I've reverse engineered the infamous NSO Group's Pegasus spyware for Android. Check out the article if you want to know how it implements its functionalities. cybergeeks.tech/a-technical-… #pegasus #spyware #dfir

RT @MalwareBibleJP: 攻撃者が配布用インストーラに自らのSSH認証情報やGitLabトークンをハードコードしたまま残し、約1年間の窃取キャンペーン全体を露呈させた事例が報告されています。偽の暗号資産取引アプリ「TralertFX」を囮に使う北朝鮮系アクターVE…

Velvet Chollima leaks its own backend infrastructure keys inside a malicious "Tralert FX" installer signed with a valid EV certificate. #VelvetChollima #MalwareAnalysis #ThreatIntel #GitLab #CyberSecurity #InfoSec #CryptoTheft #OpSec #WindowsSecurity #EDR securityonline.info/velvet-c…

I've analyzed a new VELVET CHOLLIMA (NK) campaign involving a fake trading app called Tralert FX. Key findings: - Multi-module stealer - GitLab-based auto-exfiltration - Hardcoded creds exposed entire infrastructure - MoonPeak payload hybrid-analysis.blogspot.com… #dfir #threatintel

#Malware_analysis 1. Bandook RAT - C2 Traffic Analysis github.com/HariCipher/bandoo… // IOC extraction, protocol analysis, and detection notes 2⃣. VELVET CHOLLIMA Infostealer Campaign hybrid-analysis.blogspot.com… // Final payload is MoonPeak, a custom variant of the open-source XenoRAT malware 3⃣. Gentlemen RaaS research.checkpoint.com/2026… // The group actively evaluates CVE-2024-55591-github.com/robomusk52/exp-cm…, CVE-2025-32433- github.com/ProDefense/CVE-20…, CVE-2025-33073- synacktiv.com/en/publication… and combines them with technique‑driven paths like backup and management‑controller abuse and NTLM relay workflows

"VELVET CHOLLIMA Infostealer Campaign Using Trading App as Lure" published by @HybridAnalysis. #VelvetChollima, #DPRK, #CTI hybrid-analysis.blogspot.com…

VELVET CHOLLIMA Infostealer Campaign Using Trading App as Lure hybrid-analysis.blogspot.com…

#Malware_analysis 1⃣ VoidLink: Dissecting an AI-Generated C2 Implant ontinue.com/resource/voidlin… 2⃣ Technical Analysis of GuLoader Obfuscation Techniques zscaler.com/blogs/security-r… 3⃣ "Opulous" - malicious Electron-based application hybrid-analysis.blogspot.com… 4⃣ Fake 7-Zip downloads are turning home PCs into proxy nodes malwarebytes.com/blog/threat…

Organized Traffer Gang on the Rise Targeting Web3 Employees and Crypto Holders reddit.com/r/InfoSecNews/com…

I've discovered an organized traffer gang (likely of Russian origin) that targets Web3 employees and Crypto holders and published the research at hybrid-analysis.blogspot.com…. #malware #threatintelligence #dfir

Hybrid Analysis reports an organised “traffer gang” targeting crypto holders and Web3 employees. The operation delivers malware via fake Electron apps, disguised as legitimate tools. hybrid-analysis.blogspot.com…

Hybrid Analysis , Organized Traffer Gang on the rise targeting Web3 employees and crypto holders -- hybrid-analysis.blogspot.com…

Organized Traffer Gang on the Rise Targeting Web3 Employees and Crypto Holders reddit.com/r/blueteamsec/com…

Organized Traffer Gang on the Rise Targeting Web3 Employees and Crypto Holders hybrid-analysis.blogspot.com…

Organized Traffer Gang on the Rise Targeting Web3 Employees and Crypto Holders hybrid-analysis.blogspot.com…

A new two-stage malware is targeting crypto wallets, signed with a valid EV certificate to bypass security tools and steal sensitive data from Windows machines. Here's how "LeakyInjector" and "LeakyStealer" work and how devs can protect themselves. Thread ↓

A Deep Dive Into Warlock Ransomware Deployed Via ToolShell SharePoint Chained Vulnerabilities hybrid-analysis.blogspot.com…