Gh0st RAT Malware Attacks Chinese Users Via Fake Chrome Page

Chinese malware targets Chinese users - a rather unusual thing to see

Attackers are using a new loader, Gh0stGambit, to spread Gh0st RAT malware to Chinese users. A Google Chrome phishing download site is being used for that purpose, copying the design of the genuine page. That is, in fact, the part of the campaign that attracted the attention of cybersecurity experts. Gh0st RAT Trojan Targets Chinese… Continue reading Gh0st RAT Malware Attacks Chinese Users Via Fake Chrome Page

AsyncRAT Spreads As Fake eBook Files, Uses LNK Files

Researchers discovered a new spreading tactic of AsyncRAT malware

Recent research uncovers a new spreading campaign of AsyncRAT, that targets users who download electronic books. The reviewed campaign targets ones who seek for a specific book, originally available as a paid workbook on different platforms. Tricked into clicking on the downloaded file, people in fact trigger malware installation. AsyncRAT Spreads in Fake eBook Files… Continue reading AsyncRAT Spreads As Fake eBook Files, Uses LNK Files

Trojan:Win32/Casdet!rfn

Trojan:Win32/Casdet!rfn is a pretty nasty thing. I recommend removing it as soon as possible.

Trojan:Win32/Casdet!rfn is a detection that indicates the possible presence of malware on your system. Users may encounter this detection after using pirated software or opening suspicious email attachments. In certain cases, Casdet may be a false positive detection. Casdet is a severe threat mainly used for reconnaissance and delivering other payloads to the device. It… Continue reading Trojan:Win32/Casdet!rfn

Virus:Win32/Grenam.VA!MSR

Virus:Win32/Grenam.VA!MSR is a detection for a backdoor-like malicious program

Virus:Win32/Grenam.VA!MSR is a type of malware that can stealthily get into the system and establish remote connections. It allows attackers to access the system and remotely perform keylogging and information-gathering functions. This malware usually spreads through fake software downloads and on compromised websites. Viruses like Grenam can be disguised as legitimate software. The specific capabilities… Continue reading Virus:Win32/Grenam.VA!MSR

Remote Access Trojan (RAT)

Backdoors are a major threat to anyone. Remote access trojans are yet another tool to provide the backdoor access

Remote Access Trojan is software that allows unauthorized access to a victim’s computer or covert surveillance. Remote Access Trojan are often disguised as legitimate programs and give the attacker unhindered access. Their capabilities include tracking user behavior, copying files, and using bandwidth for criminal activity. What is a Remote Access Trojan (RAT)? A Remote Access… Continue reading Remote Access Trojan (RAT)

WingsOfGod.dll – WogRAT Malware Analysis & Removal

WogRAT is a pretty simple backdoor with mysterious spreading ways

WogRAT, also known as WingsOfGod RAT, is a novice remote access trojan that attacks users from Asian countries. Named after its own file – Wingsofgod.dll, this malware attacks people since late 2022, spreading through the online notepad service. What is WogRAT (WingsOfGod.dll)? WogRAT is a classic example of a remote access trojan, a backdoor-like malicious… Continue reading WingsOfGod.dll – WogRAT Malware Analysis & Removal

Backdoor:Win32/Bladabindi!ml Analysis & Removal Guide

Backdoor:Win32/Bladabindi!ml is a detection of njRAT - a dangerous remote access trojan

Backdoor:Win32/Bladabindi!ml is a generic detection name used by Microsoft Defender. It specifically refers to a backdoor malware known as njRAT, capable of hacking into and controlling victims’ computers. In which cases it is a dangerous trojan and in which cases it is a false positive detection, we will understand in this article. What is Backdoor:Win32/Bladabindi!ml?… Continue reading Backdoor:Win32/Bladabindi!ml Analysis & Removal Guide

Remcos RAT Targets South Korean Users Through Webhards

A new wave of Remcos RAT spreading targets people from South Korea

An infamous Remcos RAT reportedly started targeting South Korean users through the files shared on Webhards platform. By baiting users with cracked software and adult content, hackers manage to install a malicious script that in turn downloads and runs the dangerous remote access trojan. Remcos RAT Uses Webhards to Spread Recent research of South Korean… Continue reading Remcos RAT Targets South Korean Users Through Webhards

SugarGh0st RAT Targets Uzbekistan and South Korea

Asian government-sponsored hackers are making a fuss again.

A new malicious campaign employs SugarGh0st RAT to target government agencies. Artifacts in the decoy documents hint at a potential Chinese-speaking actor. SugarGh0st Uses Spear Phishing to Attack Governments Researchers have uncovered a new wave of cyber threats targeting government entities in Uzbekistan and South Korea in recent cybersecurity developments. Utilizing a customized variant of… Continue reading SugarGh0st RAT Targets Uzbekistan and South Korea

HiatusRAT Used in Attacks on Taiwan Companies and U.S. Military

HiatusRAT offers pretty unusual functionality that appears useful in sophisticated attacks

Recent attacks on US military systems and Taiwan companies are distinctive not only by the brave target choosing, but also for the used toolkit. In the case of both targets, attackers used HiatusRAT as an initial access/reconnaissance tool. Aside from being used in these attacks, Hiatus Trojan has other things to boast of. US DoD… Continue reading HiatusRAT Used in Attacks on Taiwan Companies and U.S. Military