The SocGholish loader can download and execute malicious payloads, exfiltrate sensitive data, and execute arbitrary commands, providing persistent access for further exploitation and payload deployment.

Trend Research uncovered a campaign that uses fake GitHub repositories to distribute SmartLoader, which is then used to deliver Lumma Stealer and other malicious payloads.

The attack involved three business partners (Partner A, Partner B, and Partner C) exchanging invoices via email. The threat actor gained access to a third-party email server, giving them complete visibility into ongoing transactions.

The attackers gained initial access through social engineering tactics, including Microsoft Teams impersonation and abuse of Quick Assist for remote access. They exploited OneDriveStandaloneUpdater.exe to side-load malicious DLLs.

The Shadowpad malware family has targeted at least 21 companies across 15 countries in Europe, the Middle East, Asia, and South America, with more than half of the targets being in the manufacturing industry.

Earth Preta’s malware, a variant of the TONESHELL backdoor, is sideloaded with a legitimate Electronic Arts application and communicates with a command-and-control server for data exfiltration.

The vulnerability was actively exploited by Russian cybercrime groups through spear-phishing campaigns, using homoglyph attacks to spoof document extensions and trick users and the Windows Operating System into executing malicious files.

The botnet comprises malware variants derived from Mirai and Bashlite and infects IoT devices by exploiting vulnerabilities and weak credentials. The primary devices used in the botnet were wireless routers and IP cameras from well-known brands.

Threat actors often leverage reputable file hosting services like Mediafire and Mega.nz to conceal the origin of their malware and make detection and removal more difficult.

This latest version of NodeStealer can not only harvests credit card details and browser-stored data, but also targets Facebook Ads Manager accounts for their critical financial and business information.