Lifeboat Foundation

“When a new user logs into the server, it immediately stops all ‘noisy’ activities, lying dormant until the server is idle again. After execution, it deletes its binary and continues to run quietly in the background as a service.”

It’s worth noting that some aspects of the campaign were disclosed last month by Cado Security, which detailed an activity cluster that targets internet-exposed Selenium Grid instances with both cryptocurrency mining and proxyjacking software.

Specifically, the fileless perfctl malware has been found to exploit a security flaw in Polkit (CVE-2021–4043, aka PwnKit) to escalate privileges to root and drop a miner called perfcc.

Cloudflare mitigates a record-breaking 3.8 Tbps DDoS attack, marking a surge in global cyber threats.

A pair of Harvard students successfully rigged Meta-formerly-Facebook and Ray Ban’s smart glasses with facial recognition software.

The world’s second-largest money transfer provider, which filed a data breach notice with U.K. authorities, serves over 50 million people.

Necro malware infects 11 million Android devices via apps on Google Play, using steganography to evade detection.

Unit 42 reveals the discovery of Splinter, a new Rust-based post-exploitation tool posing cybersecurity risks.

Twelve hacktivist group targets Russian entities with destructive cyber attacks, using public tools for maximum damage without financial gain.

North Korean hackers use poisoned Python packages from PyPI to spread PondRAT malware, targeting developers in a supply chain attack.

A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named “Marko Polo.”

The threat actors use a variety of distribution channels, including malvertising, spearphishing, and brand impersonation in online gaming, cryptocurrency, and software, to spread 50 malware payloads, including AMOS, Stealc, and Rhadamanthys.

According to Recorded Future’s Insikt Group, which has been tracking the Marko Polo operation, the malware campaign has impacted thousands, with potential financial losses in the millions.