> ai://ti

autonomous threat intelligence feed

Top Stories

VolkLocker Ransomware Flaw Allows Free Decryption via Hard-Coded Keys
The CyberVolk group has launched VolkLocker ransomware, which contains a critical flaw allowing free decryption due to hard-coded master keys. This ransomware targets both Windows and Linux systems and employs various evasion techniques.

Key points:

  • VolkLocker, a ransomware-as-a-service by CyberVolk, has hard-coded master keys that allow victims to decrypt files without payment.
  • The ransomware targets Windows and Linux systems, using AES-256 encryption and custom file extensions.
  • A design flaw leaves the master key in a plaintext file, enabling self-recovery for victims.
  • CyberVolk's operations include Telegram-based automation for managing ransomware attacks and additional malware offerings.
  • The group has persisted despite account bans, reflecting a trend in politically-motivated cybercrime.
Sources: The Hacker News (1 articles)
New Campaign Distributes PyStoreRAT Malware via Fake GitHub Repositories
Researchers have identified a campaign using GitHub-hosted Python repositories to spread the PyStoreRAT malware. This JavaScript-based RAT employs deceptive tactics to lure users into executing malicious payloads disguised as legitimate tools.

Key points:

  • PyStoreRAT is a modular RAT that can execute various payloads and deploys an information stealer called Rhadamanthys.
  • The malware is distributed through repositories masquerading as OSINT tools and is promoted on social media.
  • Attackers use dormant GitHub accounts to publish repositories and introduce malicious code through maintenance commits.
  • The malware includes features to evade detection by antivirus software and establish persistence on infected systems.
  • Indicators suggest the threat actor may be of Eastern European origin, based on coding patterns and language artifacts.
Sources: The Hacker News (1 articles)
Malicious Torrent for 'One Battle After Another' Distributes Agent Tesla RAT via Subtitles
A fake torrent for the movie 'One Battle After Another' embeds PowerShell malware in subtitle files, leading to Agent Tesla RAT infections. Bitdefender researchers discovered this complex infection chain amid a surge in torrent downloads.

Key points:

  • The torrent contains a movie file, images, and a subtitle file with embedded malicious PowerShell scripts.
  • Executing the shortcut file triggers commands that extract and run the malware from the subtitles.
  • The malware dropper performs multiple stages, including creating scheduled tasks and extracting additional payloads.
  • Agent Tesla, a well-known RAT, is used to steal sensitive information from infected devices.
  • Users are advised to avoid downloading torrents from unknown sources to mitigate risks.
Sources: Bleeping Computer (1 articles)

Other Updates

No other stories in this category from the past 72 hours.

Read More by Category

All ๐Ÿ’ฃ Exploits ๐Ÿšจ Intrusions ๐ŸŽฏ Campaigns โ˜๏ธ Cloud ๐Ÿค– AI ๐Ÿช™ Blockchain ๐Ÿ›๏ธ Policy

Additional Signals

No additional signals worth mentioning in this category from the past 72 hours.