
The Anomali Blog


Anomali Cyber Watch: Lancefly APT Adopts Alternatives to Phishing, BPFdoor Removed Hardcoded Indicators, FBI Ordered Russian Malware to Self-Destruct

Anomali Cyber Watch: Custom Virtual Environment Hides FluHorse, BabyShark Evolved into ReconShark, Fleckpe-Infected Apps Add Expensive Subscriptions

Anomali Cyber Watch: APT37 Adopts LNK Files, Charming Kitten Uses BellaCiao Implant-Dropper, ViperSoftX Infostealer Unique Byte Remapping Encryption

Anomali Cyber Watch: Two Supply-Chain Attacks Chained Together, Decoy Dog Stealthy DNS Communication, EvilExtractor Exfiltrates to FTP Server

Anomali Cyber Watch: Cozy Bear Employs New Downloaders, RTM Locker Ransomware Seeks Privacy, Vice Society Automated Selective Exfiltration

Anomali Cyber Watch: Aggressively-Mutating Mantis Backdoors Target Palestine, Fake Cracked Packages Flood NPM, Rorschach Ransomware Is Significantly Faster Than LockBit v.3

Anomali Cyber Watch: Balada Injector Exploits WordPress Elementor Pro, Icon 3CX Stealer Detected by YARA, Koi Loader-Stealer Compresses-then-Encrypts Memory Streams

Anomali Cyber Watch: Bitter Spies on Chinese Nuclear Energy, Kimsuky Takes Over Google Account to Infect Connected Android Devices, Bad Magic APT Targets Occupied Parts of Ukraine

Anomali Cyber Watch: Winter Vivern Impersonates Poland’s Combating Cybercrime Webpage, Trojanized Telegram Steals Cryptocurrency Keys from Screenshots, and More

Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam
