The background and the IOCs for this blog were gathered by an Expert helper on our forums and Malwarebytes researchers. Our thanks go out to them. A new, malicious campaign is making the rounds online and it starts simple: Unwitting targets receive a direct message (DM) on a Discord server asking about their interest in beta testing a new videogame

The cybersecurity landscape is rife with challenges, but some threats are quieter, subtler — and deadlier. Info stealers, the silent operators of the malware world, have made headlines for their efficiency in siphoning off sensitive data. While their mechanics and prevalence are well-documented, the real question for decision-makers is not just what these threats are but how to effectively address them before they escalate.

In a recent campaign, North Korean threat actors have demonstrated a sophisticated approach by copying novel malware distribution techniques, notably those employed in the Clickfix campaigns. This strategy underscores their adaptability and awareness of cybercrime trends. The Attack Sequence The operation initiates with the attackers posing as recruiters on professional networking platforms like LinkedIn. They engage potential victims by suggesting

In this blog, we analyze the evolution of Lumma in 2024, based on the Diamond Model vertices. Disclaimer: Everything stated in this blog is for informational purposes only, with no intention of promoting the use of these products. Key Points Adversary Lumma (aka LummaC2, Lummac and Lumma Stealer) is an advanced information-stealing Malware-as-a-Service (MaaS) with Russian origins, observed in the wild

In our previous interview with Pryx, the threat actor briefly touched upon the concept of server-side stealers claiming it to be completely different from how traditional info-stealers work. We were interested in learning more about this new innovative approach so we decided to dive deeper in a follow-up chat-based interview. This time, Pryx not only explained the stealer’s mechanics but also

Another finding by Fox, related to LummaC2 infostealer sparked an infra hunt that led to many findings. C2 Host Pivot & Windows Server Pattern Following the finding of X user Fox_threatintel, we can see that there are 17 hosts matching the query for specific nginx versions running on port 19000. What stands out immediately are the findings regarding Windows server 2012, this