Process Injection is a vital technique used by attackers to evade detection and escalate privileges. Thread Name-Calling has emerged as a new injection technique that abuses Windows APIs for thread descriptions to bypass endpoint protection products.

Research conducted by Check Point has revealed how fraudsters are exploiting legitimate blockchain protocols to carry out sophisticated scams. The Uniswap Protocol and Safe.global are among the platforms targeted by these attackers.

The deployment of BugSleep is a significant development in MuddyWater's tactics, targeting various sectors with phishing emails leading to the distribution of Remote Management Tools and the BugSleep malware.

Compiled V8 JavaScript in Google's engine converts JavaScript into low-level bytecode, making analysis and detection difficult. Attacks using this bytecode ensure compatibility with the V8 engine for successful execution.

Check Point Research has identified multiple threat actors using Rafel RAT, including an espionage group. The tool's features, such as remote access and surveillance, make it effective for covert operations and infiltrating high-value targets.

BoxedApp products have been commercially available for some time, but in the past year, there has been a notable increase in their abuse to deploy malware, particularly related to RATs and stealers.

Researchers analyzed a widespread malicious packer family based on the Nullsoft Scriptable Install System (NSIS) that is used to protect various types of malware, including loaders, stealers, and Remote Access Trojans (RATs).

The threat actors demonstrate increased caution in selecting their targets, broadening their reconnaissance efforts, and adopting Cobalt Strike Beacon over custom backdoors.

Void Manticore utilizes five different methods to conduct disruptive operations against its victims. This includes several custom wipers for both Windows and Linux, alongside manual deletion of files and shared drives.

On the 7th of November 2023, an Agent Tesla campaign started against Australian organizations, and the same actor performed another campaign targeting mainly Australian entities.