March Cybercrime Update: RATs, Ransomware & Arrests
This month’s cybercrime update covers a forum takedown, ransomware-style extortion from unexpected threat actors, and a state-sponsored campaign hitting close to home.
This month’s cybercrime update covers a forum takedown, ransomware-style extortion from unexpected threat actors, and a state-sponsored campaign hitting close to home.
Scattered LAPSUS$ Hunters weaponizes stolen credentials and session tokens from Salesforce breaches to fuel downstream account takeover attacks – here’s how this federated cybercrime group operates and what security teams must do to stop them.
Crypters hide malicious payloads. See what we found when we analyzed Asgard Protector, a malware crypter recommended by the sellers of LummaC2.
LummaC2’s link to GhostSocks reveals stealthy proxy access, long-term persistence, and advanced evasion—posing a serious threat to enterprise defenses.
See how cybercriminals are bypassing Google Chrome’s App-Bound Encryption feature with infostealer malware to steal session cookies that can be used in session hijacking attacks.
Discover how LummaC2 has evolved with new stealth tactics, enhanced theft capabilities & novel evasion techniques in our latest SpyCloud Labs analysis.
SpyCloud Labs dissects the capabilities of the open source Phemedrone Stealer, including log encryption, configuration & victim targeting.
SpyCloud Labs reverse-engineered Atomic macOS Stealer to get a better understanding of its current capabilities and the threat it poses to the security community. Here’s our analysis.
Threat actors are using PPI networks to distribute malware families like LummaC2 and Atomic Stealer. Our researchers analyzed one of them – SpaxMedia – and here’s what we found.
SpyCloud Labs analysts reverse-engineered LummaC2 Stealer and observed notable upgrades and capabilities to its code.