Skip to main content

Tag: remote

8 articles

Winos 40 Stunning Risky Asia-Pacific Expansion

Winos 40 Stunning Risky Asia-Pacific Expansion

Winos 4.0 (ValleyRAT) is widening its reach into Japan and Malaysia using weaponized PDFs that drop links to a follow-on RAT (HoldingHands/Gh0stBins), making multi-stage phishing attacks more potent — now’s the time to lock down PDF handling, enforce URL filtering, and boost behavioral detection before attackers exploit language- and region-specific gaps.

Analyst 207
variant of PlugX: Exclusive Dangerous Telecom Threat

variant of PlugX: Exclusive Dangerous Telecom Threat

A decade-old espionage tool, PlugX, has been revamped and is now creeping into telecom and manufacturing networks across ASEAN, blending proven code with new evasion tricks to steal data and stay hidden. Operators, policymakers and smaller suppliers need to tighten defenses, share intelligence and hunt for anomalous DLL side-loading before these stealthy intrusions become lasting footholds.

Analyst 207
Vietnam-linked phishing campaign: Dangerous, Stunning Shift

Vietnam-linked phishing campaign: Dangerous, Stunning Shift

A Vietnam-linked phishing campaign has quietly upgraded from a Python infostealer to PureRAT, turning quick credential grabs into hands-on, persistent intrusions that can enable live data theft and lateral movement. Defenders should shift from signature hunting to behavior-based EDR, network telemetry, and stronger email and access controls to stop these more dangerous, interactive attacks.

Analyst 207
BRICKSTORM backdoor: Stunning Dangerous Threat Exposed

BRICKSTORM backdoor: Stunning Dangerous Threat Exposed

BRICKSTORM is a stealthy backdoor tied to a Chinese‑aligned group that quietly harvests telemetry to help build and refine zero‑day exploits—what looks like a low‑impact intrusion today could be tomorrow’s weapon. Security teams should hunt, patch, and harden now before collected data is turned into lasting capability.

Analyst 207
remote-access trojan Stealthy Risk: Exclusive Alert

remote-access trojan Stealthy Risk: Exclusive Alert

Meet MostereRAT: a stealthy remote-access trojan that slips into Windows systems via convincing phishing and then hides using living‑off‑the‑land tactics, process injection and obfuscated code to evade detection. The takeaway: basic hygiene—skepticism about attachments, disabled macros, timely patches and layered visibility—now matters more than ever.

Analyst 207
CastleRAT malware: Exclusive Dangerous C/Python Threat

CastleRAT malware: Exclusive Dangerous C/Python Threat

A new strain of CastleRAT, now rewritten in both C and Python, is being spread via a nasty ClickFix trick that convinces users to paste malicious commands into their terminals—don’t paste commands you don’t trust. Stay skeptical of unsolicited “fixes,” verify sources, and treat pasteable commands like executable attachments.

Analyst 207
Lazarus Group Exclusive: Dangerous DeFi RATs Revealed

Lazarus Group Exclusive: Dangerous DeFi RATs Revealed

A North Korea-linked Lazarus campaign used a crafty phishing lure to deploy three cross-platform RATs—PondRAT, ThemeForestRAT and RemotePE—breaching a DeFi organization and highlighting how attackers now tailor stealthy, multi‑OS toolsets to target decentralized finance. It’s a wake-up call: assume breach, tighten access and key protections, and shift to behavior-based detection across heterogeneous environments.

Analyst 207
signed driver Dangerous: Stunning ValleyRAT Risk

signed driver Dangerous: Stunning ValleyRAT Risk

Imagine a trusted vendor’s driver used as a battering ram—Silver Fox has been abusing Microsoft‑signed kernel drivers to slip past endpoint defenses and install the ValleyRAT backdoor for stealthy, long‑term access and data theft. Tighten driver policies, add kernel‑level telemetry, and vet supply chains before digital trust becomes the next attack surface.

Analyst 207