2025-01-30 22:06:31 Pacfic
Fake Malware Builder Backdoors 18000 Users - 3d
A threat actor has successfully targeted low-skilled hackers, often referred to as ‘script kiddies,’ by distributing a fake malware builder. The builder is not what they expected, instead it secretly infects the user’s systems with a backdoor. This sophisticated method allowed the attacker to compromise over 18,000 devices, highlighting a serious issue in the threat landscape. This indicates that even low skilled attackers can be targets and may unknowingly become victims.
Juniper Routers Targeted by J-Magic Malware - 5d
A sophisticated campaign dubbed ‘J-Magic’ has been discovered targeting enterprise-grade Juniper routers. Attackers are using ‘magic packets’ to trigger a custom cd00r variant, allowing them to establish a reverse shell and gain full access. The J-magic malware was found to be active from 2023 until at least mid-2024. The malware passively monitors the network for these ‘magic packets’, which are specifically designed TCP packets. This allows for data exfiltration, device takeover, and further malware deployment. This malware targeted semiconductor, energy, manufacturing and IT sectors.
EAGERBEE Backdoor Targets Middle East - 23d
The EAGERBEE backdoor has been deployed in the Middle East, targeting ISPs and government entities. This sophisticated malware employs a novel service injector and undocumented plugins to carry out malicious activities like file manipulation, remote access, and process exploration. The backdoor leverages a DLL hijacking vulnerability to establish itself on the system. This campaign showcases advanced techniques used in targeted cyberattacks.
RomCom Zero-Day Exploits in Mozilla and Windows - 3d
The RomCom cyber threat group exploited zero-day vulnerabilities (CVE-2024-9680 and CVE-2024-49039) in Mozilla Firefox and Windows to deploy their backdoor. The vulnerabilities allowed zero-click exploitation, delivering payloads without user interaction. Fake websites were used to target victims worldwide, mainly in Europe and North America. The backdoor provided attackers with complete system control.
North Korean Hackers Use OtterCookie Malware - 2d
North Korean threat actors are actively using a new malware called ‘OtterCookie’ in their ‘Contagious Interview’ campaign. This campaign is targeting software developers with fake job offers. The malware acts as a backdoor, enabling unauthorized access to compromised systems. This is part of a broader trend of North Korean cyber activity aimed at financial gain and espionage. The activity indicates a sophisticated and persistent threat actor leveraging social engineering to infiltrate targeted systems.