Tag

Malware As A Service

All articles tagged with #malware as a service

cybersecurity1 month ago•4 min saved

Mirax Android RAT Turns Phones Into SOCKS5 Proxies via Meta Ads

A new Android remote access Trojan named Mirax blends traditional RAT capabilities with a residential SOCKS5 proxy feature, allowing attackers to route traffic through infected devices. Campaigns reach about 220,000 accounts on Facebook, Instagram, Messenger, and Threads via Meta ads promoting a malware dropper, with Mirax offered as a MaaS to a small, Russia-focused affiliate network. Once installed, it can capture data, render fake overlays for credential theft, and maintain multiple C2 channels (WebSockets on ports 8443, 8444, and 8445) for remote control, streaming, exfiltration, and proxy deployment. Distribution uses GitHub-hosted droppers and two crypters (Virbox and Golden Crypt) with anti-analysis checks, reflecting a trend of combining RAT functionality with proxy networks for monetization and broader reach.

via The Hacker News|

#android-malware #cybersecurity #malware-as-a-service

cybersecurity2 years ago•2 min saved

Skype accounts compromised, DarkGate malware spreads rapidly

DarkGate malware has been spreading through compromised Skype accounts, with attackers using VBA loader script attachments to infect targets. The malware operators have also attempted to push their payload through Microsoft Teams. DarkGate has become increasingly popular among cybercriminals for initial access into corporate networks, offering a range of features and posing various threats, including ransomware and cryptomining. This surge in DarkGate activity highlights the growing influence of this malware-as-a-service operation and the determination of threat actors to adapt their tactics despite disruptions.

via BleepingComputer|

#cybersecurity #darkgate-malware #malware-as-a-service

cybersecurity2 years ago•3 min saved

Rising Threat: ASMCrypt Malware Loader Exploits Cybercrime Underground

BunnyLoader, a new malware-as-a-service (MaaS) threat, has been discovered in the cybercrime underground. It offers various functionalities such as downloading and executing payloads, stealing browser credentials, and running remote commands. BunnyLoader incorporates anti-sandbox and antivirus evasion techniques and has a fileless loading feature. The malware sets up persistence via a Windows Registry change and performs sandbox and virtual machine checks before activating its malicious behavior. It includes tasks for downloading and executing next-stage malware, running keyloggers and stealers, and redirecting cryptocurrency payments. BunnyLoader is continuously evolving and adding new features to carry out successful campaigns. This discovery follows the emergence of other information stealer malware strains, such as Agniane Stealer and The-Murk-Stealer.

via The Hacker News|

#bunnyloader #cybercrime #cybersecurity

mobile-security-banking3 years ago•2 min saved

Nexus Android Trojan Targets 450 Financial Apps and Bank Accounts.

Nexus is a new Android banking trojan that has already been used by several threat actors to target 450 financial applications and conduct fraud. The malware is advertised as a subscription service for a monthly fee of $3,000 and contains features to take over accounts related to banking and cryptocurrency services. It is capable of stealing credentials, intercepting SMS messages, and reading two-factor authentication codes. The malware overlaps with another banking trojan called SOVA and incorporates a ransomware module. The Nexus authors have laid out explicit rules that prohibit the use of its malware in certain countries.

via The Hacker News|

#android #banking-trojan #cybersecurity