Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 5

Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion

Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping.

“By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence,” Vasu Jakkal, corporate vice president at Microsoft Security, said.

The initiative is seen as a way to untangle the menagerie of nicknames that private cybersecurity vendors assign to various hacking groups that are broadly categorized as a nation-state, financially motivated, influence operations, private sector offensive actors, and emerging clusters.

New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers

Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet.

The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file, providing information about the executable.

While the DOS header makes the executable file backward compatible with MS-DOS and allows it to be recognized as a valid executable by the operating system, the PE header contains the metadata and information necessary for Windows to load and execute the program.

Cybercriminals exploit AI hype to spread ransomware, malware

Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads.

This development follows a trend that has been growing since last year, starting with advanced threat actors using deepfake content generators to infect victims with malware.

These lures have become widely adopted by info-stealer malware operators and ransomware operations attempting to breach corporate networks.

Threat actors abuse Google Apps Script in evasive phishing attacks

Threat actors are abusing the ‘Google Apps Script’ development platform to host phishing pages that appear legitimate and steal login credentials.

This new trend was spotted by security researchers at Cofense, who warn that the fraudulent login window is “carefully designed to look like a legitimate login screen.”

“The attack uses an email masquerading as an invoice, containing a link to a webpage that uses Google Apps Script, a development platform integrated across Google’s suite of products,” Cofense explains.

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 framework.

The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena.

“Catena uses embedded shellcode and configuration switching logic to stage payloads like Winos 4.0 entirely in memory, evading traditional antivirus tools,” security researchers Anna Širokova and Ivan Feigl said. “Once installed, it quietly connects to attacker-controlled servers – mostly hosted in Hong Kong – to receive follow-up instructions or additional malware.”