The recent developments in SocGholish infection tactics target WordPress-based websites. The attack sequence involves initial access through compromised websites with vulnerable WordPress plugins.

The Turla malware has been found using weaponized LNK files to infect computers. The malware leverages a compromised website to distribute malicious packages through phishing emails.

A new JScript-based Remote Access Trojan (RAT) has been discovered, likely distributed through phishing campaigns. The attack involves an initial loader script that contacts a command and control (C&C) server to receive a new malicious script.

A recent malware campaign was found exploiting the GoTo Meeting software to deploy the Remcos RAT by using DLL sideloading to execute a malicious DLL file named g2m.dll through a Rust-based shellcode loader.

The malware does not try to hide its presence in the system from antivirus programs and has not gained much popularity in the underground yet, indicating that it is a new player in the market.

The use of the ZPAQ compression format by threat actors in this malware campaign highlights the need for improved security measures and awareness regarding lesser-known archive tools.

Criminals are hijacking business accounts on Facebook and running their own advertising campaigns, causing financial damage and reputational harm to legitimate account holders.

Ginzo stealer is obfuscated with ConfuserEx, resulting in error messages when trying to decompile the code. That is because the type initializer .cctor decrypts the actual code on the fly. It also initializes data required for string decryption.

SteamHide abuses the gaming platform Steam to serve payloads for malware downloaders. Malware operators can also update already infected machines by adding new profile images to Steam.

The malware disguises as DLL fixer 2.5. Upon execution, it displays a randomly created number of corrupted DLLs it pretends to have found on the system.