Redline Stealer is a malware-as-a-service (MAAS) info-stealer that is offered in cybercriminal forums and on Telegram channels. The malware was first observed in February 2020 for Windows systems.
Raccoon Stealer, also known as Mohazo or Racealer, is an info-stealer malware that first appeared in 2019, and is available as malware-as-a-service (MAAS). Available as MaaS, it has already infected over 100,000 devices in the wild, across organizations and individuals, and became one of the most-mentioned attacks on underground forums.
The purpose of Money Message ransomware is to encrypt files on a targeted computer, rendering the victim's system unusable. It was first reported on Twitter by the Zscaler ThreatLabZ research team.
Maui is a wiper that is designed to delete or overwrite data on a computer or digital device, causing damage and disrupting operations. This malware was first discovered by the FBI in May 2021, and is presumed to have been developed under the guidance of North Korea.
On January 25, 2023, ESET Research found a new data wiper in the network of Ukrinform, Ukraine’s national news agency. Later, the Computer Emergency Response Team of Ukraine (CERT-UA) added that as of January 27, five additional, different malware samples were spotted in the network.
IcedID, also known as BokBot, was initially a banking trojan when it was discovered in 2017. Now it is mostly used as an initial access broker for other malware. This malware typically uses malicious email attachments to infect victims' machines. It has been known to use various types of attachments — such as archives, Word and Excel files — but the latest attacks used OneNote files.
Royal ransomware was first spotted in January 2022, targeting different corporations. This group does not provide ransomware-as-a-service. The attackers demand figures ranging from $250,000 to over $2 million from their victims.
On November 10, 2022, the Akamai Security Intelligence Response Team published an article with the description of the newly spotted KmsdBot, which infected their honeypot. Gaming company FiveM, which provides software for GTA V for hosting custom private servers (and happens to be Akamai’s client), became the first victim. During their investigation, researchers found many samples that were built for different architectures.
AXLocker is a ransomware that was found by malware researcher ‘S!ri,’ who posted it on Twitter. Later, it was discovered that AXLocker does not only encrypt files but also steals victims’ Discord credentials and uploads them to its own Discord server. Specifically, the AXLocker ransomware steals tokens stored on a local computer when the user logs in to Discord. It’s not packed or obfuscated.
Killnet is a Russian hacker group, previously known for providing DDoS services. At the end of October 2022, the security channel PCrisk discovered the first sample of Killnet ransomware. The group, via a Telegram channel, also announced a ransomware attack on an Italian chemical factory.
On June 22, 2022, CNCERT IoT Threat Research Team and NSFOCUS FuYingLab monitored a new botnet that was attacking IoT devices. Naming the threat ‘RapperBot,’ researchers found more than 5,000 compromised hosts, but no attack commands were spotted. In analyzing samples, cybersecurity analytics found similarities with Mirai Bot, whose source code has been leaked.
The SideWinder APT group was first discovered in 2018, and since earlier this year has been actively targeting military, defense and other industries in South Asia. They used to spread phishing emails with Word files that downloaded additional files to decode, drop and start the malware, which collects and uploads victims’ data to remote servers. They've since infected Android devices with malicious apps in Google Play.