Acronis TRU uncovered active abuse of AI platforms like Hugging Face and ClawHub for malware delivery, where attackers exploit trust in AI ecosystems and agents, and potentially trigger further malicious actions through AI-driven workflows.
Acronis Threat Research Unit (TRU) identified a new variant of the LOTUSLITE backdoor with a theme related to India's banking sector, delivered via DLL sideloading using a legitimate Microsoft-signed executable.
Backup reliability is judged by whether recovery points are actually available when needed, not by whether a platform offers a retry button. The right response to a persistent backup failure is investigation and remediation, not more retries.
Backups were once judged by a single question: Did the job succeed? That is no longer enough. In a ransomware event, the more important question is whether the attacker can delete or change the recovery points before the business starts to recover. Immutable backup storage addresses that exact problem by making a protected backup copy impossible to delete or overwrite for a defined number of days.
Acronis TRU has identified hundreds of GitHub repositories delivering malware to video gamers under the guise of "free game cheats," spanning numerous campaigns across virtually every major online game title.
Acronis Threat Research Unit (TRU) has identified a targeted campaign distributing a trojanized version of the Red Alert rocket warning Android app to Israeli users via SMS messages impersonating official Home Front Command communications.
Acronis' Threat Research Unit (TRU) has uncovered a malware campaign, dubbed CRESCENTHARVEST, potentially targeting supporters of Iran's ongoing protests with the goal of information theft and long-term espionage.
The Acronis Threat Research Unit (TRU) analyzed the latest version of LockBit ransomware (version 5), which targets Windows, Linux and ESXi systems, and shares some similarities with the previous version 4.
Acronis Threat Research Unit (TRU) has been tracking Transparent Tribe, also known as APT36, and has uncovered a campaign that stands out for its use of startup-oriented, themed lure material delivered via an ISO container-based file.
Acronis Threat Research Unit (TRU) observed a targeted malware campaign against U.S. government entities leveraging a politically themed ZIP archive containing a loader executable and a malicious DLL. The executable is used to sideload and execute the DLL, which functions as the primary backdoor, tracked as LOTUSLITE.
In a newly identified campaign, internally referred to as Boto Cor-de-Rosa, our researchers discovered that Astaroth now exploits WhatsApp Web as part of its propagation strategy.
This report is the result of a collaborative investigation between Hunt.io and the Acronis Threat Research Unit (TRU), in which both teams collaborated to map ongoing DPRK infrastructure activity, including Lazarus and Kimsuky.