malware

Email campaign distributing Ratty RAT malware exploits legitimate invoicing tactics and geofencing to bypass security. Attackers use a trusted email service and file-sharing platforms, manipulate recipients through social engineering, and employ Ngrok for covert links. Targeting mainly Italy, the campaign exemplifies advanced evasion strategies and challenges conventional detection systems. Fortinet provides protections, urging users to stay vigilant against such phishing threats.

https://www.fortinet.com/blog/threat-research/multilayered-email-attack-how-a-pdf-invoice-and-geofencing-led-to-rat-malware

Malware authors are increasingly using obscure programming languages like Delphi and Haskell to evade detection. Researchers found that using less common languages complicates static analysis, making malware harder to identify and analyze. While C and C++ remain prevalent, many threat groups now employ diverse languages and compilers to obscure malicious code. This shift makes automated detection less effective, as unique signatures are harder to create for various programming languages, leading to greater challenges for security analysts. More focus on these lesser-used languages in security measures is necessary.

https://www.theregister.com/2025/03/29/malware_obscure_languages/

FBI warns fake online document converters distribute malware, including ransomware, targeting users' sensitive information. Cybercriminals create deceptive sites mimicking legitimate converters. Victims report scams to IC3, leading to malware like Gootloader, causing serious breaches. Not all converters are harmful, but users should research before using them.

https://www.bleepingcomputer.com/news/security/fbi-warnings-are-true-fake-file-converters-do-push-malware/

Microsoft's Trusted Signing service is exploited by cybercriminals to code-sign malware using short-lived three-day certificates. These signed executables can bypass security filters. Criminals prefer this method due to easier access compared to Extended Validation certificates. Microsoft monitors and revokes misuse of their signing service, citing active threat intelligence measures.

https://www.bleepingcomputer.com/news/security/microsoft-trusted-signing-service-abused-to-code-sign-malware/

Hacker infects 18,000 “script kiddies” globally with fake malware builder, a trojanized XWorm RAT, which steals data and controls infected systems. The malware was spread through various platforms and included a kill switch, but many systems remain compromised. Security researchers disrupted the botnet using a mass uninstall command. Users are warned against trusting unsigned software from other criminals.

https://www.bleepingcomputer.com/news/security/hacker-infects-18-000-script-kiddies-with-fake-malware-builder/