#Vidar has been one of the most active and fast-evolving #infostealers on the threat landscape lately, and it's not slowing down.
On top of all the recent development activity we've been tracking, Vidar has also added a novel Application-Bound Encryption (#ABE) #bypass to its arsenal.
Read the full technical breakdown ↓
https://t.co/hmeXA6oq9X
Most RATs have 2, maybe 3 stages. SilverFox's #ValleyRAT runs eight — and the last one is a kernel rootkit that takes orders from the RAT over named pipes. Campaign is live right now.
Kill chain in full: DLL sideload → ETW/AMSI bypass + PNG stego (payload hidden in pixel channels) → PrivEsc + more PNG stego → nested Donut shellcode → ValleyRAT orchestrator → Go RAT over WebSocket/QUIC → AV killer injected into svchost → kernel rootkit (65+ IOCTLs, boss'd around by the RAT via named pipes).
On top of that: crypto clipboard hijacking, Telegram theft, plugin delivery over named pipes.
13 polymorphic samples recompiled per victim over 12 days. Paths rotate daily under C:\Drivers. Delivered via trojanized installers abusing legit signed EXEs.
Active across 🇨🇳 🇭🇰 🇸🇬.
IoCs:
520304a1cabdd9aa05c0a769c3874bc3cc2608d8e71ae607ca2bdf96b298b5de — trojanized installer
3w[.]jxuw3[.]com — WS C2
df[.]sjickdeh[.]org — WS C2
#SilverFox #APT #Malware
Meet #GoFlateLoader: a widespread Golang loader pushing some of the most notorious #infostealers ITW – #Amatera, #Remus, #Lumma, #Vidar, and #StealC.
Most loaders pile on heavy obfuscation and anti-analysis tricks to evade detection. GoFlateLoader doesn't bother. Instead, it relies on a much simpler trick – a deliberately inflated PE overlay aimed at slipping past size-constrained scanners and analysis pipelines.
Yet, despite its simplicity, it is still highly widespread across our userbase, making it a good reminder that prevalence and sophistication are not always the same thing.
Read more ↓
https://t.co/oPvxRohhCz
After months of active development, #Amatera has gradually become the most prevalent #infostealer in our userbase. And it's not slowing down – we're now observing fresh Amatera builds newly introducing control-flow flattening and indirect control-flow obfuscation.
IoCs ↓
0bf1eda8374ff2e3eb705e37eac8d65750a4d85454f535346100056399eba16f
e72ec2cbe762ca672a14a7ee660c0cab61ba020267c56f9ab8982e3be1f61a8b
58fe4ed4bc57c28b4da6b9230ff4c9d62528cdc00bba79b9f105d2a742426f4b
#Remus has officially caught up with #Lumma.
Over the past few weeks, our telemetry shows Remus to be already nearly just as active as Lumma.
Remus is a newly rebranded 64-bit variant of Lumma Stealer that emerged from the ashes earlier this year.
More details about Remus ↓
https://t.co/te4c3NjYOV
#malware #infostealer
Most backdoors don't check your Shadow Stack pointer before executing. Most don't hide shellcode in PNG chunks. Most don't erase themselves when the handler stops calling. This one did all three, on a single machine in 🇬🇧 the UK, for a year, and then vanished. We wrote it up. Someone should.
https://t.co/WZBTnsnHYd
#reverseengineering #malware
https://t.co/ecjQDDOlzR is notifying affected users that some reservation data was accessed by unauthorized parties and that reservation PINs are being reset.
Those alerts are real.
At the same time, we are detecting reservation hijack scams that take advantage of real booking data, as in the screenshot here. No obvious red flags, no generic message, just the right hotel, the right dates, the right amount, and a link that feels like part of the normal booking flow.
That is exactly why these scams work.
Do not trust the message alone. Verify through the official website, app, or your original confirmation.
More details in our blog:
https://t.co/6FqCYiipXT
Meet #Remus, a new 64-bit variant of the infamous #Lumma Stealer – emerging in the wake of Lumma's takedown and the doxxing of its alleged core members. Same stealing arsenal, same techniques, new name. Is Remus the Lumma rebrand we've been waiting for?
Main attribution indicators:
→ The same Application-Bound Encryption bypass employed specifically by Remus and Lumma
→ Transitional test builds ("Tenzor") that share a Steam dead drop resolver with confirmed Lumma samples
→ Matching AntiVM cpuid checks against five hypervisor signatures in identical order
→ Shared direct syscall/sysenter architecture
→ Identical per-string obfuscation technique
Remus also introduces notable changes: traditional Steam and Telegram dead drop resolvers are replaced by #EtherHiding, with C2 addresses stored in Ethereum smart contracts, making the infrastructure even more resilient to takedown operations.
Full research ↓
https://t.co/te4c3NjYOV
#infostealer #abe_bypass
You trust login[.]microsoftonline[.]com. So does your email gateway. Attackers know this — and they're using Microsoft's OAuth redirect to send victims from that trusted domain straight to credential harvesting pages. No vulnerability. Just a feature doing exactly what it's told.
How: attackers register a multi-tenant Azure OAuth app with a malicious reply URL, then craft an /authorize request with prompt=none. When auth fails silently, Microsoft's JS fires the urlAppError handler and redirects the browser to the attacker's domain. The entire redirect originates from Microsoft's infrastructure.
This bypasses URL filters that whitelist Microsoft login domains. Victims see a legitimate address bar the whole time.
Lures typically pose as DocuSign, Adobe Acrobat Sign, or "sharing link violation" alerts.
Redirect chain ITW:
login[.]microsoftonline[.]com/common/oauth2/v2.0/authorize?client_id=...
→ securedoc9a09b4dfda82e3e[.]rentawareinc[.]com (302)
→ pub-ac3265049b9b4c1ebf987170df4fcce0[.]r2[.]dev (phishing page)
@Microsoft wrote about OAuth redirect abuse here:
https://t.co/qR9kVALupa
#phishing #OAuth #Microsoft
If your #AI stack talks to #LLMs through #LiteLLM — and a lot of them do — check your version. 1.82.7 and 1.82.8 on PyPI were #backdoored with a payload that vacuums up every secret it can find and, if you're on K8s, deploys privileged pods to every node in the cluster.
Stage1 (25,844 bytes):
• Harvests ~/.ssh/*, AWS/GCP/Azure/K8s creds, crypto wallets, .env, shell history, SSL keys, CI/CD secrets
• AES-256-CBC + hardcoded 4096-bit RSA pubkey → POST to models.litellm[.]cloud
• Installs ~/.config/sysmon/sysmon.py + systemd user service ("System Telemetry Service")
• Backdoor polls checkmarx[.]zone/raw every ~50min for next-stage URL → /tmp/pglog
• If K8s SA token exists: reads all cluster secrets, spawns privileged alpine pods (node-setup-*) in kube-system on every node, mounts host FS, installs backdoor on each
Attacker left two commented-out earlier iterations in the source — went from RC4 string obfuscation (51KB) to plain base64 (25KB). Lazy or confident.
JARM: 27d40d40d00040d00042d43d000000d2e61cae37a985f75ecafb81b33ca523
Both C2s on AS205759 (🇳🇱 NL), Let's Encrypt E7 certs
IoCs:
models.litellm[.]cloud — 46.151.182[.]203
checkmarx[.]zone — 83.142.209[.]11
71e35aef03099cd1f2d6446734273025a163597de93912df321ef118bf135238 (.pth)
d6fc0ff06978742a2ef789304bcdbe69a731693ad066a457db0878279830d6a9 (stage1)
8395c3268d5c5dbae1c7c6d4bb3c318c752ba4608cfcd90eb97ffb94a910eac2 (1.82.7 .whl)
d2a0d5f564628773b6af7b9c11f6b86531a875bd2d186d7081ab62748a800ebb (1.82.8 .whl)
Discovered by https://t.co/uAD8pZNHGD
#SupplyChain #PyPI #InfoStealer #Kubernetes #litellm #Python
🔎New #ABE#bypass spotted ITW
#VoidStealer is the first #infostealer to weaponize a debugger-based technique that extracts the v20_master_key straight from browser memory, requiring neither privilege escalation nor code injection, making it significantly stealthier than existing methods – a truly elegant (and scary) technique.
Full technical analysis ↓
https://t.co/JlbTbyW29R
IoC: f783fde5cf7930e4b3054393efadd3675b505cbef8e9d7ae58aa35b435adeea4
#infostealer #threatresearch #Chrome #malware #abe_bypass
Fake @SocialSecurity PDFs are hitting thousands in the 🇺🇸 US right now. The payload? @datto#RMM - a legit remote access tool turned weapon. We've seen the same playbook with older @ConnectWise RMM versions too.
PDF:
Social_security_statements_2025.pdf a566c0e10dc4e3adc38d8427d457d686ecad700d6e34e4c8471ba1043aa0498d
RMM: b492f06dbc632afcd8e6e35f55a141bdbd5e2cc07374bb6ab2ac5dd96b491c13
Hosted on:
hxxps://pub-44db1288f9da4543b525029ecd44e149[.]r2[.]dev/SOCIAL-SECURITY_DOCUMENTS_2025[.]exe
#phishing
We observed a #clipboard payload that injects a Telegram bot into @OpenClaw's config — whether intentional attack or not, it demonstrates how easily an AI agent with shell access can be hijacked through a single paste.
#OpenClaw#ClipboardAttack#CyberSecurity
IoC:
https://t.co/aAodjY7LFq
Lazarus is running their payloads through an AI #agent to dodge our detections.
The giveaway? Neatly numbered comments, "Optimized XOR loop" labels, and original code left beside AI-suggested rewrites. A for effort. Still caught.
#Lazarus#APT#ThreatIntel
Your AI agent found a skill. Installed it. And it charged you $39,214. No bad intent. No warning. Just automation. Agent Trust Hub helps agents check skill safety BEFORE they act. https://t.co/NFNBa0Q52s
Tired of Base64 and XOR? Check out the latest #Wincir's approach to hiding data:
Embed encrypted payload INSIDE x64 instruction immediates.
48 81 E2 E2 00 00 00 ← sets decode key (AND)
48 B8 8A BC 4E 14 __ ← carries 8 bytes (MOV)
State machine in assembly. 14+ polymorphic patterns. Same byte = 50+ encodings.
They heard we like to disassemble, so they put a disassembler in the malware so we can disassemble while it disassembles itself.
IoCs: b78d25290b7a0313d51a66fcc3c1fef8f64179dc51188ff65c469bd9ad417b90
#Threat #Research #Fun
Yesterday, Gen researchers identified around 300 #skills on #ClawHub that contained prompts to download #malicious#payload. At the time of discovery, that accounted for 12% of available skills. The skills seemed like a weaponized versions of existing skills. All lead to malware.
@Norton and @Avast are already protecting users from threats delivered through these skills. AI “skills” are add-ons that let agents take real actions, like clicking links or downloading files, and attackers are abusing them to turn AI assistants into a new delivery channel.
This new world of AI agents is unfolding before our eyes. We are protecting people today, and we will continue to share what our researchers uncover as this space evolves.
IoCs:
hxxps://glot.io/snippets/hfd3x9ueu5
hxxps://glot.io/snippets/hfdxv8uyaf
hxxps://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip (pass: openclaw)
🚨#ScamAlert: That "official" notification from the Ministry claiming your device is locked for accessing illegal content? It's a #scam demanding hundreds of € and stealing your credit card details. Tens of thousands users affected last week mostly in 🇬🇧🇮🇹🇷🇴🇸🇰🇬🇷 Share and warn others! #Cybersecurity #StaySafe
IoCs:
corazstop[.]cyou
ecmypasscode[.]icu
ecpremiasslp[.]site
gbmypasscode[.]icu
gbpremiasslp[.]site
gbsaks[.]cyou
gbservstp[.]cyou
gbsiteslocks[.]cyou
grmypasscode[.]icu
itmypasscode[.]icu
itpremiasslp[.]site
itsaks[.]cyou
itsiteslocks[.]cyou
phmypasscode[.]icu
phpremiasslp[.]site
romypasscode[.]icu
ropremiasslp[.]site
rosaks[.]cyou
rositeslocks[.]cyou
skmypasscode[.]icu
slmypasscode[.]icu
Exfil via sockets: admadprpr[.]top
#Vidar v2.0 refines its approach to #bypass AppBound Encryption, combining known and novel techniques that leverage browser process injection:
- Reflective DLL #injection combined with IElevator (known technique)
- Shellcode injection via section mapping (ZwMapViewOfSection) with hooking of CryptUnprotectData in an attempt to directly capture and steal the v20_master_key.
With the key, Vidar is able to decrypt all browser data, effectively defeating AppBound Encryption in a novel way.
Additionally, Vidar v2.0 introduced control-flow flattening and begun encrypting most of the strings.
IoCs:
07c56ba57a813ab8f0eb4879c8638d5fbeab01163ac928a0d29c5826ab4abd9a
da89f3e6e9cf71c26162728dfabf6720a2b802bcad3c40635a7d4fb25e5ad627
aa5a38f1b0e7a1dab29f1ab8c8d9fa1bc0f028242349461da8d199f570d02027