cyber operation

Tech Optimizer
July 18, 2026
North Korea's Contagious Interview hackers have been using a deceptive strategy to target developers by posing as recruiters and embedding malware in SVG files. Elastic Security Labs discovered that the attackers hid malicious payloads within HTML comment blocks of these files, allowing the malware to evade antivirus detection. At the time of the findings, no antivirus engines flagged the compromised repositories, which included trojanized GitHub repositories disguised as coding challenges. The malware executed automatically at server startup and deployed four modules: a browser credential and cryptocurrency wallet stealer, a file stealer, a remote access Trojan, and a clipboard monitor. The campaign, tracked as REF9403, is part of the ongoing Contagious Interview operation attributed to North Korea's Lazarus Group, which aims to generate revenue through cryptocurrency theft. Developers are advised to audit any projects run from unsolicited sources and to monitor specific domains associated with the attack.
Tech Optimizer
February 24, 2026
A cyber operation is targeting users of Huorong Security antivirus software through a typosquatted domain, huoronga[.]com, which mimics the legitimate site huorong.cn. Users who mistakenly visit the counterfeit site may download a file named BR火绒445[.]zip, which contains a trojanized installer that leads to the installation of ValleyRAT, a remote access trojan. The malware employs various techniques to evade detection, including using an intermediary domain for downloads, creating Windows Defender exclusions, and establishing a scheduled task for persistence. The backdoor facilitates activities such as keylogging and credential access while disguising its operations within legitimate processes like rundll32.exe. Attribution points to the Silver Fox APT group, and there has been a significant increase in ValleyRAT samples documented in recent months. Security measures include ensuring software downloads are from the official site and monitoring for specific malicious activities.
Search