1. LevelBlue services
  2. Blog

LevelBlue Blog

LevelBlue Blogs

Tag: Malware Hunting

Hijacked: How Cybercriminals Are Turning Anti-Virus Software Against You

August 6, 2024   |   Fernando Dominguez

Executive Summary  LevelBlue Labs has identified a new evolution in the toolset of threat actors. Threat actors are hijacking legitimate anti-virus software to carry out malicious activities undetected. A new tool, named SbaProxy, has been found masquerading as legitimate anti-virus components to establish proxy connections through a command and control (C&C) server. This tool, distributed in various… Read more →

AsyncRAT loader: Obfuscation, DGAs, decoys and Govno

January 5, 2024   |   Fernando Martinez

Executive summary LevlBlue Labs has identified a campaign to deliver AsyncRAT onto unsuspecting victim systems. During at least 11 months, this threat actor has been working on delivering the RAT through an initial JavaScript file, embedded in a phishing page. After more than 300 samples and over 100 domains later, the threat actor is persistent in their intentions. Key takeaways: The victims and… Read more →

Behind the scenes: JaskaGO’s coordinated strike on macOS and Windows

December 18, 2023   |   Ofer Caspi

Executive summary In recent developments, a sophisticated malware stealer strain crafted in the Go programming language has been discovered by LevelBlue Labs, posing a severe threat to both Windows and macOS operating systems. As of the time of publishing of this article, traditional antivirus solutions have low or even non-existent detection rates, making it a stealthy and formidable adversary. Key… Read more →

SeroXen RAT for sale

May 30, 2023   |   Fernando Martinez

This blog was jointly written with Alejandro Prada and Ofer Caspi. Executive summary SeroXen is a new Remote Access Trojan (RAT) that showed up in late 2022 and is becoming more popular in 2023. Advertised as a legitimate tool that gives access to your computers undetected, it is being sold for only $30 for a monthly license or $60 for a lifetime bundle, making… Read more →

Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices

May 26, 2022   |   Ofer Caspi

Executive summary LevelBlue Labs™ has been tracking a new IoT botnet dubbed “EnemyBot”, which is believed to be distributed by threat actor Keksec. During our investigations, LevelBlue Labs has discovered that EnemyBot is expanding its capabilities, exploiting recently identified vulnerabilities (2022), and now targeting IoT devices, web servers, Android devices and content management system (CMS) servers. In addition,… Read more →

1 2 Next

Featured resources

 

 

2024 Futures Report

Learn more