X-Industry

Spynote is a Remote Access Trojan that initially surfaced in 2020.  Since then, it has grown into one of Android's most common malware families, with multiple samples, integration of other RATs (e.g., CypherRat), and a large family of over 10,000 samples. There are numerous variants and integrations of other RATs, and since 2023, there has been a growing interest in financial institutions.

On 1 February 2024, analysts found a malicious sample posing as a legitimate crypto wallet that included th

The purpose of this report is to detail the artifacts left by a third-party remote access tool during its setup and use. A third-party remote access tool allows people not physically in contact with a device to control, interact with it, and see its screen.  Tools that do not allow visual interaction such as PsExec are not included in this study. 

The motivation to do this study came from a tweet made by @IcsNick, listing "Remote Admin Tools that are abused by threat actors"1.  Indeed, threat ac

According to a new report published by cybersecurity firm Group-IB, a French-speaking cybercrime group may have stolen more than $30 million from banks and other types of organizations in the past years.  The threat actor has been named Opera1er. Some of its activities were previously investigated by others, who have named it Common Raven, Desktop-Group, and NXSMS.

The cyber threat investigators are aware of 30 successful attacks between 2019 and 2021. In many cases, the same victim was attacked

Recently, one Discord network search turned up 20,000 virus results, researchers found.  Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware.

The pandemic-induced shift to remote work drove business processes onto these collaboration platforms in 2020, and predictably, 2021 has ushered in a new level cybercriminal exper