Topic: memory execution
-
Ransomware Gangs Now Use Shanya EXE Packer to Evade EDR
Cybersecurity threat groups are increasingly using the commercial **Shanya packer service** to encrypt and obfuscate ransomware payloads, making them difficult for traditional security tools to detect and block. The packer's unique, customized output for each customer helps bypass signature-based...
Read More » -
Stealthy Fileless Malware Spreads RAT via Legitimate Tools
A fileless malware campaign uses trusted tools like ScreenConnect and PowerShell to deploy a remote access Trojan, leaving minimal forensic traces and evading detection. The attack loads payloads directly into memory via reflection, employs a .NET launcher to establish persistence and disable sec...
Read More » -
ScreenConnect Flaws Exploited in Network Breaches
Cyber-attacks are increasingly using legitimate remote monitoring and management (RMM) tools like ConnectWise ScreenConnect for initial network access through phishing, providing stealthy unauthorized control. Attackers exploit ScreenConnect's features such as unattended access and VPN functional...
Read More » -
Fortune 100 Firm Hit by New PDFSider Windows Malware
A Fortune 100 company was compromised by a novel, stealthy malware called PDFSider, delivered via social engineering and a spearphishing email that used a legitimate, signed PDF24 Creator executable to side-load malicious code. The PDFSider backdoor exhibits advanced persistent threat (APT) chara...
Read More » -
Beware: Fake Windows Update Screens Spread ClickFix Malware
A deceptive malware campaign uses a fake Windows Update screen to trick users into manually executing malicious commands, leading to the installation of information-stealing software. The attack employs advanced techniques like steganography to hide malicious code in PNG images and operates in me...
Read More »