Zscaler

Black Hat SEO Poisoning Search Engine Results For AI

Threat actors are exploiting the popularity of AI tools by using Black Hat SEO to poison search engine results and Vidar Stealer, Lumma Stealer, and Legion Loader through complex redirection chains and obfuscated JavaScript.

TransferLoader Malware Loader Deploys Morpheus Ransomware Using Obfuscated Backdoor and IPFS-Based C2

TransferLoader is a newly identified malware loader active since at least February 2025. It comprises three main components—a downloader, a backdoor loader, and a backdoor—each employing advanced anti-analysis and obfuscation techniques.
April 16, 2025

Mustang Panda: PAKLOG, CorKLOG, and SplatCloak

Mustang Panda, a China-linked APT group, has expanded its malware arsenal with PAKLOG and CorKLOG and an EDR evasion driver named SplatCloak. The malware is delivered via RAR archives containing legitimate signed binaries and malicious DLLs.

Technical Analysis of Xloader Versions 6 and 7

Xloader is known for its ability to steal sensitive information from web browsers, email clients, and FTP applications, as well as deploy second-stage payloads on infected systems.

Technical Analysis of RiseLoader Reveals Similarities with RisePro’s Communication Protocol

RiseLoader is a new malware loader family that was first observed in October 2024. The malware implements a custom TCP-based binary network protocol that is similar to RisePro.

NodeLoader Malware Found Evading Detection on Windows Systems

NodeLoader uses a module called sudo-prompt, a publicly available tool on GitHub and NPM, for privilege escalation. The malware delivered by NodeLoader includes cryptocurrency miners and information stealers.

New Malware Families RevC2 and Venom Loader Spread vis MaaS Tools

“RevC2 uses WebSockets to communicate with its command-and-control (C2) server. The malware is capable of stealing cookies and passwords, proxies network traffic, and enables remote code execution (RCE),” noted ThreatLabz.

Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection and analysis by infiltrating systems primarily via USB drives, utilizing TOR network for covert communication with its C2 servers.
November 8, 2024

From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West

These cyber operatives focus on IT and cryptocurrency roles, stealing valuable information and funneling earnings back to North Korea. The hackers avoid detection and target both Windows and macOS by exploiting advanced obfuscation techniques.

Technical Analysis of DarkVision RAT

Zscaler ThreatLabz observed DarkVision RAT in a new campaign in July 2024. The attack chain involves shellcode decryption, a Donut loader, and a .NET assembly called PureCrypter.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags