Read our hand-picked selection of the latest security articles in which botnets and RATs make frequent appearances. Despite the changes in the industry earlier this year when Coinhive closed shop, cryptominers are also still a menace.
For more articles, check out our #onpatrol4malware blog.
Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”
Source: Talos
A new threat actor named “Panda” has generated thousands of dollars worth of the Monero cryptocurrency through the use of RATs. Read more.
Hello! My name is Dtrack
Source: SecureList
Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Read more.
World’s most destructive botnet returns with stolen passwords and email in tow
Source: ARS Technica
If you’ve noticed an uptick of spam that addresses you by name or quotes real emails you’ve sent or received in the past, you can probably blame Emotet. Read more.
New Phishing Campaign Targets U.S. Taxpayers by Dropping Amadey Botnet
Source: Cofense
The Cofense Phishing Defense CenterTM has detected a new wave of attacks targeting the US taxpayer by delivering Amadey botnet via phishing emails. Read more.
The Massive Propagation of the Smominru Botnet
Source: Guardicore
Guardicore Labs has been tracking the Smominru botnet and its different variants – Hexmen and Mykings – since 2017. Read more.
Malware Used by BlackTech after Network Intrusion
Source: JPCert
We have been seeing that a new malware variant is being used after they successfully intruded into a target network. This article explains the details of the variant. Read more.
Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore
Source: NSHC
Their activities were first discovered in 2017, and the ThreatRecon Team tracks both this group and the members behind “Hagga” collectively as the SectorH01 group. Read more.
DNSSEC fueling new wave of DNS amplification attacks
Source: Helpnet Security
TDNS amplification attacks swelled in the second quarter of this year, with the amplified attacks spiking more than 1,000% compared with Q2 2018, according to Nexusguard. Read more.
Nemty Ransomware 1.0: A Threat in its Early Stage
Source: Fortinet
FortiGuard Labs was investigating the Sodinokibi ransomware family, when we came across the newly discovered Nemty Ransomware. Read more.
Gootkit malware crew left their database exposed online without a password
Source: ZDNet
We’ll be using the name Gootkit to refer to both the malware and the criminal group behind it. Read more.
Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload
Source: Trend Micro
Cryptocurrency-mining malware is still a prevalent threat, as illustrated by our detections of this threat in the first half of 2019. Read more.
MobiHok RAT, a new Android malware based on old SpyNote RAT
Source: Security Affairs
A new Android malware has appeared in the threat landscape, tracked as MobiHok RAT, it borrows the code from the old SpyNote RAT. Read more.
Astaroth Uses Facebook and YouTube within Infection Chain
Source: Cofense
Cofense Intelligence™ has identified a phishing campaign targeting Brazilian citizens with the Astaroth Trojan in which Facebook and YouTube profiles are used in support of the infection. Read more.
Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
Source: McAfee
Historically, sandboxes had allowed researchers to visualize the behavior of malware accurately within a short period of time. Read more.
Newly Discovered Infostealer Attack Uses LokiBot
Source: Fortinet
The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. Read more.
Dissecting the 10k Lines of the new TrickBot Dropper
Source: Yoroi
TrickBot it is one of the best known Banking Trojan which has been infecting victims since 2016, it is considered a cyber-crime tool. Read more.