Chinese Hackers Deploy Rootkit to Conceal ToneShell Malware Operations

A new variant of the ToneShell backdoor attributed to the Mustang Panda
group has been deployed

Pulse ID: 6953ced7aa91769979e76ca4
Pulse Link: https://otx.alienvault.com/pulse/6953ced7aa91769979e76ca4
Pulse Author: cryptocti
Created: 2025-12-30 13:08:39

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Chinese #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #Rootkit #bot #cryptocti

Operation ForumTrol Known for Exploiting Chrome 0-Day Attacking Users With New Phishing Campaign

A new phishing campaign has been launched by an advanced persistent threat group known as ForumTrol, exploiting a zero-day vulnerability in Google Chrome, according to Securelist researchers and a security analyst.

Pulse ID: 6953a48dbb4aa386e9b0efa7
Pulse Link: https://otx.alienvault.com/pulse/6953a48dbb4aa386e9b0efa7
Pulse Author: CyberHunter_NL
Created: 2025-12-30 10:08:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#0Day #Chrome #CyberSecurity #Google #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SecureList #Vulnerability #ZeroDay #bot #CyberHunter_NL

Operation PCPcat Hacked 59,000+ Next.js/React Servers Within 48 Hours

A massive credential-theft campaign exposed 59,000 Next.js servers in under 48 hours, an analysis by Brazilian researcher Mario Candela shows. £1.5m in total.

Pulse ID: 6953a54522cac3893c0bd6f2
Pulse Link: https://otx.alienvault.com/pulse/6953a54522cac3893c0bd6f2
Pulse Author: CyberHunter_NL
Created: 2025-12-30 10:11:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Brazil #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #bot #CyberHunter_NL

Webrat, disguised as exploits, is spreading via GitHub repositories

Pulse ID: 69537e4b4d9d08ece42c9e32
Pulse Link: https://otx.alienvault.com/pulse/69537e4b4d9d08ece42c9e32
Pulse Author: Tr1sa111
Created: 2025-12-30 07:24:59

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #GitHub #InfoSec #OTX #OpenThreatExchange #RAT #bot #Tr1sa111

How Windows Event Logs Reveal Signs of Advanced Cyber Threats

Threat actors are often portrayed as highly skilled operators executing carefully planned intrusions. However, forensic analysis of Windows Event Logs and EDR telemetry reveals a different reality.

Pulse ID: 69532bc67e0e7cb98f788845
Pulse Link: https://otx.alienvault.com/pulse/69532bc67e0e7cb98f788845
Pulse Author: cryptocti
Created: 2025-12-30 01:32:54

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #RAT #Windows #bot #cryptocti

2025-12-29 (Monday): #ClickFix page leads to #NetSupportRAT infection.

Details at www.malware-traffic-analysis.net/2025/12/29/index.html

Of note, this is not from the usual ClickFix campaigns that I track. While #SmartApeSG has often pushed #NetSupport #RAT, this is a completely different vector for the initial URL.

The initial sites.google[.]com URLs for this campaign are sent via email. But I don't have an example for this particular infection chain.

口元もふもふ #ラット #ファンシーラット #rat #rats #rodents #ratsOfFediverse

hunh

#rat #rats #ratsOfMastodon #ratsOfFediverse #rodents #cute #cuteArt #OC #OCs #OCart

The HoneyMyte APT now protects malware with a kernel-mode rootkit

In mid-2025, a malicious driver file was discovered on Asian computer systems, signed with a compromised digital certificate. This driver injects a backdoor Trojan and protects malicious files, processes, and registry keys. The final payload is a new variant of the ToneShell backdoor, associated with the HoneyMyte APT group. The attacks, which began in February 2025, primarily target government organizations in Southeast and East Asia, especially Myanmar and Thailand. The malware uses various techniques to evade detection, including API obfuscation, process protection, and registry key protection. The ToneShell backdoor communicates with command-and-control servers using fake TLS headers and supports remote operations such as file transfer and shell access.

Pulse ID: 69528092ee9eed9c6d16d25d
Pulse Link: https://otx.alienvault.com/pulse/69528092ee9eed9c6d16d25d
Pulse Author: AlienVault
Created: 2025-12-29 13:22:26

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CyberSecurity #Government #InfoSec #Malware #Myanmar #OTX #OpenThreatExchange #RAT #Rootkit #TLS #Thailand #Trojan #bot #AlienVault

Fałszywe repozytoria GitHub z narzędziami OSINT rozprzestrzeniają złośliwe oprogramowanie

Osoby związane z szeroko rozumianym IT, zarządzające systemami czy tworzące oprogramowanie, to szczególnie łakomy kąsek dla grup przestępczych działających w cyfrowym świecie. Nie jest to nowe zjawisko. Tym razem mamy do czynienia z pewną ewolucją. TLDR: Cyberprzestępcy zamiast łamać platformy zdecydowali się uderzyć w nasz najczulszy punkt, jakim jest zaufanie....

#Aktualności #Fileless #Github #Hta #Kryptowaluty #Malware #OSINT #RAT

https://sekurak.pl/falszywe-repozytoria-github-z-narzedziami-osint-rozprzestrzeniaja-zlosliwe-oprogramowanie/

Fałszywe repozytoria GitHub z narzędziami OSINT rozprzestrzeniają złośliwe oprogramowanie https://sekurak.pl/falszywe-repozytoria-github-z-narzedziami-osint-rozprzestrzeniaja-zlosliwe-oprogramowanie/ #Aktualnoci #Fileless #Github #Hta #Kryptowaluty #Malware #OSINT #RAT

正面顔も​:cute_hanami:​ #ラット #ファンシーラット #rat #rats #rodents #ratsOfFediverse

squeakross stickers and cherry keychain available NOW

i put together this shitty graphic i hope you like it!!!

https://eonmakes.etsy.com

#rat #rats #ratsOfMastodon #ratsOfFedi #ratsOfFediverse #ratsOfTheFediverse #cute #cuteArt #rodents #shop #artShop #squeakross #stickers #stickerShop #merchandise

https://www.wacoca.com/videos/3070365/voice-actor/ 森久保祥太郎さんが命を吹き込んだAIキャラクター「カイト」登場記念！SOYOGI生配信 〜あなたと過ごす特別な一夜〜 【HAPPY RAT】 #＃HAPPYRAT #＃そよぎフラクタル #＃梵そよぎ #＃梶裕貴 #AiTuber #AIVtuber #happy #rat #SpiralAI #Vlog #VoiceActor #あなたと過ごす特別な一夜 #声優 #森久保祥太郎 #森久保祥太郎さんが命を吹き込んだAIキャラクターカイト登場記念SOYOGI生配信 #男性声優

A little late, but Merry Christmas! 🎄

Unfortunately, I don't have my tablet with me, so I improvised a little and drew something traditionally and colored digitally. I hate drawing with pencil on paper. 😅

#furryartist #furryarwork #art #furry #rat #originalcharacterart #detective #traditionalart

抱き枕をかいました #ラット #ファンシーラット #rat #rats #rodents #ratsOfFediverse

Sticker of the Day!

This is my sticker based on my drawing of the Rat from the Chinese Zodiac!

https://www.joyousjoyness.com/collections/stickers

#art #sticker #rat #zodiac

A typosquatted domain mimicking the MAS Windows activation tool spread Cosmali Loader malware via PowerShell ⚠️

Users who mistyped the URL risked cryptominers and remote access trojans; MAS maintainers warn to double-check commands 🛡️

🔗 https://www.bleepingcomputer.com/news/security/fake-mas-windows-activation-domain-used-to-spread-powershell-malware/

#TechNews #Cybersecurity #Malware #Windows #PowerShell #DataSecurity #UserSafety #Privacy #InfoSec #RAT #DigitalTrust #Hacking #SecurityAwareness #ResponsibleTech #ITSecurity #ThreatIntel #MAS #Microsoft