Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Malicious Ads. Show all posts
Sensitive data
Cloud Security Cyber Attacks Data Theft Employee Training enterprise cybersecurity fake ads Malicious Ads ransomware attacks Ransomwares Sensitive data

Employee Monitoring Tool Kickidler Targeted in Ransomware Attacks

 

Cybersecurity researchers have discovered that cybercriminals are misusing a legitimate employee monitoring tool called Kickidler to execute targeted ransomware attacks. Originally developed to help businesses track productivity and ensure compliance, Kickidler offers features like real-time screen monitoring, keystroke logging, and activity tracking—functionalities that have now become attractive tools for threat actors. Security firms Varonis and Synacktiv have reported observing these attacks actively taking place. 

The attack campaign begins with malicious advertisements placed on the Google Ads network. These ads are cleverly designed to trick users searching for a legitimate utility called RVTools—a free Windows application used to connect to VMware vCenter or ESXi environments. Victims are lured into downloading a trojanized version of RVTools, which secretly installs a backdoor named SMOKEDHAM. Once SMOKEDHAM gains access to the system, attackers use it to deploy Kickidler, with a focus on targeting enterprise administrators. 

By infiltrating admin machines, the attackers can monitor keystrokes and capture sensitive data, such as credentials for off-site backups or cloud platforms. This method allows them to bypass more secure authentication systems that are often separated from Windows domains, a common defense strategy in many organizations. According to the researchers, the ransomware groups Qilin and Hunters International have been leveraging this approach to expand their reach within enterprise networks. 

These groups appear to be focusing on cloud backup systems and VMware ESXi infrastructure. Hunters International, in particular, was observed using VMware PowerCLI and WinSCP Automation tools to enable SSH access, deploy ransomware, and execute it on ESXi servers. Their payloads encrypted VMDK virtual hard disks, disrupting operations and access to virtual environments. 

One of the most concerning aspects of this campaign is how stealthily it operates. By capturing data directly from administrators’ screens and inputs, the attackers avoid using higher-risk tactics like memory dumps or privilege escalation, which are more likely to be flagged by security systems. The misuse of Kickidler demonstrates a growing trend of cybercriminals weaponizing legitimate enterprise tools to bypass traditional defenses and maintain stealth within targeted networks. 

These attacks highlight the need for increased vigilance around software downloads, especially from third-party sources, and reinforce the importance of strong endpoint protection, regular software audits, and employee awareness training. 

As cyberattacks grow more sophisticated, defenders must adapt by tightening controls, decoupling critical system access from everyday credentials, and monitoring for unusual activity—even from tools considered safe.
Read more »
Threat Landscape
Cyber Crime Espionage Campaign Hacking Group Malicious Ads Phishing email Threat Landscape

This Hacker Outfit has Targeted Thousands of Companies Across the Globe

 

ESET's cybersecurity researchers have recently uncovered a relatively new hacker outfit that has had great success targeting organisations all around the world. 

The researchers are still unsure of the group's eventual goal, which goes by the name of Asylum Ambuscade. BleepingComputer claims that over the past three years, it has been active all over the world, but primarily in the West.

It makes use of many different tools, such as the Sunseed malware, Akhbot, and Nodebot, which enable the team to carry out a wide range of malicious operations, such as stealing screenshots, stealing passwords stored in well-known web browsers, deploying Cobalt Strike loaders, running a keylogger, and more. In short, the group's skills encompass everything from espionage to cybercrime. 

They have a wide range of targets, including small and medium-sized businesses (SMB), government officials and organisations, bank customers, cryptocurrency speculators, and traders. 

Modus operandi 

Typically, a phishing email including a malicious script is the first step in an assault. Depending on the target's endpoints, the group selects which extra payloads to send after downloading the Sunseed virus. 

The researchers discovered that in certain cases the group generated Google Ads that drove consumers to websites that included malicious JavaScript code.

Additionally, the organisation appears to be very successful. Researchers at ESET began monitoring the gang's activity in January of last year and have since discovered almost 4,500 victims, which suggests the group targeted 265 businesses and organisations each month.

The group's intentions continue to be the biggest mystery. The researchers are unable to precisely identify what the group is attempting to do because they have access to a wide variety of tools that can be used to commit all types of cybercrime and a diverse list of victims. One explanation contends that the group is just selling knowledge and access to other threat actors, which explains their diverse strategy.
Read more »
Subscribe to: Posts (Atom)