Mastodon

OTX BotViperSoftX Malware Distributed by Arabic-Speaking Threat ActorAn Arabic-speaking threat actor has been distributing ViperSoftX malware to Korean victims since April 1, 2025. The malware, typically spread through cracked software or torrents, operates as a PowerShell script and communicates with C&C servers. The campaign involves downloading additional malware, including a VBS downloader, malicious PowerShell script, PureCrypter, and Quasar RAT. The attackers use Arabic comments in their code and employ various techniques to evade detection, such as adding Windows Defender exception paths. The PowerShell downloader ensures administrator privileges and bypasses security software. PureCrypter, a commercial .NET packer, is used as a downloader, while Quasar RAT provides remote access capabilities. Users are advised to avoid downloading software from torrent sites and to keep their antivirus solutions updated to prevent infection.Pulse ID: 67f812ffb2a29f798eba4c02 Pulse Link: <a href="https://otx.alienvault.com/pulse/67f812ffb2a29f798eba4c02" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67f812ffb2a29f798eba4c02</a> Pulse Author: AlienVault Created: 2025-04-10 18:50:39Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Arabic" class="mention hashtag" rel="nofollow noopener" target="_blank">#Arabic</a> <a href="https://social.raytec.co/tags/CandC" class="mention hashtag" rel="nofollow noopener" target="_blank">#CandC</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener" target="_blank">#Korea</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/NET" class="mention hashtag" rel="nofollow noopener" target="_blank">#NET</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#PowerShell</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/VBS" class="mention hashtag" rel="nofollow noopener" target="_blank">#VBS</a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotBeaverTail and Tropidoor Malware Distributed via Recruitment EmailsAn attack involving BeaverTail and Tropidoor malware was discovered, targeting victims through fake recruitment emails from a developer community. The attackers provided a BitBucket link containing malicious code, including BeaverTail disguised as 'tailwind.config.js' and a downloader called 'car.dll'. BeaverTail, known for information theft and downloading additional payloads, was found in South Korea. The downloader shares similarities with the Lazarus group's LightlessCan malware. BeaverTail steals credential information and cryptocurrency wallet data from web browsers, while Tropidoor acts as a backdoor, connecting to C&C servers and executing various commands. The attack is suspected to be carried out by North Korean threat actors, highlighting the need for caution when dealing with executable files from unknown sources.Pulse ID: 67eec30f88dc6ea426373c6b Pulse Link: <a href="https://otx.alienvault.com/pulse/67eec30f88dc6ea426373c6b" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67eec30f88dc6ea426373c6b</a> Pulse Author: AlienVault Created: 2025-04-03 17:19:11Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/Browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#Browser</a> <a href="https://social.raytec.co/tags/CandC" class="mention hashtag" rel="nofollow noopener" target="_blank">#CandC</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/InformationTheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#InformationTheft</a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener" target="_blank">#Korea</a> <a href="https://social.raytec.co/tags/Lazarus" class="mention hashtag" rel="nofollow noopener" target="_blank">#Lazarus</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#NorthKorea</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/SouthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#SouthKorea</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotTsarBot Trojan Hits 750+ Banking & Crypto Apps!A newly discovered Android banking Trojan, TsarBot, targets over 750 applications globally, including banking, finance, cryptocurrency, and e-commerce apps. It spreads through phishing sites masquerading as legitimate financial platforms and is installed via a dropper disguised as Google Play Services. TsarBot employs overlay attacks to steal credentials, records and remotely controls screens, and uses a fake lock screen to capture device lock credentials. It communicates with its C&C server using WebSocket across multiple ports to receive commands, send stolen data, and execute on-device fraud. The malware's capabilities include screen recording, keylogging, and SMS interception. Evidence suggests the threat actor behind TsarBot is likely of Russian origin.Pulse ID: 67ebfca5b1693b0052687f72 Pulse Link: <a href="https://otx.alienvault.com/pulse/67ebfca5b1693b0052687f72" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ebfca5b1693b0052687f72</a> Pulse Author: AlienVault Created: 2025-04-01 14:48:05Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#Android</a> <a href="https://social.raytec.co/tags/Bank" class="mention hashtag" rel="nofollow noopener" target="_blank">#Bank</a> <a href="https://social.raytec.co/tags/BankingTrojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#BankingTrojan</a> <a href="https://social.raytec.co/tags/CandC" class="mention hashtag" rel="nofollow noopener" target="_blank">#CandC</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> <a href="https://social.raytec.co/tags/GooglePlay" class="mention hashtag" rel="nofollow noopener" target="_blank">#GooglePlay</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMS</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

Thirty Ravens In A Man SuitLet's all take a moment to celebrate this underappreciated masterpiece. <a href="https://kind.social/tags/videogames" class="mention hashtag" rel="nofollow noopener" target="_blank">#videogames</a> <a href="https://kind.social/tags/rts" class="mention hashtag" rel="nofollow noopener" target="_blank">#rts</a> <a href="https://kind.social/tags/commandandconquer" class="mention hashtag" rel="nofollow noopener" target="_blank">#commandandconquer</a> <a href="https://kind.social/tags/candc" class="mention hashtag" rel="nofollow noopener" target="_blank">#candc</a> <a href="https://kind.social/tags/kanelives" class="mention hashtag" rel="nofollow noopener" target="_blank">#kanelives</a>!

OTX BotA Deep Dive into Water Arsenal and InfrastructureWater Gamayun, a suspected Russian threat actor, exploits the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) to compromise systems and exfiltrate data. The group uses custom payloads like EncryptHub Stealer variants, SilentPrism and DarkWisp backdoors, as well as known malware like Stealc and Rhadamanthys. Their delivery methods include malicious provisioning packages, signed .msi files, and Windows MSC files. The attackers employ techniques such as LOLBins and encrypted communications to evade detection. Their infrastructure includes C&C servers for managing infected systems and exfiltrating data. The campaign highlights the group's adaptability and sophistication in cyber espionage operations.Pulse ID: 67e7cba2606bdb8acfedda1c Pulse Link: <a href="https://otx.alienvault.com/pulse/67e7cba2606bdb8acfedda1c" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67e7cba2606bdb8acfedda1c</a> Pulse Author: AlienVault Created: 2025-03-29 10:29:54Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/CandC" class="mention hashtag" rel="nofollow noopener" target="_blank">#CandC</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#Espionage</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Rhadamanthys" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rhadamanthys</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/Stealc" class="mention hashtag" rel="nofollow noopener" target="_blank">#Stealc</a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerability</a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://social.raytec.co/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZeroDay</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

Manuel SiebeneicherUuh, EA open sourced some of it‘s iconic Command & Conquer games.<a href="https://mastodontech.de/tags/EA" class="mention hashtag" rel="nofollow noopener" target="_blank">#EA</a> <a href="https://mastodontech.de/tags/CommandAndConquer" class="mention hashtag" rel="nofollow noopener" target="_blank">#CommandAndConquer</a> <a href="https://mastodontech.de/tags/CAndC" class="mention hashtag" rel="nofollow noopener" target="_blank">#CAndC</a> <a href="https://mastodontech.de/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://mastodontech.de/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> <a href="https://mastodontech.de/tags/Games" class="mention hashtag" rel="nofollow noopener" target="_blank">#Games</a> <a href="https://mastodontech.de/tags/GameDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#GameDev</a> <a href="https://mastodontech.de/tags/IndieGameDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#IndieGameDev</a> <a href="https://mastodontech.de/tags/Gameing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Gameing</a>

MikeHuckebein ☮️:nona:🍻:lgbt:<a href="https://troet.cafe/tags/ArethaFraklin" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArethaFraklin</a> <a href="https://troet.cafe/tags/Clivilles" class="mention hashtag" rel="nofollow noopener" target="_blank">#Clivilles</a>' & <a href="https://troet.cafe/tags/Cole" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cole</a> <a href="https://troet.cafe/tags/ADeeperLove" class="mention hashtag" rel="nofollow noopener" target="_blank">#ADeeperLove</a> <a href="https://troet.cafe/tags/CandC" class="mention hashtag" rel="nofollow noopener" target="_blank">#CandC</a> (B2 A Deeper Feeling Mix)<a href="https://www.youtube.com/watch?v=8gIo_NmCYcU&list=RDQMjFVykNKVffQ&start_radio=1" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=8gIo_NmCYcU&list=RDQMjFVykNKVffQ&start_radio=1</a>

JeffFinished the <a href="https://social.vivaldi.net/tags/ShadowsOfTheHalflingHall" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShadowsOfTheHalflingHall</a> <a href="https://social.vivaldi.net/tags/CastelsAndCrusades" class="mention hashtag" rel="nofollow noopener" target="_blank">#CastelsAndCrusades</a> <a href="https://social.vivaldi.net/tags/CAndC" class="mention hashtag" rel="nofollow noopener" target="_blank">#CAndC</a> adventure last night with my group.I'm still really pleased with the game. Most of the players appreciate the simple resolution mechanic and how fast we can move through things.I also came to realize that I tend to run most of my <a href="https://social.vivaldi.net/tags/TTRPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#TTRPG</a> sessions much more old school than I initially realize.I like to give them puzzles with no clear or set resolution and watch them come up with the cleverest solutions then let them make some rolls. They get so excited and it's a lot of work and planning off of my shoulders.<a href="https://social.vivaldi.net/tags/OSR" class="mention hashtag" rel="nofollow noopener" target="_blank">#OSR</a> <a href="https://social.vivaldi.net/tags/GMLife" class="mention hashtag" rel="nofollow noopener" target="_blank">#GMLife</a>

MadDaveNice day out yesterday on inaugural <a href="https://mastodon.me.uk/tags/CandC" class="mention hashtag" rel="nofollow noopener" target="_blank">#CandC</a> <a href="https://mastodon.me.uk/tags/BillyBlandChallenge" class="mention hashtag" rel="nofollow noopener" target="_blank">#BillyBlandChallenge</a> club training <a href="https://mastodon.me.uk/tags/run" class="mention hashtag" rel="nofollow noopener" target="_blank">#run</a> on <a href="https://mastodon.me.uk/tags/TherfieldHeath" class="mention hashtag" rel="nofollow noopener" target="_blank">#TherfieldHeath</a>, near <a href="https://mastodon.me.uk/tags/Royston" class="mention hashtag" rel="nofollow noopener" target="_blank">#Royston</a>. About the best <a href="https://mastodon.me.uk/tags/hills" class="mention hashtag" rel="nofollow noopener" target="_blank">#hills</a> we get around here, which is a bit sad for a <a href="https://mastodon.me.uk/tags/FellRunning" class="mention hashtag" rel="nofollow noopener" target="_blank">#FellRunning</a> group! <a href="https://strava.app.link/onTgECAYWub" rel="nofollow noopener" target="_blank">https://strava.app.link/onTgECAYWub</a>

Recent searches

Search options

Administered by:

Server stats:

#CandC