🚨 Crypto users targeted in ultra-slick social engineering scam.
Hackers built dozens of fake AI/Web3 startups—complete with logos, blogs, and verified X accounts—to push malware disguised as investment tools.
The malware drains wallets on both Windows & macOS.
Details here → https://t.co/JfoZB2Uyfk
🚨 A new botnet is quietly hijacking Linux-based IoT devices.
PumaBot is targeting embedded Linux IoT devices—brute-forcing SSH, mining crypto, and hijacking credentials.
It impersonates Redis, evades honeypots, and survives reboots using systemd persistence.
🔗 Read: https://t.co/Pc3MVeo03M
Cado Security Labs have identified a Python Remote Access Tool that allows users to remotely access and control a system using Telegram.
Learn more in our latest blog post: https://t.co/3mtUkLfydL
Cado Security Labs has identified a novel cryptomining campaign targeting exposed Jupyter Notebooks to deliver cryptominers on both Windows and Linux systems.
Read more here: https://t.co/VS4IoNUZSz
Cado Security Labs has identified a malware campaign targeting the Royal Thai Police. Attributed to the Chinese APT group Mustang Panda, this campaign uses decoy documents and shortcut files to deliver Yokai backdoor.
Read the full blog post here: https://t.co/fB9FYL09tI
Cado Security Labs researchers have identified a scam targeting people who work in Web3. The Meetio campaign includes the Realst infostealer, which has both macOS and Windows variants, and has been active for around four months. https://t.co/8cUrIf1OPO
Cado Security Labs has discovered a new malware campaign targeting Web3 workers with a sophisticated scam using AI-generated content to appear legitimate.
Read more in our latest blog post: https://t.co/Pj8Y82kaKY
Cado Security Labs recently discovered a GuLoader campaign targeting European industrial and engineering companies. Read the full research blog here: https://t.co/EG15nPktqB
New macOS Malware video going over Golang strings in arm64 using the Cthulhu Stealer.
Go strings are structs and are not null terminated so tools have difficulty parsing them. Understanding how they work from a disassembly perspective helps. :)
https://t.co/xtPvRX5rh9
🔥 Selenium Grid Targeted for Crypto Mining!
Default no-auth settings make it a prime target for attackers injecting crypto miners and proxyjacking scripts.
Learn more: https://t.co/whNNJG2mAk
Lock it down now!
Recently, Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named “Cthulhu Stealer”. This blog will explore the functionality of this malware and provide insight into how its operators carry out their activities: https://t.co/nJCt6RnUfG
In a recent blog documenting Handala, I really enjoyed one of the stages of the malware chain. A Delphi file stitches together different files to build an AutoIt interpreter and a obfuscated AutoIt script. Let’s take a deeper look at the obfuscated script…[1/16]
people often talk about the malware that they find on virustotal. But seldom to they share the love letter executables 💔💔💔💔💔💔💔💔💔 Let's share one from Brazil 🇧🇷 [1/7] 🧵
What's Happenin? Wile chuffed to say that I will be speaking at @bsidesbelfast this year. I went to my first BSides Belfast in 2017 and am finally going to speak at it. Hope to see everyone there and bump into old friends. Big thanks to my co-author @NicoleFishi19!
Interesting wee file we found back in March, turned out to be one part of a bigger modular malware framework. This is what we know so far. I hope someone out there has the other pieces of the jigsaw puzzle. 🤔 Have a wee gander hai! #malware#Linux
https://t.co/huv0lv41dL
Good morning San Francisco! All those at #BSidesSF please join talks from @NicoleFishi19 && @AbbyMCH with myself! It will be a good time! 1:30pm today && 1:30pm tomorrow.