Security researchers have identified a sophisticated malware named CoffeeLoader, designed to download and execute additional payloads while evading security detection. The malware uses techniques including call stack spoofing and sleep obfuscation to bypass protection. CoffeeLoader, distributed via another malware family, SmokeLoader, also uses a packer named Armoury that executes code on a system’s GPU to hinder analysis in virtual environments.
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed a new malware named RESURGE. Deployed in exploiting Ivanti Connect Secure appliances’ patched security flaw,
