Google has suspended the official Play store app of Chinese e-commerce giant Pinduoduo due to the presence of malware. The tech giant also warned users that several of Pinduoduo’s other apps contain the same malware, which can install widgets on affected devices, prevent users from uninstalling apps, track app usageContinue Reading
Cleafy Labs, a cybersecurity company, has discovered a new Android botnet called Nexus, which is capable of performing various malicious activities on infected devices. This discovery has raised concerns about the security of Android devices and the increasing threat of botnets. According to Cleafy Labs, Nexus has been active sinceContinue Reading
A threat actor calling herself as ‘0xFF’ advertised a new RAT in HackForums. According to the threat actor, this new RAT tool is supporting Windows (amd64, i386, arm, arm64), Linux (amd64, i386, arm, arm64), Darwin (MacOS) (amd64(Intel), arm64(m1)) and Android (bin) (amd64, i386, arm, arm64). This Multi-OS RAT has featuresContinue Reading
Before Russian troops entered Ukraine, both government and companies of Ukraine faced several cyber attacks. While these cyber attacks are expected to spread all over the world, the attacks on Ukraine continue. A few days ago, according to Reuters, Ukraine asks hackers to help defending its cyber structure. “The governmentContinue Reading
Russian troops entered Ukraine, the whole world is watching this situation with surprise and sadness. Before the invasion, numerous Ukrainian organizations getting hit with a sophisticated new disk-wiping malware. Mandiant is tracking this threat as ‘NEARMISS’ and ESET is tracking as ‘HermeticWiper’ and they reported that they found traces ofContinue Reading
Decryption keys for Egregor, Sekhmet and Maze shared by someone claiming to be the developer of all three malware. The keys were published in BleepingComputer forum. As stated in the forum post, this was a planned leak and is not related to the recent law enforcement against attackers. Again, accordingContinue Reading
AT&T Alien Labs last week announced that the source code of BotenaGo malware has been published in GitHub. BotenaGo was discovered and named in November 2021 by Alien Labs again, and according to the post of Alien Labs, the source code of this malware has been published on 16th ofContinue Reading
Modules are typically work in Powershell directly. “Get-Module” command can be used to see imported modules. “Get-Module -ListAvailable” command show the modules available. For the additional modules we want to use, we should import them first. Once we import the module, we can use its all commands anymore. We willContinue Reading
Redline is a free tool for investigation malicious activity through memory and file analysis. It has a lot of features for investigation but in this post, we will only mention searching for IoCs in the endpoint with Redline. In previous post, we created an IoC to detect WinSCP.exe. Now, weContinue Reading
An effective threat hunting is critical because it is hard to think like attackers and to search for the unknown in an enterprise network. This post may help organizations for an effective and successful threat hunting. Knowledge of Topology and Environment The purpose of threat hunting is to find theContinue Reading