More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on payloads. "RevC2 uses WebSockets to communicate with its command-and-control (C2) server. The malware is capable of stealing cookies and passwords, proxies network traffic, and enables remote code execution (RCE)," Zscaler ThreatLabz researcher Muhammed Irfan V A said. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations
Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE’s Post
More Relevant Posts
-
More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2, and a loader codenamed Venom Loader, both of which are deployed using VenomLNK. This staple tool serves as an initial access vector for the deployment of follow-on payloads. "RevC2 uses WebSockets to communicate with its command-and-control (C2) server. The malware is capable of stealing cookies and passwords, proxies network traffic, and enables remote code execution (RCE)," Zscaler ThreatLabz researcher Muhammed Irfan V A said. For more details, see the full article below ⬇ #Malware #Cybercrime #threatactors #malicious #crime #cybersecurity #cyberthreat https://lnkd.in/gmiRxH-b
More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader
thehackernews.com
To view or add a comment, sign in
-
📣 IcedID replaced by new Latrodectus malware in network breaches 📣 A new malware is being seen as a criminal goto in network breaches. An evolution of the IcedID loader, Latrodectus, has been involved in malicious email campaigns since November 2023. ℹ️ Proofpoint and Team Cymru researchers have documented its capabilities, noting that it is still unstable and experimental. Unlike IcedID, Latrodectus performs sandbox evasion checks to avoid detection and analysis by security researchers. 👉 There is a high probability that Latrodectus will be used by multiple threat actors who previously distributed IcedID4 in the future. #cybersecurity #news #malware #icedid #lactrodectus
Latrodectus: This Spider Bytes Like Ice | Proofpoint US
proofpoint.com
To view or add a comment, sign in
-
"Latrodectus is a downloader with the objective of downloading payloads and executing arbitrary commands. While initial analysis suggested Latrodectus was a new variant of IcedID, subsequent analysis confirmed it was a new malware most likely named Latrodectus, based on a string identified in the code." #Latrodecturs #downloader #IcedID #ThreatIntelligence #CyberSecurity
Latrodectus: This Spider Bytes Like Ice | Proofpoint US
proofpoint.com
To view or add a comment, sign in
-
Sophisticated Latrodectus Malware Linked to 2017 Strain - BankInfoSecurity.com: Sophisticated Latrodectus Malware Linked to 2017 Strain BankInfoSecurity.com #CyberSecurity #InfoSec #SecurityInsights
Google News
bankinfosecurity.com
To view or add a comment, sign in
-
🚨 More_Eggs Malware-as-a-Service Expands Its Reach "More_Eggs" Malware-as-a-Service (MaaS) platform is scaling its operations, enhancing its phishing lures and evasion tactics. The malware is capable of stealing cookies and passwords, proxies network traffic, and enables remote code execution (RCE). #CyberSecurity #ThreatIntelligence #Malware
More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader
thehackernews.com
To view or add a comment, sign in
-
A recent trend observed by cybersecurity firm Proofpoint highlights the increasing exploitation of Cloudflare Tunnels, specifically the “TryCloudflare” feature, for malware distribution. The exploitation of Cloudflare Tunnels emerged in February 2024, with a marked surge in activity between May and July. The trend is particularly alarming due to the use of TryCloudflare, which enables attackers to establish temporary, one-time tunnels without needing to create an account. This allows them to leverage the platform’s global network infrastructure for malicious purposes, effectively concealing their activities and establishing ephemeral command and control (C&C) channels. https://lnkd.in/gKDXMfft CloudFare Proofpoint #hackers #malware #trojan #RATs #Python #cybersecurity #hackers #CFOs #CEOs #CIos #CISOs
Hackers abuse Cloudfare Tunnels to deliver malware
https://techchannel.news
To view or add a comment, sign in
-
Mustang Panda, also known as Earth Preta, refines its malware arsenal with new tools like PUBLOAD and DOWNBAIT to target government entities in the APAC region. Learn more about their advanced tactics and evolving strategies. #CyberSecurity #Malware #DataExfiltration #APAC #ThreatIntelligence #MustangPanda #CyberEspionage
Mustang Panda Upgrades Malware Tools for Advanced Data Exfiltration Campaign
redsecuretech.co.uk
To view or add a comment, sign in
-
𝐂𝐫𝐚𝐟𝐭𝐢𝐧𝐠 𝐍𝐞𝐭𝐰𝐨𝐫𝐤 𝐒𝐢𝐠𝐧𝐚𝐭𝐮𝐫𝐞𝐬: 𝐋𝐞𝐬𝐬𝐨𝐧𝐬 𝐟𝐫𝐨𝐦 𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐋𝐚𝐛 14 In my latest Medium post, I delve into the art and science of crafting network detection signatures, drawing insights from Lab 14 of Practical Malware Analysis. This piece highlights key takeaways for identifying malicious network behaviors, such as understanding malware communication patterns, decoding command-and-control (C2) traffic, and leveraging indicators of compromise (IoCs) effectively. https://lnkd.in/eNsYWayJ #MalwareAnalysis #Cybersecurity #ReverseEngineering #Infosec #SOC #ThreatDetection #CyberAware #CyberThreats #CyberDefense #DataProtection #CyberResilience #ThreatDetection #SecurityAwareness #SecurityOperations #ThreatHunting #NetworkSecurity #PracticalMalwareAnalysis
Crafting Network Signatures: Lessons from Practical Malware Analysis Lab 14
medium.com
To view or add a comment, sign in
-
New PhantomLoader Malware Distributes SSLoad: Technical Analysis https://lnkd.in/eSSrD8Gg #Infosec #Security #Cybersecurity #CeptBiro #PhantomLoader #Malware #SSLoad #TechnicalAnalysis
How to Intercept Data Stolen by Malware via Telegram and Discord
https://any.run/cybersecurity-blog
To view or add a comment, sign in
-
A new sophisticated malware campaign leveraging DLL side-loading has been detected by eSentire’s Threat Response Unit (TRU). This campaign aims to distribute the LummaC2 stealer and a malicious Chrome extension, posing a significant threat to cybersecurity. The attack, initiated through a deceptive drive-by download, targets sensitive financial information and manipulates browser behavior. Victims unknowingly download a malicious ZIP archive, often through deceptive emails or compromised websites, containing an MSI installer file. This file then sideloads a malicious DLL using a legitimate executable. Once loaded, the DLL fetches and decrypts the LummaC2 stealer and a PowerShell script from a command-and-control (C2) server. The deployment of the LummaC2 stealer is triggered, retrieving a base64-encoded PowerShell script that downloads a payload from two-root[.]com. After decryption, this payload installs a malicious Chrome extension named “Save to Google Drive.” #Cybersecurity #ThreatDetection #MalwareCampaign #eSentire #TRU https://lnkd.in/ejQCGmqM
LummaC2 Malware and Malicious Chrome Extension Delivered via DLL…
esentire.com
To view or add a comment, sign in