Security researchers recently uncovered a new cross-platform malware named Noodle RAT. Noodle RAT: A New Malware Family Trend Micro’s security expert Hara Hiroaki has identified Noodle RAT as a significant departure from known malware variants like Gh0st RAT and Rekoobe. Hiroaki explains, “this backdoor represents a new category of malware, rather than just a variant…
Tag: Malware
Kimsuky APT Deploys Linux Backdoor ‘Gomir’ in Cyber Attacks Targeting South Korea
The Kimsuky APT group, also known as Springtail and linked to North Korea’s Reconnaissance General Bureau (RGB), has launched a new attack against South Korean organizations using a Linux variant of its GoBear backdoor. The Symantec Threat Hunter Team from Broadcom reported that this backdoor, named Gomir, shares significant code similarities with GoBear. OS-dependent features…
North Korean Hackers Unleash Golang Malware ‘Durian’ Targeting Crypto Companies
Kimsuky, a North Korean threat actor, has perpetrated a series of highly targeted cyber assaults against two South Korean cryptocurrency companies, utilizing a newly discovered Golang-based malware named Durian. According to Kaspersky’s APT trends report for Q1 2024, Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and the exfiltration…
MITRE Breach Timeline: China-Linked Group’s Intrusion Unveiled
On April 19, MITRE, a nonprofit organization managing R&D centers for US government sponsors, disclosed the breach of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified collaborative network utilized for research, development, and prototyping purposes. Insights into the Attack The cyber espionage group associated with China, identified by Mandiant as UNC5221, exploited zero-day…
Malware Analysis: A Malicious Javascript Code
The “javascript-malware-collection” repository on GitHub serves as a repository for various forms of malicious code, each capable of compromising systems and stealing sensitive information. Within this repository, we can analyze characteristics of JavaScript-based malicious codes, revealing their intricate functionalities and potential impacts. In this brief static malware analysis, our focus is on examining a specific…
Docker Removed Millions of Malware-Infected Repositories on Docker Hub
In a recent investigation, researchers from JFrog uncovered a significant security threat on Docker Hub, prompting the removal of nearly 3 million public repositories. These repositories lacked actual content, containing only seemingly innocuous description pages that included links to malicious content, such as spam and malware. Intention of Attackers The threat, identified in April, involved…