Bitsight’s Post

A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader. https://ow.ly/cw2t50Qn1p8

After the decline of Qakbot, Zscaler #ThreatLabz has identified another #threat actor called DarkGate. It is a malware family that targeted the technology sector. Most DarkGate domains exhibit a consistent pattern of generating and changing domains every 50-60 days, suggesting a methodical strategy employed by the threat actor. Read our blog for a detailed analysis. http://spklr.io/6048WKWy

After the decline of Qakbot, Zscaler #ThreatLabz has identified another #threat actor called DarkGate. It is a malware family that targeted the technology sector. Most DarkGate domains exhibit a consistent pattern of generating and changing domains every 50-60 days, suggesting a methodical strategy employed by the threat actor. Read our blog for a detailed analysis. http://spklr.io/6048WKWy

Catching CoinLoader: How did we identify and shut down loader malware that was hijacking networks for cryptomining operations? 🧑💻 Our autonomous detection and response capabilities allowed us to identify and shut down compromises with our investigations into CoinLoader in 2023, seeing around 15% of observed connections being related to cryptomining.   Take a deep dive into the details 👇 https://lnkd.in/gKpf5wv6

With Darktrace, we could easily identify and shut down loader malware that was hijacking networks for cryptomining operations. With our autonomous detection and response capabilities, it allowed us to identify and shut down compromises with our investigations into CoinLoader in 2023, seeing around 15% of observed connections being related to cryptomining. Take a deep dive into the details 👇 https://lnkd.in/gKpf5wv6 For more information, check us out here 👇 https://lnkd.in/guU-VSJ6

If you want to advance your cybersecurity posture you should have an advanced sandboxing and VMRay offers you the same.

PikaBot Resurfaces with Streamlined Code and Deceptive Tactics: The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of "devolution." "Although it appears to be in a new development cycle and testing phase, the developers have reduced the complexity of the code by removing advanced obfuscation techniques and changing the network communications," Zscaler ThreatLabz researcher Nikolaos https://lnkd.in/dbnZcwG4

The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. https://lnkd.in/exE7hbNg

Did you know... that the first computer virus, known as the "Creeper," was created in 1971 as an experiment to demonstrate the potential risks of self-replicating code? This marked the beginning of malware's history. #kreatixtech #kreatixtechnology #kreatixtechdevelopments #webdelevopment #itconsult #graphicsdesign #DigitalMarketing #SoftwareDevelopment #lagos

Since its emergence in early 2023, PikaBot appears to be in active development, with a new major version released in February 2024. The malware employs advanced anti-analysis techniques to evade detection and harden analysis, including system checks, indirect syscalls, encryption of next-stage and strings, and dynamic API resolution. The Sekoia Threat Detection & Research (TDR) team also identified multiple changes in the PikaBot C2 infrastructure throughout 2023. (28TTPs with 'Procedure' level details on the TruKno blog #Trukno #mitreattack #threathunting #threatdetection #ciso #innovation #ThreatAnalysis