Lmst

.NET Multi-Stage Malware Loader Target Windows Systems

.NET-based multi-stage malware loader is identified to be targeting windows systems. It serves as a delivery system for a variety of harmful payloads, such as keyloggers (404Keylogger), remote access trojans (Remcos), and information thieves (AgentTesla and Formbook).

Pulse ID: 68292784661d61913074fa2d
Pulse Link: https://otx.alienvault.com/pulse/68292784661d61913074fa2d
Pulse Author: cryptocti
Created: 2025-05-18 00:19:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #FormBook #InfoSec #KeyLogger #Malware #NET #OTX #OpenThreatExchange #Remcos #RemoteAccessTrojan #Tesla #Trojan #Windows #bot #cryptocti

@heisec

Auf #Android niemals die vorinstallierte Tastatur verwenden, gerade bei #Samsung mit seiner bloatware!

Stattdessen #Heliboard (wenn man Autokorrektur braucht) oder #Florisboard (um stattdessen die Tastatur so anzupassen, dass man auch so schreiben kann)

Software-Tastaturen sind (theoretisch) #Keylogger und brauchen volles Vertrauen!

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Insikt Group has discovered two new malware families, TerraStealerV2 and TerraLogger, linked to the financially motivated threat actor Golden Chickens. TerraStealerV2 is designed to steal browser credentials, cryptocurrency wallet data, and browser extension information, while TerraLogger functions as a standalone keylogger. These tools suggest ongoing development aimed at credential theft and keylogging. TerraStealerV2 exfiltrates data to both Telegram and a domain, while TerraLogger lacks exfiltration capabilities. Both malware families appear to be in active development, lacking the sophistication typically associated with mature Golden Chickens tooling. Organizations are advised to implement mitigation strategies to reduce the risk of compromise as these malware families evolve.

Pulse ID: 6813dfdaee3591d85df91491
Pulse Link: https://otx.alienvault.com/pulse/6813dfdaee3591d85df91491
Pulse Author: AlienVault
Created: 2025-05-01 20:55:54

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CyberSecurity #InfoSec #KeyLogger #Malware #OTX #OpenThreatExchange #RAT #Telegram #bot #cryptocurrency #AlienVault

One of my first #Git repositories I ever pushed to #GitHub was a #Windows #Keylogger written in C++. After 15 years I rewrote the project in #Zig: https://github.com/TheFox/keylogger

#Development #Software #cpp #ziglang

SnakeKeylogger – A Multistage Info Stealer Malware Campaign

This analysis explores a sophisticated malware campaign utilizing SnakeKeylogger, a credential-stealing threat. The attack begins with malicious spam emails containing disguised attachments. The infection chain involves multiple stages, including encrypted payload delivery, process hollowing, and stealthy execution. SnakeKeylogger targets various applications to harvest sensitive data, including web browsers, email clients, and FTP software. The malware employs advanced evasion techniques such as obfuscation and memory injection. It specifically targets Microsoft Outlook profiles and Wi-Fi credentials. The campaign demonstrates a structured approach with regular payload updates and abuse of legitimate servers for distribution. This threat poses significant risks for data theft and potential business email compromise.

Pulse ID: 680a3f63bd3d072221e25eba
Pulse Link: https://otx.alienvault.com/pulse/680a3f63bd3d072221e25eba
Pulse Author: AlienVault
Created: 2025-04-24 13:40:51

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CyberSecurity #DataTheft #Email #InfoSec #KeyLogger #Malware #Microsoft #OTX #OpenThreatExchange #Outlook #RAT #SnakeKeylogger #Spam #bot #AlienVault

APT Group Profiles - Larva-24005

A new operation named Larva-24005, linked to the Kimsuky group, has been discovered by ASEC. The threat actors exploited RDP vulnerabilities to infiltrate systems, installing MySpy malware and RDPWrap for continuous remote access. They also deployed keyloggers to record user inputs. The group has been targeting South Korea's software, energy, and financial industries since October 2023, with attacks extending to multiple countries worldwide. Their methods include exploiting the BlueKeep vulnerability (CVE-2019-0708) and using phishing emails. The attackers employ various tools such as RDP scanners, droppers, and keyloggers in their multi-stage attack process.

Pulse ID: 6807c698b42f069fc7334d48
Pulse Link: https://otx.alienvault.com/pulse/6807c698b42f069fc7334d48
Pulse Author: AlienVault
Created: 2025-04-22 16:40:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#ASEC #CyberSecurity #Email #InfoSec #KeyLogger #Kimsuky #Korea #Malware #OTX #OpenThreatExchange #Phishing #RAT #RDP #SouthKorea #UK #Vulnerability #bot #AlienVault

Es gibt nichts zu sehen, bitte gehen Sie weiter. #microsoft #keylogger #malware

@politik
Können wir #Palantir und die Vordergrundgeschalteten #AIassistenten als #digitaleWaffen deklarieren und sie als das bezeichnen, was sie vordergründig sind, #keylogger. Was wurde aus dem #bundestrojaner? Steckt man Palantir da als Malwarebundle zusammen?
https://de.m.wikipedia.org/wiki/Keylogger

@digitalcourage
@netzpolitik_feed
@heiseonline

#Politik #Propaganda #Fakenews

💡 Sous #Android, à défaut d'avoir e/OS/, on pense à remplacer nos applis propriétaires par des #LogicielsLibres et #OpenSource ... appels, agenda, SMS, cloud, galerie, vidéos YouTube, GPS / cartographie, magasins d'applications, etc... mais QUID de votre clavier ?

Et oui, il faut aussi remplacer votre clavier car c'est aussi via cette application que les données fuitent !

Dites-vous que le clavier natif de #Google est un véritable #keylogger 🕵️

Mon clavier actuel : https://f-droid.org/packages/helium314.keyboard/

Today's reminder of the insider threat involves a pharmacist in Maryland who over a period of 8 years or more, used keyloggers and installed spyware on about 400 computers at the University of Maryland Medical System so he could spy on female co-workers in private moments at work (such as changing clothes, breastfeeding their babies), and in their homes. He was reportedly fired in October 2024, and was able to get another job in another healthcare facility in Maryland because there has been no criminal charges filed against him yet and UMMS apparently didn't alert his new employer.

If Maryland law is like my state's laws, the hospital may be barred legally from revealing what happened if asked for a recommendation by the new employer. And it seems the Maryland state pharmacy board can't just suspend a license unless there's been a conviction, so the failure to have criminal charges filed already seems to have put more potential victims at risk.

Unsurprisingly, a potential class action lawsuit has already been filed against UMMS with six plaintiffs so far. There are estimates that there are more than 80 victims of the now-former employee.

Some of the media coverage on the case: https://thedailyrecord.com/2025/04/04/six-women-sue-umms-claiming-staffer-spied-on-them-after-security-breach/

#InsiderThreat #keylogger #workplace #privacy #infosec

👾 #MassLogger is a stealer and #keylogger notorious for its variety of infection and evasion techniques.
As low-cost #MaaS, it is accessible by a wide audience of malefactors.

🔗 Learn more & collect #IOCs to strengthen company's security: http://any.run/malware-trends/masslogger/?utm_source=mastodon&utm_medium=post&utm_campaign=masslogger&utm_content=tracker&utm_term=310325

#infosec #Cybersecurity

Social media post I wrote about #RemcosRAT for my employer at https://www.linkedin.com/posts/unit42_remcos-rat-keylogger-activity-7304958245322768385-tu-a/ and https://x.com/malware_traffic/status/1899207006939947440

2025-03-10 (Monday): #Remcos #RAT activity. Email distribution used a zip archive attachment with a .7z file extension. During a test infection, we saw indicators of a #Keylogger and a Hacking tool to view browser passwords.

More info at https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-03-10-IOCs-for-Remcos-RAT-activity.txt

A #pcap of the infection traffic and the associated #malware files are available at https://malware-traffic-analysis.net/2025/03/10/index.html

Screenshot of the email distributing Remcos RAT, focusing on the attached archive and its contents.

Traffic from the Remcos RAT infection filtered in Wireshark. It show information about the infected Windows host, and it also shows a Windows EXE sent over the C2 traffic. The Windows EXE is a hacker tool to view browser passwords.

Location of a text file for an offline keylogger. The image shows the beginning of the contents of this keylogger data file.

$This infection was persistent through copies of the initial malware saved to the AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup directory. This image also shows a Windows Registry update caused by the Remcos RAT infection.$

‼️ Ein neuer Angriff mit dem Snake-#Keylogger betrifft Millionen von #Windows-Nutzern.

Die #Schadsoftware zeichnet unbemerkt #Tastatureingaben auf, um #Passwörter und sensible Daten zu stehlen.

Laut Fortinet wurden seit Jahresbeginn über 280 Millionen #Infektionsversuche registriert. Besonders verbreitet ist der Angriff in #China, der #Türkei, #Indonesien, #Taiwan und #Spanien. Der Keylogger wird meist über #Phishing-Mails verbreitet.

https://www.golem.de/news/zugangsdaten-in-gefahr-windows-nutzer-millionenfach-mit-keylogger-attackiert-2502-193493.html

#Cybersecurity #Malware

Una nueva variante de Snake #Keylogger aprovecha las secuencias de comandos #Autolt para evadir la detección
https://blogs.masterhacks.net/noticias/hacking-y-ciberdelitos/la-nueva-variante-de-snake-keylogger-aprovecha-las-secuencias-de-comandos-autolt-para-evadir-la-deteccion/

Snake Keylogger Variant: A Persistent Threat to Windows Users - https://www.redpacketsecurity.com/evolving-snake-keylogger-variant-targets-windows-users/

#threatintel #malware #cybersecurity #keylogger

Snake Keylogger slithers into Windows, evades detection with AutoIt-compiled payload
https://www.theregister.com/2025/02/18/new_snake_keylogger_infects_windows/

#Infosec #Security #Cybersecurity #CeptBiro #Snake #Keylogger #Windows #EvadesDetection #AutoItCompiledPayload

🚨 Alert for Windows users! A new variant of Snake Keylogger is targeting #Windows users worldwide with over 280 million blocked infection attempts globally.

🔗 Learn more: https://hackread.com/snake-keylogger-variant-windows-data-telegram-bots/

#CyberSecurity #Malware #Hackers #Keylogger

Snake Keylogger vs Wireshark

YouTube video: https://youtu.be/keAHKO2Fc4I

#Wireshark #malware #keylogger #threats #network #cybersecurity #infosec #hack #Hacker #hacking #passwords

Wenn man jedoch einmal Opfer eines #Infostealer geworden sein sollte, reicht auch ein starkes Masterpasswort nicht, Das Passwort kann über einen #Keylogger mitgelesen und exfiltriert worden sein.

Da hilft dann nur noch das zügige Auswechseln aller Passwörter. Je weniger im betroffenen Passwort-Tresor drin waren, desto besser. Alles nicht ständig benötigte sollte man ohnehin nicht dauerhaft auf einem PC speichern, der online geht.

Nur entnehmbare Token für #2FA können vor sowas schützen.

Berliner Gymnasium: Sicherheitsvorfall #Gerichtsurteil #Einbruch #Keylogger #TeamInfoSec #cyberangriff https://www.security-incidents.de/sicherheitsvorfaelle/sicherheitsvorfall-berliner-gymnasium-DE-7392.php

#KeyLogger

Client Info