SmokeLoader is a well-known malware family that has been around for more than 10 years. Its main purpose is to download and drop other malware families. However, SmokeLoader's operators also sell plugins that add capabilities to the main module. Those plugins allow an affiliate to collect browser data from infected computers, as well as emails, cookies, passwords, and much more. In this blog post, we'll dissect SmokeLoader's plugins that were received by an infected computer from the botnet "0020".

Read also: NLBrute malware dev pleads guilty, Piilopuoti darkweb marketplace dismantled, and more.

On September 20th, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory highlighting the various indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the Snatch ransomware variant. This variant was identified as recently as June 1, 2023, by the FBI. Detailed information is listed in US-CERT Alert AA23-263A – #StopRansomware: Snatch Ransomware.

Save The Children is an organization that specializes in helping children live healthy lives. The non-profit works in multiple countries, helping to provide for children's needs, especially in areas affected by war or tragedy. This organization was recently the target of a ransomware hacker group and suffered huge data losses as a result of that targeting.

For many years, hackers and cybercriminals have used social engineering techniques to gain unauthorized access to confidential information. It is easy to predict that these attacks will continue to advance in sophistication and frequency. Whether they are using AI to create better lures or cyber criminals are just getting more adept at exploiting human nature, the success of these attacks proves the tactics are winning.

Picture this: Your IT infrastructure is breached by a nefarious actor, who then encrypts critical data and holds your organization hostage until a ransom is paid. Far from hypothetical, this is exactly what happened to multi-billion-dollar casino operator MGM Resorts International last week when hit with a ransomware attack – the latest in a string of large-scale, high-profile cyber security incidents.

The International Joint Commission (ICJ), an organization that handles water issues along the Canada–United States border, was hit by a ransomware attack, the Register reports. The Commission said in a statement, “The International Joint Commission has experienced a cyber security incident.

LockBit is a Ransomware as a Service (RaaS) provider accountable for most LockBit ransomware attacks in 2023. The LockBit RaaS group came into existence in 2019 and has posed great challenges to security experts ever since. A recent report states that LockBit accounted for over one-third of all ransomware attacks in the latter half of 2022 and the initial quarter of 2023.

Fileless malware, true to its name, is malicious code that uses existing legitimate programs in a system for compromise. It operates directly in the Random Access Memory (RAM) without requiring any executable files in the hard drive. Differing from conventional malware, fileless attacks are stealthier in nature, falling under the category of low-observable characteristics (LOC) attacks.

CISA, the United States's Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group.