#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
CrowdSec

Discord | Breaking Cybersecurity News | The Hacker News

QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord

QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord
Aug 14, 2023 Cyber Threat / Malware
A new remote access trojan (RAT) called  QwixxRAT  is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victim's Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker's Telegram bot, providing them with unauthorized access to the victim's sensitive information," Uptycs  said  in a new report published today. The cybersecurity company, which discovered the malware earlier this month, said it's "meticulously designed" to harvest web browser histories, bookmarks, cookies, credit card information, keystrokes, screenshots, files matching certain extensions, and data from apps like Steam and Telegram. The tool is offered for 150 rubles for weekly access and 500 rubles for a lifetime license. It also comes in a limited free version. A C#-based binary, QwixxRAT comes with various anti-analysis features to remain covert and evade detection. Thi

Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware

Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware
Nov 29, 2022
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx. The trend, called  Invisible Challenge , involves applying a filter known as  Invisible Body  that just leaves behind a silhouette of the person's body. But the fact that individuals filming such videos could be undressed has led to a nefarious scheme wherein the attackers post TikTok videos with links to rogue software dubbed "unfilter" that purport to remove the applied filters. "Instructions to get the 'unfilter' software deploy  WASP stealer malware  hiding inside malicious Python packages," Checkmarx researcher Guy Nachshon  said  in a Monday analysis. The WASP stealer (aka W4SP Stealer) is a malware that's designed to steal users' passwords, Discord accounts, cryptocurrency wallets, and other sensitive information. The TikTok videos posted by the attackers, @learncyber an

external linkThe Latest SaaS Security Information Resource

SaaS
websiteSaaS Security on TapSaaS Security
Discover SaaS Security on Tap, a video series bringing you all the ins and outs of securing your SaaS stack. Watch now.

25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository

25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository
Feb 23, 2022
Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after  17 similar packages  were taken down. The libraries in question leveraged typosquatting techniques and masqueraded as other legitimate packages such as colors.js, crypto-js, discord.js, marked, and  noblox.js , DevOps security firm JFrog said, attributing the packages as the work of "novice malware authors." The complete list of packages is below – node-colors-sync (Discord token stealer) color-self (Discord token stealer) color-self-2 (Discord token stealer) wafer-text (Environment variable stealer) wafer-countdown (Environment variable stealer) wafer-template (Environment variable stealer) wafer-darla (Environment variable stealer) lemaaa (Discord token stealer) adv-discord-utility (Discord token stealer) tools-for-discord (Discord t

Over a Dozen Malicious NPM Packages Caught Hijacking Discord Servers

Over a Dozen Malicious NPM Packages Caught Hijacking Discord Servers
Dec 09, 2021
At least 17 malware-laced packages have been discovered on the NPM package Registry, adding to a  recent barrage of malicious software  hosted and delivered through open-source software repositories such as PyPi and RubyGems. DevOps firm JFrog said the libraries, now taken down, were designed to grab Discord access tokens and  environment variables  from users' computers as well as gain full control over a victim's system. "The packages' payloads are varied, ranging from infostealers up to full remote access backdoors," researchers Andrey Polkovnychenko and Shachar Menashe said in a  report  published Wednesday. "Additionally, the packages have different infection tactics, including typosquatting,  dependency confusion  and trojan functionality." The list of packages is below - prerequests-xcode (version 1.0.4) discord-selfbot-v14 (version 12.0.3) discord-lofy (version 11.5.1) discordsystem (version 11.5.1) discord-vilao (version 1.0.0) fix-e
Cybersecurity Resources