Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection and analysis by infiltrating systems primarily via USB drives, utilizing TOR network for covert communication with its C2 servers.

These cyber operatives focus on IT and cryptocurrency roles, stealing valuable information and funneling earnings back to North Korea. The hackers avoid detection and target both Windows and macOS by exploiting advanced obfuscation techniques.

Zscaler ThreatLabz observed DarkVision RAT in a new campaign in July 2024. The attack chain involves shellcode decryption, a Donut loader, and a .NET assembly called PureCrypter.

The BlindEagle APT group has recently targeted the Colombian insurance sector. The attack chain starts with a phishing email impersonating DIAN, the Colombian tax authority.

Kimsuky uploaded TRANSLATEXT to their attacker-controlled GitHub repository on March 7, 2024, and it is capable of bypassing security measures for prominent email service providers like Gmail, Kakao, and Naver.

The downloader and loader utilized in the campaign employ various techniques, including anti-virus checks, DLL sideloading, and process injection. The configuration to communicate to the C2 server is identified by a specific marker.

The threat actors using Anatsa employ various techniques to evade detection including checking for virtual environments and emulators as well as purposely corrupting the APK’s ZIP headers to hinder static analysis of the malware.

HijackLoader is a modular malware loader that is used to deliver second-stage payloads including Amadey, Lumma Stealer, Racoon Stealer v2, and Remcos RAT. HijackLoader decrypts and parses a PNG image to load the next stage.

Zloader, a modular trojan based on the leaked ZeuS source code, has recently introduced a new anti-analysis feature in versions 2.4.1.0 and 2.5.1.0 to prevent execution on machines that differ from the original infection.

Threat actors utilize fraudulent websites hosted on popular legitimate platforms to spread malware and steal data. To evade detection, attackers employ obfuscation methods and checks on referral URLs.