A browser-extension campaign is bypassing traditional EDR defenses by injecting remote JavaScript payloads directly into authenticated browser sessions. Researchers at 7AI uncovered the operation, dubbed CRXfiltrate, after observing suspicious outbound traffic originating from a seemingly harmless Chrome color-picker extension. According to the researchers, the campaign remained active across enterprise environments and delivered operator-controlled payloads without…
Tag: payloads
AI, Global Security News, Russia
‘FrostyNeighbor’ APT Carefully Targets Govt Orgs in Poland, Ukraine
Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group.
AI, Global Security News, Russia
Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware
Operation HumanitarianBait uses fake aid documents, GitHub-hosted payloads, and Python spyware to target Russian-speaking victims.
AI, Global Security News, malware, Network Security
Microsoft Graph API misused by new GoGra Linux malware for hidden communication
A new GoGra Linux malware uses Microsoft Graph API and an Outlook inbox to deliver payloads, making it stealthy and hard to detect. A new Linux version of the GoGra backdoor uses Microsoft’s Graph API and an Outlook inbox to deliver malicious payloads stealthily. The malware is linked to the Harvester cyberespionage group, which is…
Endpoint, Global Security News, Government & Policy
Signed software abused to deploy antivirus-killing scripts
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. […]
Endpoint, Global Security News
Signed Adware Operation Disables Antivirus Across 23,000 Hosts
Huntress uncovers adware deploying AV-killing payloads via signed updates across 23,000 endpoints
Endpoint, Global Security News
New ‘Zombie ZIP’ technique lets malware slip past security tools
A new technique dubbed “Zombie ZIP” helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. […]
AI, Global Security News
Iran’s MuddyWater Targets Orgs With Fresh Malware as Tensions Mount
The long-active Iranian threat group debuted various attack strains and payloads in attacks against organizations in the Middle East and Africa.
Global Security News
Supply Chain Attack Embeds Malware in Android Devices
Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge.
AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security, privacy, Risk Management
LATAM Businesses Hit by XWorm via Fake Financial Receipts: Full Campaign Analysis
Malware campaigns targeting Latin America (LATAM) are evolving. While the final payloads, often commodity RATs like XWorm, remain consistent, delivery mechanisms are becoming increasingly sophisticated to bypass region-specific defenses and increase the chance of reaching real business users. In this analysis, we dissect a recent campaign targeting Brazilian users. What starts as a deceptive “banking receipt” quickly turns into a multi-stage…
Global Security News, Security
Ransomware gang uses ISPsystem VMs for stealthy payload delivery
Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider. […]