Researchers from Splunk uncovered a malware campaign targeting over 4,000 ISPs in the U.S. and China, originating from Eastern Europe. Using credential brute force attacks, the malware establishes access to mine cryptocurrency and steal information. Key components include a self-extracting file and a clipboard monitor that hijacks cryptocurrency transactions. Security teams are urged to strengthen password protocols and monitor for unusual WINRM activity.
Hackers Deliver XWorm via Malicious Registry Files in a New Stegocampaign Attack
A new variant of Stegocampaign has emerged, utilizing a Windows registry file to include a malicious script in Autorun. By exploiting user actions through phishing
