NANOREMOTE Malware Maintain Hidden Control on Windows Systems via Google Drive API

Pulse ID: 693b396eef16b18d507e89bb
Pulse Link: https://otx.alienvault.com/pulse/693b396eef16b18d507e89bb
Pulse Author: cryptocti
Created: 2025-12-11 21:36:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Google #InfoSec #Malware #OTX #OpenThreatExchange #Windows #bot #cryptocti

Malicious VS Code Extensions Supply Chain Attack

Malicious extensions were found inside the VS Code Marketplace. These extensions appeared legitimate but contained hidden malware stored inside files disguised as images. Once installed the extensions could run harmful code on the user’s machine. The incident highlights how the VS Code Marketplace is being used as a channel for software supply chain attacks.

Pulse ID: 693ac282af8d62cb051376b8
Pulse Link: https://otx.alienvault.com/pulse/693ac282af8d62cb051376b8
Pulse Author: cryptocti
Created: 2025-12-11 13:09:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #SupplyChain #bot #cryptocti

JS#SMUGGLER Deploying NetSupport RAT via Compromised Websites

JS#SMUGGLER is a web-based malware campaign that uses compromised
websites to deliver the NetSupport RAT

Pulse ID: 6937559768d29b8bfdeb42c9
Pulse Link: https://otx.alienvault.com/pulse/6937559768d29b8bfdeb42c9
Pulse Author: cryptocti
Created: 2025-12-08 22:47:51

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #NetSupport #NetSupportRAT #OTX #OpenThreatExchange #RAT #bot #cryptocti

Linking SonicWall API Scanning to Credential-Based Attacks on Palo Alto GlobalProtect

Pulse ID: 693546ce5833a1fb6e3817e2
Pulse Link: https://otx.alienvault.com/pulse/693546ce5833a1fb6e3817e2
Pulse Author: cryptocti
Created: 2025-12-07 09:20:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #PaloAlto #bot #cryptocti

Dangerous New Android Trojan FvncBot Steals Banking Data and Executes Hidden Fraud

FvncBot is a new Android banking trojan spread through a fake mBank security app that secretly installs the malware. It logs keystrokes, streams the device screen and uses fake overlays to steal credentials,PINs and OTPs. The malware also enables hidden remote control for fraudulent transactions and relies on WebSocket, FCM and apk0day obfuscation to avoid detection.

Pulse ID: 6934dbaea2255720d99848fa
Pulse Link: https://otx.alienvault.com/pulse/6934dbaea2255720d99848fa
Pulse Author: cryptocti
Created: 2025-12-07 01:43:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APK #Android #Bank #BankingTrojan #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #Trojan #VNC #bot #cryptocti

New Hidden Malware Threat Targeting Linux Computers

A new Linux malware campaign combines a Mirai-based DDoS botnet with a fileless attacks and profit generation.

Pulse ID: 6934d4e89f39b692e86ca534
Pulse Link: https://otx.alienvault.com/pulse/6934d4e89f39b692e86ca534
Pulse Author: cryptocti
Created: 2025-12-07 01:14:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #InfoSec #Linux #Malware #Mirai #OTX #OpenThreatExchange #RAT #bot #botnet #cryptocti

BRICKSTORM Backdoor Targets VMware vSphere Environments

BRICKSTORM backdoor targets government and technology organizations through a China linked espionage campaign who are enabling long-term persistent access to compromised VMware vSphere environments.

Pulse ID: 69334b2ff7f6a499f1f1dd8e
Pulse Link: https://otx.alienvault.com/pulse/69334b2ff7f6a499f1f1dd8e
Pulse Author: cryptocti
Created: 2025-12-05 21:14:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #China #CyberSecurity #Espionage #Government #InfoSec #OTX #OpenThreatExchange #VMware #bot #cryptocti

Leveraging Foxit PDF Reader to Gain System Control and Steal Sensitive Data

Pulse ID: 6931e9b0ced78dd1915b08fe
Pulse Link: https://otx.alienvault.com/pulse/6931e9b0ced78dd1915b08fe
Pulse Author: cryptocti
Created: 2025-12-04 20:06:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #PDF #bot #cryptocti

Bloody Wolf Targets Central Asia With Deceptive Phishing Attacks

Pulse ID: 692f5cb6dac591f0cf83bc2c
Pulse Link: https://otx.alienvault.com/pulse/692f5cb6dac591f0cf83bc2c
Pulse Author: cryptocti
Created: 2025-12-02 21:40:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #CentralAsia #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Phishing #bot #cryptocti

Large-Scale Scam Using Fake Holiday Shopping Sites

The following is a full list of names and names you may not have known or have heard of, as well as those of those who have been involved in a range of other projects, including:

Pulse ID: 692f5ceccd440fd5f8da1aad
Pulse Link: https://otx.alienvault.com/pulse/692f5ceccd440fd5f8da1aad
Pulse Author: cryptocti
Created: 2025-12-02 21:41:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Holiday #InfoSec #OTX #OpenThreatExchange #bot #cryptocti

Cyber-Espionage Operation Hanoi Thief Deploys Hidden Payloads

Pulse ID: 692f5d37b586465a39d670c7
Pulse Link: https://otx.alienvault.com/pulse/692f5d37b586465a39d670c7
Pulse Author: cryptocti
Created: 2025-12-02 21:42:15

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Espionage #InfoSec #OTX #OpenThreatExchange #RAT #bot #cyberespionage #cryptocti

Arkanix Evades Chrome through C++ Process Injection

Pulse ID: 692f5d752a68393dfa4ec8e7
Pulse Link: https://otx.alienvault.com/pulse/692f5d752a68393dfa4ec8e7
Pulse Author: cryptocti
Created: 2025-12-02 21:43:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Chrome #CyberSecurity #InfoSec #OTX #OpenThreatExchange #bot #cryptocti

Malicious VS Code Extension allows attackers to exploit Windows and macOS Users

Pulse ID: 692f5dc6881791ff14afaf97
Pulse Link: https://otx.alienvault.com/pulse/692f5dc6881791ff14afaf97
Pulse Author: cryptocti
Created: 2025-12-02 21:44:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Mac #MacOS #OTX #OpenThreatExchange #Windows #bot #cryptocti

Chrome And Edge Users Were Targeted In A Years-Long ShadyPanda Malware Campaign

Pulse ID: 692f5e0533fff3980c7b2ca7
Pulse Link: https://otx.alienvault.com/pulse/692f5e0533fff3980c7b2ca7
Pulse Author: cryptocti
Created: 2025-12-02 21:45:41

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Chrome #CyberSecurity #Edge #InfoSec #Malware #OTX #OpenThreatExchange #bot #cryptocti

Large-Scale Scam Using Fake Holiday Shopping Sites

shop-by-storey-shop, Amazon.com, 8BitDo, Toshiba and Samsung are among those to have been affected by the recent terror attacks in London and Paris.

Pulse ID: 692e06f9ef887de003fc9f67
Pulse Link: https://otx.alienvault.com/pulse/692e06f9ef887de003fc9f67
Pulse Author: cryptocti
Created: 2025-12-01 21:22:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Amazon #CyberSecurity #Holiday #InfoSec #OTX #OpenThreatExchange #bot #cryptocti

Bloody Wolf Targets Central Asia With Deceptive Phishing Attacks

Hashes (SHA-256) are stored in a secure medium, rather than an electronic form, as well as a set of letters and numbers. and their use is based on their location.

Pulse ID: 692df70a98a405ce0305504f
Pulse Link: https://otx.alienvault.com/pulse/692df70a98a405ce0305504f
Pulse Author: cryptocti
Created: 2025-12-01 20:14:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #CentralAsia #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #bot #cryptocti

Tomiris APT Group Launches Advanced Espionage Worldwide

Pulse ID: 692dd15503e2abc54dd07da5
Pulse Link: https://otx.alienvault.com/pulse/692dd15503e2abc54dd07da5
Pulse Author: cryptocti
Created: 2025-12-01 17:33:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Espionage #InfoSec #OTX #OpenThreatExchange #bot #cryptocti

A Private OAST Service is Used to Exploit 200 CVEs via Google Cloud Infrastructure

A threat actor has been running a private OAST (Out-of-Band Application Security Testing) service on Google Cloud to automate a large-scale exploit campaign.

Pulse ID: 692be47520070bdc68d0005c
Pulse Link: https://otx.alienvault.com/pulse/692be47520070bdc68d0005c
Pulse Author: cryptocti
Created: 2025-11-30 06:30:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #Google #InfoSec #OTX #OpenThreatExchange #bot #cryptocti

Gainsight Verifies Token Breach Linked to Salesforce Advisory

Gainsight has confirmed a security incident involving the compromise and misuse
of OAuth tokens associated with its Salesforce integrations. Threat actors were
able to leverage these stolen tokens to access customer Salesforce environments
as if they were the Gainsight application itself.

Pulse ID: 692b6310e69713e4288afd4e
Pulse Link: https://otx.alienvault.com/pulse/692b6310e69713e4288afd4e
Pulse Author: cryptocti
Created: 2025-11-29 21:18:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #InfoSec #OTX #OpenThreatExchange #RAT #RCE #bot #cryptocti

OtterCookie Malware Targets Developer Ecosystems

Contagious Interview campaign operated by state sponsored threat actors have
launched a large scale, highly coordinated supply chain attack on the global
JavaScript and web3 development ecosystem. 197+ malicious npm packages and
more than 31,000 additional downloads, all designed to deliver the OtterCookie
malware.

Pulse ID: 692b5e26a4f1e381cb6777ee
Pulse Link: https://otx.alienvault.com/pulse/692b5e26a4f1e381cb6777ee
Pulse Author: cryptocti
Created: 2025-11-29 20:57:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Java #JavaScript #Malware #NPM #OTX #OpenThreatExchange #RAT #SupplyChain #Web3 #bot #cryptocti