Cybercriminals are targeting financial organizations across Africa, potentially acting as initial access brokers selling data on the dark web. The post Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector appeared first on Unit 42. This article has been indexed…
Category: Unit 42
Resurgence of the Prometei Botnet
We identified a resurgence of the Prometei botnet’s Linux variant. Our analysis tracks the activity of this cryptominer and its new features. The post Resurgence of the Prometei Botnet appeared first on Unit 42. This article has been indexed from…
Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation
We analyze two new KimJongRAT stealer variants, combining new research with existing knowledge. One uses a Portable Executable (PE) file and the other PowerShell. The post Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation appeared first on Unit…
Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation
We analyze two new KimJongRAT stealer variants, combining new research with existing knowledge. One uses a Portable Executable (PE) file and the other PowerShell. The post Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation appeared first on Unit…
Serverless Tokens in the Cloud: Exploitation and Detections
Understand the mechanics of serverless authentication: three simulated attacks across major CSPs offer effective approaches for application developers. The post Serverless Tokens in the Cloud: Exploitation and Detections appeared first on Unit 42. This article has been indexed from Unit…
JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique
In an extensive campaign affecting 270k webpages, compromised websites were injected with the esoteric JavaScript programming style JSF*ck to redirect users to malicious content. The post JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique appeared first on Unit…
The Evolution of Linux Binaries in Targeted Cloud Operations
Using data from machine learning tools, we predict a surge in cloud attacks leveraging reworked Linux Executable and Linkage Format (ELF) files. The post The Evolution of Linux Binaries in Targeted Cloud Operations appeared first on Unit 42. This article…
Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere
This examination of the Amazon Web Services (AWS) Roles Anywhere service looks at potential risks, analyzed from both defender and attacker perspectives. The post Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere appeared first…
Blitz Malware: A Tale of Game Cheats and Code Repositories
Blitz malware, active since 2024 and updated in 2025, was spread via game cheats. We discuss its infection vector and abuse of Hugging Face for C2. The post Blitz Malware: A Tale of Game Cheats and Code Repositories appeared first…
Lost in Resolution: Azure OpenAI’s DNS Resolution Issue
We discovered an Azure OpenAI misconfiguration allowing shared domains, potentially leading to data leaks. Microsoft quickly resolved the issue. The post Lost in Resolution: Azure OpenAI's DNS Resolution Issue appeared first on Unit 42. This article has been indexed from…