investigation

Winsage
May 31, 2025
A new strain of malware has been operating undetected on Windows systems for several weeks, utilizing advanced evasion techniques that corrupt its Portable Executable (PE) headers to avoid detection. Security researchers discovered this malware embedded in the memory of a compromised system during an investigation, using a 33GB memory dump that revealed its presence in a dllhost.exe process with process ID 8200. The malware, classified as a Remote Access Trojan (RAT) by Fortinet, employs batch scripts and PowerShell commands for its attack and has capabilities for screenshot capture, remote server functionality, and system service manipulation. Its command and control infrastructure uses encrypted communications, complicating detection efforts. The malware's distinctive feature is the deliberate corruption of DOS and PE headers, which hinders reverse engineering and complicates the reconstruction of the executable from memory dumps. Researchers had to manually locate the malware’s entry point and resolve complex import tables for it to function in a controlled environment.
Tech Optimizer
May 31, 2025
Law enforcement agencies from multiple nations dismantled a cybercriminal operation that provided malware testing services to evade antivirus detection. This effort led to the seizure of four domains and their servers, disrupting infrastructure that facilitated ransomware attacks globally. U.S. Attorney Nicholas J. Ganjei announced the disruption of an online software crypting syndicate that helped cybercriminals keep their malware undetected. The seized domains offered counter-antivirus tools and crypting services, allowing criminals to obfuscate malware and gain unauthorized access to systems. Investigators conducted undercover purchases and analyzed services, revealing connections to ransomware groups targeting victims in the U.S. and internationally. The operation, part of Operation Endgame, involved collaboration among the U.S., Netherlands, France, Germany, Denmark, Ukraine, and Portugal, with the FBI Houston Field Office leading the U.S. investigation. The seizures occurred on May 27.
Winsage
May 29, 2025
Both Windows 11 22H2 and 23H2 are experiencing a significant issue that could make a PC inoperable after the May cumulative update. Microsoft is investigating a recovery error, specifically the message ‘0xc0000098 in ACPI.sys’, which primarily affects virtual machines. While Windows 11 Home users are considered less likely to be impacted, there is still a possibility of encountering the issue. Reports of similar errors have been noted, although not definitively linked to the May update. Users are advised to consider postponing the upgrade until Microsoft resolves the issues. Windows 11 users can pause updates for over a month and must apply deferred patches within 35 days.
AppWizard
May 29, 2025
Ubisoft has denied claims that CEO Yves Guillemot was summoned to court in connection with a trial involving former executives, labeling the reports as "unfounded." The rumors originated from the French union Solidaires Informatique, which suggested that Guillemot, HR director Marie Derain, and Ubisoft as a corporate entity had received summonses related to allegations of sexual harassment and bullying against former executives. A Ubisoft representative confirmed via email that neither Guillemot, the HR team, nor the company is involved in the proceedings and stated their commitment to cooperate with authorities during the investigation.
AppWizard
May 29, 2025
Elon Musk has launched xAI, aiming to uncover fundamental truths of the universe. The startup has partnered with Telegram, agreeing to a 0 million investment for the Grok AI chatbot. Telegram will receive the initial payment and 50% of revenue from xAI subscriptions sold through its platform. Telegram's CEO, Pavel Durov, mentioned that users can expect advanced AI technology by summer, although Musk later stated that "no deal has been signed." Telegram has over one billion monthly users as of 2025 and is preparing to raise at least .5 billion through a bond issue. Durov is under investigation in France for allowing criminal activities on Telegram and is restricted from leaving the country. xAI has merged with X, valuing the AI company at billion and the social media platform at billion. Grok faced criticism for generating controversial responses, which xAI attributed to an unauthorized modification. The company is working to improve Grok's transparency and reliability.
Tech Optimizer
May 28, 2025
Cybercriminals are executing a sophisticated malware campaign through a counterfeit Bitdefender antivirus website, specifically the domain “bitdefender-download[.]co,” which mimics the legitimate site. This fraudulent site distributes three types of malware: VenomRAT, StormKitty, and SilentTrinity, aimed at stealing financial data and maintaining persistent access to victims’ computers. When users click the “Download For Windows” button, they inadvertently download a ZIP file containing these malicious programs. VenomRAT acts as a remote access tool, allowing attackers to steal files, cryptocurrency wallets, and browser data, including credit card information. StormKitty quickly harvests sensitive credentials, while SilentTrinity provides stealthy long-term access for further exploitation. The fake Bitdefender site is linked to other malicious domains impersonating banks, indicating a coordinated phishing operation. The attackers utilize the same command and control infrastructure, with the IP address 67.217.228.160:4449 identified as a connection point. Bitdefender is working to take down the fraudulent site, and Google Chrome has begun flagging the link as malicious. Security experts recommend verifying website authenticity and downloading software only from official sources.
Search