Tag: powershell
-
Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign
Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems.”This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems,” French cybersecurity company Sekoia…
-
Technical Analysis of DarkVision RAT
Tags: access, antivirus, api, attack, cloud, communications, computer, control, cybercrime, data, detection, encryption, endpoint, infection, injection, malicious, malware, network, open-source, password, powershell, rat, remote-code-execution, startup, tactics, theft, threat, tool, windowsIntroductionDarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020, offered on Hack Forums and their website for as little as $60. Written in C/C++, and assembly, DarkVision RAT has gained popularity due to its affordability and extensive feature set, making it accessible even to low-skilled cybercriminals. The RAT’s capabilities…
-
Exploiting Exploiting Exchange PowerShell After ProxyNotShell: Part 3 DLL Loading Chain for RCE
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36374/Exploiting-Exploiting-Exchange-PowerShell-After-ProxyNotShell-Part-3-DLL-Loading-Chain-for-RCE.html
-
Fake CAPTCHA Verification Pages Spreading Lumma Stealer Malware
A new phishing campaign uses fake CAPTCHA verification pages to trick Windows users into running malicious PowerShell commands,… First seen on hackread.com Jump to article: hackread.com/fake-captcha-verification-pages-lumma-stealer-malware/
-
Einfacher Angriff durch Schwachstellen – Hacker können Exchange-Server über die PowerShell angreifen
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecken-exchange-server-angriffe-powershell-zdi-studie-2024-a-64dd7d046950c10537f575df67f0235c/
-
LummaC2 Infostealer Resurfaces With Obfuscated PowerShell Tactics
Tags: powershellSource: www.infosecurity-magazine.com/news/lummac2-infostealer-obfuscated/ comments: 0
-
OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script
Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerS… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/onedrive-phishing-scam-tricks-users.html
-
Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills
First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cloud-security-powershell-expertise-emerge-as-key-soc-analyst-skills
-
ViperSoftX Weaponizing AutoIt CLR For Stealthy PowerShell Execution
ViperSoftX is an advanced malware that has become more complicated since its recognition in 2020, to the extent that eBooks are used on Torrent sites … First seen on gbhackers.com Jump to article: gbhackers.com/vipersoftx-autoit-clr-powershell/
-
ViperSoftX malware covertly runs PowerShell using AutoIT scripting
The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoI… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vipersoftx-malware-covertly-runs-powershell-using-autoit-scripting/
-
Cut & Paste Tactics Import Malware to Unwitting Victims
ClearFake and ClickFix attackers are tricking people into cutting and pasting malicious PowerShell scripts to infect their own machines with RATs and … First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/cut-paste-tactics-import-malware
-
New Rust infostealer Fickle Stealer spreads through various attack methods
New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration A new Rust malware called Fickle Stealer spreads through various at… First seen on securityaffairs.com Jump to article: securityaffairs.com/164726/malware/fickle-stealer-attack-methods.html
-
Fake Google Chrome errors trick you into running malicious PowerShell scripts
A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell fixes that ins… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-google-chrome-errors-trick-you-into-running-malicious-powershell-scripts/
-
FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware
Russia-linked threat actor FlyingYeti is targeting Ukraine with a phishing campaign to deliver the PowerShell malware COOKBOX. Cloudflare researchers … First seen on securityaffairs.com Jump to article: securityaffairs.com/164017/hacking/flyingyeti-targets-ukraine.html
-
Microsoft Replacing VBScript With JavaScript PowerShell
Microsoft has shifted its scripting options for web development and task automation. The company is replacing VBScript with more advanced alternatives… First seen on gbhackers.com Jump to article: gbhackers.com/microsoft-replacing-vbscript/
-
Suspected CoralRaider continues to expand victimology using three information stealers
Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload int… First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/suspected-coralraider-continues-to-expand-victimology-using-three-information-stealers/
-
Hackers Use Custom Backdoor Powershell Scripts to Attack Windows Machines
The Damselfly Advanced Persistent Threat (APT) group, also known as APT42, has been actively utilizing custom backdoor variants, NiceCurl and TameCat,… First seen on gbhackers.com Jump to article: gbhackers.com/hackers-use-custom-backdoor/
-
Analyze Malicious Powershell Scripts by Running Malware in ANY.RUN Sandbox
Hackers exploit PowerShell, a built-in scripting tool on Windows (and sometimes Linux), to launch various attacks. PowerShell scripts can download mal… First seen on gbhackers.com Jump to article: gbhackers.com/powershell-script-tracer_-analyze-powershell-execution/
-
Rhadamanthys infostealer deployed via AI-based PowerShell
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rhadamanthys-infostealer-deployed-via-ai-based-powershell
-
Malicious PowerShell script pushing malware looks AI-written
A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI’s ChatGPT, Googl… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-powershell-script-pushing-malware-looks-ai-written/
-
New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive informatio… First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/new-deepgosu-malware-campaign-targets.html
-
Novel Script-Based Attack That Leverages PowerShell And VBScript
A new campaign has been identified as DEEP#GOSU is likely linked to the Kimsuky group, and it employs a new script-based attack chain t… First seen on gbhackers.com Jump to article: gbhackers.com/power-vbscript-attack/
-
Remote Trojaner Agent Tesla wird über Quantum Builder verbreitet
Tags: powershellDer Builder verwendet außerdem Techniken wie Decoys, UAC Prompts und In-Memory PowerShell, um die endgültige Payload auszuführen. Sie alle werden imme… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/remote-trojaner-agent-tesla-wird-ueber-quantum-builder-verbreitet/a32345/
-
Qualys kündigt bahnbrechende Lösung für First-Party-Software-Risikomanagement an
Mit der neuen Lösung von Qualys können die Teams ihre eigenen, mit gängigen Sprachen wie PowerShell und Python erstellten Skripte als Qualys ID (QIDs)… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/qualys-kuendigt-bahnbrechende-loesung-fuer-first-party-software-risikomanagement-an/a35024/
-
Ukraine Military Targeted With Russian APT PowerShell Attack
First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ukraine-military-targeted-with-russian-apt-powershell-attack