Malware

The U.S. Department of Justice disclosed that Russian national Maxim Rudometov has been indicted over his suspected involvement in developing and leading the RedLine malware-as-a-service operation following the dismantling of the information-stealing malware alongside the META MaaS platform as part of the international law enforcement effort Operation Magnus.

At least two people responsible for operating the malware network that infected an estimated 1,200 servers.

Most downloaded among the malicious packages was "blockscan-api," which is a backdoored copy of etherscan-api, followed by "passport-js," which is a backdoored passport copy, and the backdoored bcryptjs copy dubbed "bcrypts-js," an analysis from the Datadog Security Research team showed.

UNC5812 under the guise of "Civil Defense" on Telegram distributed free Ukrainian military recruiter locator software, which when downloaded on Android devices triggered the deployment of the CraxsRat backdoor, which has keystroke tracking, contact and credential exfiltration, and file and SMS management capabilities, as well as the decoy mapping app Sunspinner.

After leveraging numerous initial attack vectors, including vulnerability exploitation and DNS poisoning, to infiltrate targeted networks, Evasive Panda proceeds with the distribution of the MgBot and Nightdoor payloads, with the former leveraged to deploy 10 CloudScout modules, three of which target Google Drive, Gmail, and Microsoft Outlook, according to an analysis from ESET.

Such crackdown efforts have enabled access to the infostealers' source code, including REST-API services, license servers, stealer binaries, and Telegram bots, as well as the IP addresses, credentials, and registration details of their users, said the agencies in a video posted on Operation Magnus website.

After being targeted through masscan and ZGrab, unauthenticated Docker API endpoints have been exploited by TeamTNT.