The eSentire Threat Response Unit (TRU) uncovered a new malware campaign leveraging a tool called MintsLoader to deliver second-stage payloads, including the StealC malware and the Berkeley Open Infrastructure for Network Computing (BOINC) client.

eSentire’s Threat Response Unit (TRU) has uncovered a phishing campaign targeting software developers using a fake NFT project called “Bored BeaverTail Yacht Club” to distribute malware known as BeaverTail.

The Gh0st RAT Trojan is being distributed to Chinese Windows users through a fake Chrome website. The malware has been around since 2008 and has evolved over the years, often used by cyberespionage groups in China.

Cybersecurity researchers have discovered a phishing attack that utilizes the More_eggs malware by disguising it as a resume, a tactic that was first detected over two years ago.

The attack utilized Java dependencies and a malicious AutoIt script to disable Windows Defender and decrypt the Vidar payload. The user was lured to a website claiming to offer a Windows activator but was in fact hosting the malware.

The infection chain began with a user visiting an infected webpage, which triggered the download of a ZIP archive containing malicious JavaScript code. This code acted as an initial downloader, retrieving payloads from a known BitRAT C2 address.

The financially motivated group FIN7 has been observed leveraging malicious Google ads that impersonate legitimate brands to deliver NetSupport RAT, highlighting the ongoing threat of malvertising and the abuse of signed MSIX files by cybercriminals.

The SocGholish malware is targeting enterprises through fake browser update prompts, compromising legitimate websites to deliver malicious payloads that steal sensitive data and establish persistence on infected systems.

Russian-speaking affiliates of the ALPHV/BlackCat ransomware gang are using malvertising for popular software to distribute the Nitrogen malware and infect organizations with ransomware.

The DcRAT malware is being distributed using explicit lures for OnlyFans pages and other adult content. DcRAT offers multiple methods of monetizing infected systems, file stealing, credential theft, and ransomware.