPress websites. It details how these sites were injected with malicious scripts to redirect Android users to fake Google Play Store pages. The report also covers the XWorm campaign targeting Korean-speaking users, the Strela Stealer targeting German-speaking countries, and the WeaXor ransomware. The analysis provides insights into the infection chains, malware configurations, and command-and-control servers used in these campaigns. Additionally, it offers recommendations for blocking associated IP ranges and lists numerous indicators of compromise (IOCs) for each campaign.

Pulse ID: 6802094e89f266c72f83bda4
Pulse Link: https://otx.alienvault.com/pulse/6802094e89f266c72f83bda4
Pulse Author: AlienVault
Created: 2025-04-18 08:11:58

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

JScript to PowerShell: Breaking Down a Loader Delivering XWorm and Rhadamanthys

This analysis examines a sophisticated malware loader that utilizes JScript to launch obfuscated PowerShell code, ultimately delivering payloads such as XWorm and Rhadamanthys. The loader employs geofencing tactics, targeting victims in the United States with XWorm RAT, while deploying Rhadamanthys stealer to users outside the U.S. The attack chain involves multiple stages of obfuscation and deobfuscation, including decimal encoding and string manipulation. The final payload is injected into RegSvcs.exe using reflective loading techniques. The loader also performs various cleanup actions to evade detection and remove traces of its activity. Both XWorm and Rhadamanthys are advanced malware variants with capabilities ranging from DDoS attacks to cryptocurrency theft.

Pulse ID: 67ff46c3697a4976dc919b5d
Pulse Link: https://otx.alienvault.com/pulse/67ff46c3697a4976dc919b5d
Pulse Author: AlienVault
Created: 2025-04-16 05:57:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Malicious JScript Loader Jailbreaked to Uncover Xworm Payload Execution Flow

A new malware campaign has been identified leveraging JScript and obfuscated
PowerShell commands to deliver highly evasive malware variants XWorm and
Rhadamanthys. These threats are distributed using fileless techniques, making
them extremely difficult to detect using traditional antivirus solutions. The
campaign primarily targets Windows environments and utilizes scheduled tasks
or deceptive ClickFix CAPTCHA screens to trick users into executing malicious
payloads. Such loaders are often seen in enterprise environments, where attackers
aim to infiltrate business systems for espionage, data theft, or financial gain.

Pulse ID: 67fef516074ec94b68f3a8e7
Pulse Link: https://otx.alienvault.com/pulse/67fef516074ec94b68f3a8e7
Pulse Author: cryptocti
Created: 2025-04-16 00:08:54

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Under The Apple Tree is a stop-motion horror-comedy. Available on
https://erikvanschaaik.com/projects/under-the-apple-tree/

Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware

A phishing campaign targeting organizations in the hospitality industry has been identified, impersonating Booking.com and using the ClickFix social engineering technique to deliver multiple credential-stealing malware. The campaign, tracked as Storm-1865, targets individuals likely to work with Booking.com in North America, Oceania, Asia, and Europe. The attack uses fake emails and webpages to trick users into executing malicious commands, leading to the download of various malware families including XWorm, Lumma stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT. The campaign aims to steal financial data and credentials for fraudulent use, showing an evolution in the threat actor's tactics to bypass conventional security measures.

Pulse ID: 67fb93e8ebc93d6ded395f39
Pulse Link: https://otx.alienvault.com/pulse/67fb93e8ebc93d6ded395f39
Pulse Author: AlienVault
Created: 2025-04-13 10:37:28

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Shuckworm Targets Foreign Military Mission Based in Ukraine

Russian-linked cyber-espionage group Shuckworm appears to be targeting a Western military mission based in Ukraine, according to research by Symantec and its partner, the UK-based security firm.

Pulse ID: 67f82020a26d2eb2bb6d4f1e
Pulse Link: https://otx.alienvault.com/pulse/67f82020a26d2eb2bb6d4f1e
Pulse Author: AlienVault
Created: 2025-04-10 19:46:39

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Blocky-for-Veeam optimiert den Backup-Ransomware-Schutz

#Backup #BlockyforVeeam #DiskProtektion @graudataspace #MultiFaktorAuthentifizierung #Ransomware #RansomwareSchutz #WORM @GrauData

https://netzpalaver.de/2025/04/08/blocky-for-veeam-optimiert-den-backup-ransomware-schutz/

Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective

OUTLAW is a persistent Linux malware that uses basic techniques like SSH brute-forcing, SSH key manipulation, and cron-based persistence to maintain a long-lasting botnet. Despite its lack of sophistication, it remains active by leveraging simple but impactful tactics. The malware deploys modified XMRig miners, uses IRC for command and control, and includes publicly available scripts for persistence and defense evasion. OUTLAW's infection chain spans nearly the entire MITRE ATT&CK framework, offering many detection opportunities. It propagates in a worm-like manner, using compromised hosts to launch further SSH brute-force attacks on local subnets, rapidly expanding the botnet.

Pulse ID: 67ef069f9224aa64d79e6a8e
Pulse Link: https://otx.alienvault.com/pulse/67ef069f9224aa64d79e6a8e
Pulse Author: AlienVault
Created: 2025-04-03 22:07:27

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Threat landscape for industrial automation systems in Q4 2024 – Source: securelist.com https://ciso2ciso.com/threat-landscape-for-industrial-automation-systems-in-q4-2024-source-securelist-com/ #industrialcontrolsystems #rssfeedpostgeneratorecho #CyberSecurityNews #Industrialthreats #securelistcom #ransomware #backdoor #Phishing #'Virus' #Spyware #Trojan #Miner #worm

Храним бэкапы правильно: основные способы оставить их «живыми»

Резервные копии (РК) долгое время считались надежной страховкой от потери данных. Однако сегодня компании всё чаще становятся жертвами вирусов-шифровальщиков или просто теряют данные. Этого можно избежать, если организовать правильное хранение бэкапов. Разбираемся на примерах реальных ситуаций, как потеря резервных копий разрушала целые бизнесы и как защитить свои данные, чтобы шифровальщики до них не добрались.

https://habr.com/ru/companies/mclouds/articles/892392/

The Intenet Slum: is abandoning the Internet the next big thing? (2004)
https://www.fourmilab.ch/documents/netslum/
#ycombinator #internet #slum #abandon #spam #worm #virus #attack

Trans Pride worms-on-a-string!

I do my best to continue to learn and support to the best of my ability.

#worm : a creeping or a crawling animal of any kind or size, as a serpent, caterpillar, snail, or the like

- German: der Wurm

- Italian: lombrico

- Portuguese: minhoca

- Spanish: gusano

------------

See previous words @ https://wordofthehour.org/r/past

They’re turning the freaking worms gay, but progress.

Now it has a big button.