Many threat actors tend to gravitate towards using some type of remote access trojan (RAT) in their campaigns. RATs are a type of malware that is designed to allow the attacker to have control over an infected device. RATs are a popular choice for hackers to use due to their many capabilities from reconnaissance and data exfiltration to long-term persistence. Throughout the last couple of months, a new Android banking trojan has been making headlines.

Read also: Ukraine and Germany hunt for DoppelPaymer ransomware actors, a Nigerian scammer faces up to 20 years in prison, and more.

Originally published June 1, 2022 In mid-2022, Forescout Research – Vedere Labs developed R4IoT, a proof-of-concept that showed how IoT devices could become entry points for IT and further OT ransomware attacks. The original blog post, below, explains how we came to create R4IoT and why. Our 2023H1 Threat Review included ample evidence that cross-device attacks like R4IoT are now a reality.

Malicious code is an unwanted file or program that causes harm to a computer or compromises data stored on a computer. Generally, it (malicious data) enters a system when a user clicks on a vulnerable link or downloads an infected file. Once a system is infected, it can cause a computer to – slow down, become unresponsive to keyboard inputs, overheat, get bombarded with ads, and more.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including RagnarLocker ransomware, LokiLocker ransomware, and Humble ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

Recent findings in a SpyCloud report shows companies are starting to recognize and shift their priorities to defend against ransomware attacks, but the use of infostealer malware still has a high success rate for cybercriminals. According to SpyCloud's analysis, 76% of infections that preceded these ransomware events involved Raccoon infostealer malware.

Ave Maria RAT (remote access trojan), also known as “Warzone RAT,” is a malware that gains unauthorized access or remote control over a victim’s or targeted computer system. This RAT operates stealthily and grants attackers access to various functionalities within the compromised system. Its malicious activity includes data theft, privilege escalation, remote desktop control, email credential collections, browser credential parsing and more.

SmokeLoader is a well-known malware family that has been around for more than 10 years. Its main purpose is to download and drop other malware families. However, SmokeLoader's operators also sell plugins that add capabilities to the main module. Those plugins allow an affiliate to collect browser data from infected computers, as well as emails, cookies, passwords, and much more. In this blog post, we'll dissect SmokeLoader's plugins that were received by an infected computer from the botnet "0020".

Read also: NLBrute malware dev pleads guilty, Piilopuoti darkweb marketplace dismantled, and more.