FortiGuard Labs uncovered an SEO poisoning campaign targeting Chinese users with fake software sites delivering Hiddengh0st and Winos malware. This article has been indexed from Fortinet Threat Research Blog Read the original article: SEO Poisoning Attack Targets Chinese-Speaking Users…
Category: Fortinet Threat Research Blog
MostereRAT Deployed AnyDesk/TightVNC for Covert Full Access
FortiGuard Labs uncovers MostereRAT’s use of phishing, EPL code, and remote access tools like AnyDesk and TightVNC to evade defenses and seize full system control. This article has been indexed from Fortinet Threat Research Blog Read the original article:…
MostereRAT Deployed AnyDesk/TightVNC for Covert Full Access
FortiGuard Labs uncovers MostereRAT’s use of phishing, EPL code, and remote access tools like AnyDesk and TightVNC to evade defenses and seize full system control. This article has been indexed from Fortinet Threat Research Blog Read the original article:…
Phishing Campaign Targeting Companies via UpCrypter
FortiGuard Labs uncovers a phishing campaign using fake emails and UpCrypter malware to deliver RATs like PureHVNC and DCRat across industries. This article has been indexed from Fortinet Threat Research Blog Read the original article: Phishing Campaign Targeting Companies…
The Resurgence of IoT Malware: Inside the Mirai-Based “Gayfemboy” Botnet Campaign
FortiGuard Labs analyzes the Gayfemboy botnet, a Mirai variant targeting global sectors. Learn its tactics, C2 methods, and Fortinet defenses. This article has been indexed from Fortinet Threat Research Blog Read the original article: The Resurgence of IoT Malware:…
From ClickFix to Command: A Full PowerShell Attack Chain
A regionally targeted PowerShell-based campaign used phishing lures, obfuscation, and RAT delivery to infiltrate Israeli organizations. Learn how the attack chain worked—and how Fortinet blocked it. This article has been indexed from Fortinet Threat Research Blog Read the original…
Unveiling a New Variant of the DarkCloud Campaign
FortiGuard Labs has uncovered a stealthy new variant of DarkCloud malware that leverages phishing emails, obfuscated JavaScript, PowerShell loaders, and process hollowing to exfiltrate credentials, payment data, and email contacts—all without dropping a file to disk. This article has…
Malicious Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025)
Malware threats continue to infiltrate open-source software registries. FortiGuard Labs’ Q2 2025 analysis reveals persistent tactics used in malicious NPM and PyPI packages, including credential theft, obfuscation, and install-time payloads. Learn how threat actors exploit OSS and how to stay…
Malicious Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025)
Malware threats continue to infiltrate open-source software registries. FortiGuard Labs’ Q2 2025 analysis reveals persistent tactics used in malicious NPM and PyPI packages, including credential theft, obfuscation, and install-time payloads. Learn how threat actors exploit OSS and how to stay…
Inside The ToolShell Campaign
FortiGuard Labs uncovers ToolShell, a sophisticated exploit chain targeting Microsoft SharePoint servers using a mix of patched and zero-day CVEs. Learn how attackers deploy GhostWebShell and KeySiphon for stealthy remote code execution and credential theft. This article has been…