evasion Archives • Daily CyberSecurity

Matanbuchus 3.0 Downloader Pivots to Ransomware, Using Protobufs and QuickAssist for Stealth Access matan

Matanbuchus 3.0 Downloader Pivots to Ransomware, Using Protobufs and QuickAssist for Stealth Access

Do Son December 4, 2025

A sophisticated C++ downloader known as Matanbuchus has resurfaced with a major technical overhaul, signaling a dangerous...

Rhadamanthys Stealer v0.9.2 Drops: New PNG Payloads and Anti-Analysis Tricks Make Malware Deadlier AI Fraud Schemes TAMECAT Malware APT42 Espionage

AI Fraud Schemes TAMECAT Malware APT42 Espionage

Rhadamanthys Stealer v0.9.2 Drops: New PNG Payloads and Anti-Analysis Tricks Make Malware Deadlier

Do Son October 2, 2025

The notorious Rhadamanthys stealer, first released in 2022, has returned with a powerful new update that underscores...

DarkCloud Stealer Evolves: New VB6 Obfuscation and Crypto Wallet Theft Make Malware More Dangerous Than Ever Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

DarkCloud Stealer Evolves: New VB6 Obfuscation and Crypto Wallet Theft Make Malware More Dangerous Than Ever

Do Son September 29, 2025

Recently, eSentire’s Threat Response Unit (TRU) identified a spear-phishing campaign targeting a manufacturing client that attempted to...

LNK Stomping: Attackers Bypass Windows Security by Stripping the ‘Mark of the Web’ LNK Stomping, MoTW Bypass

LNK Stomping: Attackers Bypass Windows Security by Stripping the ‘Mark of the Web’

Do Son September 26, 2025

Windows shortcut files (.LNK) were designed to simplify user navigation, but for years, they’ve been a favorite...

DarkCloud Rises: New Fileless Stealer Uses PowerShell & Process Hollowing to Evade Detection DarkCloud Stealer, Fileless Malware

DarkCloud Rises: New Fileless Stealer Uses PowerShell & Process Hollowing to Evade Detection

Do Son August 11, 2025

Researchers from Fortinet’s FortiGuard Labs detected a new DarkCloud campaign deploying a stealthy, fileless payload through a...

BYOVD Attack: A New AV Killer Exploits a Legitimate Driver to Neutralize Defenses for MedusaLocker Ransomware

Do Son August 7, 2025

A recent incident response operation in Brazil has revealed a stealthy and destructive threat abusing the trusted...

New PXA Stealer Campaign Hits 62 Countries with Stealthy DLL Sideloading and Telegram Exfiltration PXA Stealer, Infostealer

New PXA Stealer Campaign Hits 62 Countries with Stealthy DLL Sideloading and Telegram Exfiltration

Do Son August 5, 2025

A new report by SentinelLABS and Beazley Security unveils an expansive and rapidly evolving infostealer operation powered...

The Evolution of Evasion: Raspberry Robin Malware Upgrades with New Encryption & UAC Bypass Exploit Raspberry Robin, Malware Evasion

The Evolution of Evasion: Raspberry Robin Malware Upgrades with New Encryption & UAC Bypass Exploit

Do Son August 5, 2025

ThreatLabz has released a fresh technical update on Raspberry Robin, the elusive USB-propagated malware also known as...

LockBit Ransomware Evolves: New Stealthy Tactics Use DLL Sideloading & Masquerading to Bypass Defenses LockBit Ransomware, DLL Sideloading

LockBit Ransomware Evolves: New Stealthy Tactics Use DLL Sideloading & Masquerading to Bypass Defenses

Do Son August 1, 2025

LockBit isn’t just another ransomware group—it’s an evolving threat that continues to adapt its tactics to evade...

GOLD BLADE Unleashes RedLoader with Novel Attack Chain: LNK Files + WebDAV + DLL Sideloading Evades Detection RedLoader, DLL Sideloading

GOLD BLADE Unleashes RedLoader with Novel Attack Chain: LNK Files + WebDAV + DLL Sideloading Evades Detection

Do Son July 31, 2025

Sophos analysts have uncovered a newly combined infection technique used by the GOLD BLADE cybercriminal group to...

0bj3ctivityStealer: Stealthy Info-Stealer Uses Steganography & PowerShell to Evade Detection

Do Son July 30, 2025

A recent analysis from the Trellix Advanced Research Center (ARC) has unveiled a sophisticated and stealthy info-stealer...

XWorm 6.0: New Variant Uses AMSI Bypass & Critical Process Trick to Evade Detection and Crash Systems

Do Son July 29, 2025

According to the latest report from Netskope Threat Labs, a new version of the XWorm malware—XWorm 6.0—has...

SHUYAL: New Stealthy Infostealer Plunders Browser Credentials, System Data, & Screenshots to Telegram SHUYAL Infostealer, Telegram Exfiltration

SHUYAL Infostealer, Telegram Exfiltration

SHUYAL: New Stealthy Infostealer Plunders Browser Credentials, System Data, & Screenshots to Telegram

Do Son July 28, 2025

In a deep-dive technical investigation, Hybrid Analysis has uncovered a powerful new information stealer dubbed SHUYAL, a...

EdskManager RAT: New Stealthy Malware Leverages HVNC for Covert Remote Access & Evasion EdskManager RAT, HVNC Malware

EdskManager RAT: New Stealthy Malware Leverages HVNC for Covert Remote Access & Evasion

Do Son July 24, 2025

In its latest threat intelligence report, CYFIRMA has detailed the discovery of EdskManager RAT, a sophisticated remote...

First in the Wild: Coyote Banking Trojan Exploits Microsoft’s UI Automation to Steal Credentials Undetected

Do Son July 24, 2025

Akamai has confirmed the first observed abuse of Microsoft’s UI Automation (UIA) framework by malware in the...

AmateraStealer (ACRStealer) Evolves: New Version Uses Low-Level NTAPIs & Heaven’s Gate for Evasion AmateraStealer, Infostealer Evolution

AmateraStealer (ACRStealer) Evolves: New Version Uses Low-Level NTAPIs & Heaven’s Gate for Evasion

Do Son July 23, 2025

ACRStealer—recently rebranded as AmateraStealer—has emerged as one of the most sophisticated infostealers in the wild, marked by...

Ghost Crypt & PureRAT: New Stealthy Malware Targets Accounting Firm via “Process Hypnosis” Ghost Crypt, PureRAT

Ghost Crypt & PureRAT: New Stealthy Malware Targets Accounting Firm via “Process Hypnosis”

Do Son July 22, 2025

eSentire’s Threat Response Unit (TRU) uncovered a sophisticated attack against a certified public accounting firm in the...

Katz Stealer: The $100/Month MaaS Threat Plundering Digital Identities Undetected Katz Stealer, Info-Stealer MaaS

Katz Stealer: The $100/Month MaaS Threat Plundering Digital Identities Undetected

Do Son July 21, 2025

In the crowded arena of information-stealing malware, Katz Stealer is quickly establishing itself as one of the...

Beyond Detection: PyBitmessage Protocol Used for Covert Monero Mining Campaign PyBitmessage malware, Monero coinminer

Beyond Detection: PyBitmessage Protocol Used for Covert Monero Mining Campaign

Do Son May 22, 2025

In a new and deeply evasive malware campaign, cybercriminals are leveraging the PyBitmessage protocol to hide a...

Sneaky Email Attack Targets Spain, Italy, Portugal with RATty Trojan RATty Trojan, email phishing

Sneaky Email Attack Targets Spain, Italy, Portugal with RATty Trojan

Do Son May 12, 2025

The FortiMail IR team has uncovered a highly sophisticated email campaign delivering the RATty Remote Access Trojan,...

Critical Alert 1 Active Exploit Detected Today