Trigona ransomware now uses a custom command-line tool to steal data faster and evade detection, replacing tools like Rclone and MegaSync. Symantec researchers report that recent Trigona ransomware attacks used a custom-built data exfiltration tool instead of common utilities like Rclone or MegaSync. This shift, seen in March 2026 incidents, gives attackers more control and…
Tag: commandline
Global Security News
Trigona ransomware attacks use custom exfiltration tool to steal data
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. […]
Global Security News
Microsoft removes Support and Recovery Assistant from Windows
Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. […]
AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management
Fake OpenClaw npm Package Installs GhostClaw Malware
A malicious npm package is targeting developers by posing as a legitimate command-line tool while secretly deploying an infostealer and a remote access trojan (RAT). The package, @openclaw-ai/openclawai, masquerades as an OpenClaw Installer utility but instead initiates a multi-stage malware operation. Once executed, it attempts to steal credentials, cryptocurrency wallets, SSH keys, browser data, and…
Global Security News, Security
New tool blocks imposter attacks disguised as safe commands
A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution. […]