Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets
Pulse ID: 69af46e2aca26f57f198051b
Pulse Link: https://otx.alienvault.com/pulse/69af46e2aca26f57f198051b
Pulse Author: Tr1sa111
Created: 2026-03-09 22:17:06
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #InfoSec #Mac #OTX #OpenThreatExchange #bot #Tr1sa111
@adulau I think this is a deliberate #Govware #Backdoor by @signalapp since others don't do that shite yet offer encrypted backups anyway…
Middle East Conflict Fuels Opportunistic Cyber Attacks
The ongoing conflict in the Middle East has triggered a surge in cybercriminal activity. Over 8,000 newly registered domains with conflict-related keywords have been identified, many of which may be weaponized in future campaigns. Multiple cases of malicious activity have been observed, including targeted attacks using conflict-themed lures, deployment of the LOTUSLITE backdoor, fake news blogs leading to StealC malware, phishing sites impersonating government portals, donation scams, fraudulent storefronts, and meme-coin pump-and-dump schemes. Threat actors are leveraging various techniques such as DLL sideloading, shellcode execution, and social engineering to compromise victims. The campaigns demonstrate the opportunistic nature of cybercriminals in exploiting geopolitical events for malicious purposes.
Pulse ID: 69ab2d63ef698ae16cec5ef2
Pulse Link: https://otx.alienvault.com/pulse/69ab2d63ef698ae16cec5ef2
Pulse Author: AlienVault
Created: 2026-03-06 19:39:15
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberAttack #CyberAttacks #CyberSecurity #Government #InfoSec #Malware #MiddleEast #OTX #OpenThreatExchange #Phishing #RAT #ShellCode #SideLoading #SocialEngineering #Stealc #StealcMalware #Word #bot #AlienVault
New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering
A new backdoor, dubbed A0Backdoor, has been discovered in connection with a campaign using email bombing and IT-support impersonation over Microsoft Teams to gain Quick Assist access. The malware's loader exhibits anti-sandbox evasion techniques, and the campaign's command-and-control has shifted to a covert DNS mail exchange-based channel. This activity is attributed to the threat group Blitz Brigantine, also known as Storm-1811 or STAC5777, and shows similarities to Black Basta-linked social-engineering tactics. The attackers use digitally signed MSI packages, often hosted on Microsoft cloud storage, to deliver their proprietary tooling. The A0Backdoor employs sophisticated techniques such as time-based execution windows, runtime decryption, and DNS tunneling for covert communication. The campaign has been active since August 2025, targeting primarily the finance and health sectors.
Pulse ID: 69abf37e75ba997149f9e95c
Pulse Link: https://otx.alienvault.com/pulse/69abf37e75ba997149f9e95c
Pulse Author: AlienVault
Created: 2026-03-07 09:44:29
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #BlackBasta #Cloud #CyberSecurity #DNS #Email #ICS #InfoSec #Malware #Microsoft #MicrosoftTeams #OTX #OpenThreatExchange #SocialEngineering #Windows #bot #AlienVault
Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets
A deceptive website impersonating CleanMyMac tricks users into installing SHub Stealer, a sophisticated macOS malware. The malware steals sensitive data, including passwords, browser data, cryptocurrency wallets, and Telegram sessions. It can also modify wallet apps to steal recovery phrases. The attack begins with users pasting a command into Terminal, which downloads and executes a malicious script. The malware performs extensive data collection from various browsers and wallet applications, and installs persistent backdoors in certain crypto wallet apps. SHub Stealer is part of a growing family of AppleScript-based macOS infostealers, demonstrating increasing sophistication in targeting Mac users.
Pulse ID: 69ae9dcd62b1927161472bf9
Pulse Link: https://otx.alienvault.com/pulse/69ae9dcd62b1927161472bf9
Pulse Author: AlienVault
Created: 2026-03-09 10:15:41
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Browser #CyberSecurity #InfoSec #InfoStealer #Mac #MacOS #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Telegram #Word #bot #cryptocurrency #AlienVault
Seedworm Targets Critical Sectors Using Latest Backdoors
Seedworm compromises systems in critical sectors including airports and governments. The threat actor was observed to use state of the art backdoors named Dindoor and Fakeset that were signed with valid certificates.
Pulse ID: 69ac66128f7d265e2d1d986f
Pulse Link: https://otx.alienvault.com/pulse/69ac66128f7d265e2d1d986f
Pulse Author: cryptocti
Created: 2026-03-07 17:53:22
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #ESET #Government #InfoSec #OTX #OpenThreatExchange #SeedWorm #Worm #bot #cryptocti
Iranian APT on Networks of U.S. Bank, Airport, Software Company
Iranian APT group Seedworm has been active on networks of multiple U.S. companies since February 2026, targeting a bank, airport, software company, and NGOs. The group deployed new backdoors named Dindoor and Fakeset, signed with certificates previously linked to Seedworm. The activity occurs amid escalating tensions between the U.S., Israel, and Iran. Seedworm, known for espionage and information gathering, has broadened its scope to target various sectors globally. The article discusses recent Iranian cyber activities, potential future threats, and provides recommendations for defenders to prepare against DDoS, credential attacks, leaks, critical infrastructure attacks, and destructive operations.
Pulse ID: 69a9e3eea1d0b6fa8bf0f06d
Pulse Link: https://otx.alienvault.com/pulse/69a9e3eea1d0b6fa8bf0f06d
Pulse Author: AlienVault
Created: 2026-03-05 20:13:34
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Bank #CyberSecurity #DDoS #DoS #ESET #Espionage #InfoSec #Iran #Israel #OTX #OpenThreatExchange #RAT #SeedWorm #Worm #bot #AlienVault
South American telecommunication providers targeted with three new malware implants
UAT-9244, a China-nexus advanced persistent threat actor, has been targeting critical telecommunications infrastructure in South America since 2024. The group employs three new malware implants: TernDoor, a Windows-based backdoor variant of CrowDoor; PeerTime, an ELF-based backdoor using BitTorrent protocol; and BruteEntry, a brute force scanner for SSH, Postgres, and Tomcat servers. UAT-9244 uses dynamic-link library side-loading, scheduled tasks, and registry modifications for persistence. The group is closely associated with FamousSparrow and Tropic Trooper, sharing similar tooling and tactics. Their infrastructure includes multiple command and control servers and operational relay boxes for scanning and brute-forcing activities.
Pulse ID: 69a9e3f038f67d31461ec191
Pulse Link: https://otx.alienvault.com/pulse/69a9e3f038f67d31461ec191
Pulse Author: AlienVault
Created: 2026-03-05 20:13:36
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #BruteForce #China #CyberSecurity #ELF #ICS #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RCE #SSH #SouthAmerica #Telecom #Telecommunication #Tomcat #Windows #bot #AlienVault
California is embedding age verification directly into digital devices. For those of us concerned with personal liberties, this is an emergency.
California’s Age-Verification Law Is a Civil Liberties Test
https://thedailyeconomy.org/article/californias-age-verification-law-is-a-civil-liberties-test/
#california #civilliberties #ageverification #saveourchildren #privacy #backdoor #surveillance
California is embedding age verification directly into digital devices. For those of us concerned with personal liberties, this is an emergency.
California’s Age-Verification Law Is a Civil Liberties Test
https://thedailyeconomy.org/article/californias-age-verification-law-is-a-civil-liberties-test/
#california #civilliberties #ageverification #saveourchildren #privacy #backdoor #surveillance
California is embedding age verification directly into digital devices. For those of us concerned with personal liberties, this is an emergency.
California’s Age-Verification Law Is a Civil Liberties Test
https://thedailyeconomy.org/article/californias-age-verification-law-is-a-civil-liberties-test/
#california #civilliberties #ageverification #saveourchildren #privacy #backdoor #surveillance
I dislike the idea to run such software, since it feels like a #backdoor. The software has access to all my files and internet!?
From their FAQ: Q: What is the difference to [other no-code #LLM]?
"Those tools build for the browser. #Glaze builds for your desktop. That means your apps can access your file system, keyboard shortcuts, [...] and deeper integration with your OS. Your data stays on your machine, not on someone else’s server. It’s a different category entirely."
Signed malware impersonating workplace apps deploys RMM backdoors
Pulse ID: 69a8da79647e6c407a0c588d
Pulse Link: https://otx.alienvault.com/pulse/69a8da79647e6c407a0c588d
Pulse Author: Tr1sa111
Created: 2026-03-05 01:20:57
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #bot #Tr1sa111
Signed malware impersonating workplace apps deploys RMM backdoors
Multiple phishing campaigns were identified using workplace meeting lures, PDF attachments, and abuse of legitimate binaries to deliver signed malware. The attacks used digitally signed executables masquerading as legitimate software to install remote monitoring and management (RMM) tools like ScreenConnect, Tactical RMM, and Mesh Agent. These tools enabled attackers to establish persistence and move laterally within compromised environments. The malware was signed using an Extended Validation certificate issued to TrustConnect Software PTY LTD. The campaigns demonstrate how familiar branding and trusted digital signatures can be exploited to bypass user suspicion and gain an initial foothold in enterprise networks.
Pulse ID: 69a77ace20faf9114cbb120b
Pulse Link: https://otx.alienvault.com/pulse/69a77ace20faf9114cbb120b
Pulse Author: AlienVault
Created: 2026-03-04 00:20:30
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #PDF #Phishing #RAT #Rust #ScreenConnect #bot #AlienVault
Silver Dragon Targets Organizations in Southeast Asia and Europe
Check Point Research has identified a Chinese-nexus advanced persistent threat group named Silver Dragon, targeting organizations in Southeast Asia and Europe since mid-2024. The group, likely operating under APT41, exploits public-facing servers and uses phishing emails for initial access. They deploy custom tools including GearDoor, a backdoor using Google Drive for command and control, SSHcmd for remote access, and SilverScreen for covert screen monitoring. Silver Dragon primarily focuses on government entities, utilizing Cobalt Strike beacons and DNS tunneling for communication. The group's sophisticated tactics and evolving toolkit demonstrate a well-resourced and adaptable threat actor.
Pulse ID: 69a73e8545dc6a32312482a1
Pulse Link: https://otx.alienvault.com/pulse/69a73e8545dc6a32312482a1
Pulse Author: AlienVault
Created: 2026-03-03 20:03:17
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #BackDoor #CheckPoint #Chinese #CobaltStrike #CyberSecurity #DNS #Email #Europe #Google #Government #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #RCE #SSH #bot #AlienVault
Great coverage of the xz #backdoor exposure! Thank you #veritasium for the coverage. A reminder of why #opensource resilience matters. The #community caught it. Stay vigilant, #contribute, #test, and help keep open source #secure. 💪🐧 #Linux https://youtu.be/aoag03mSuXQ?si=9vxgGKkKRiE90RIm
SeaFlower Targets Web3 Wallets to Steal Seed Phrases
SeaFlower is a sophisticated malware campaign targeting Web3 users by
distributing backdoored clones of popular crypto wallet apps on iOS and
Android.
Pulse ID: 69a455acb4e3f7202906cacb
Pulse Link: https://otx.alienvault.com/pulse/69a455acb4e3f7202906cacb
Pulse Author: cryptocti
Created: 2026-03-01 15:05:16
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Android #BackDoor #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #Web3 #bot #iOS #cryptocti
WIR suchen #Juristen, die schon Prozesse wegen „Verstoß gegen State of the Art“ geführt und gewonnen haben!
These: #Microsoft verstößt seit vielen Jahren gegen den State of the Art in Sachen #IT-Security.
Ein wichtiger Aspekt, Security-by-Design, ist bei vielen Nicht-EU-Herstellern ein Fremdwort.
Jede #Hardware und jede #Software, die mit #Backdoor ausgeliefert wird verstößt daher gegen „Secure-by-Design“, und damit auch gegen den State of the Art.
Weitere Infos:
https://digitalefreiheitbayern.eu/2026/717/
