webmail

Tech Optimizer
July 3, 2026
Cybercriminals are using a sophisticated method to bypass security measures by embedding malware within the VLC media player. This campaign exploits VLC to install ValleyRAT, a remote access trojan, through phishing emails that contain links to download a seemingly harmless file. Once the file is opened, it activates a hidden backdoor that evades detection by antivirus solutions. The malware has been active since 2023, with a significant increase in activity noted through 2025 and into 2026, particularly targeting Chinese and Japanese-speaking users. The infection process begins when a victim clicks a link in a phishing email, leading to a ZIP archive containing a disguised executable and a malicious DLL (libvlc.dll). The executable mimics a legitimate VLC file, and when executed, it loads the DLL, allowing the malware to run under the guise of VLC. The malware establishes persistence by creating a registry entry and connects to a remote server to retrieve the final payload. ValleyRAT employs evasion tactics to avoid detection, such as performing checks on system behavior and using a fileless approach to inject its payload directly into memory, avoiding storage on disk. Researchers recommend training employees to recognize suspicious filenames and deploying endpoint detection tools to identify DLL sideloading behavior. For organizations affected by this campaign, isolating compromised systems and reviewing security logs are critical initial steps. Indicators of compromise include a malicious email domain, a ZIP archive containing a fake VLC executable, and a download URL for ValleyRAT.
Winsage
November 3, 2024
The FBI has warned users about vulnerabilities in popular webmail accounts, highlighting risks to passwords and multifactor authentication (MFA) due to emerging cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA) has advised Windows users to reconsider SMS-based MFA. CISA's guidance targets Chief Information Security Officers (CISOs) and enterprise users, emphasizing a sophisticated spear-phishing campaign affecting various sectors, including government and IT. Spear phishing, although less than 0.1% of phishing emails, accounts for 66% of successful breaches, with average costs of USD 4.76 million and potential losses up to USD 100 million. CISA notes that foreign threat actors often impersonate trusted entities and use malicious remote desktop protocol (RDP) files to gain unauthorized access. CISA has recommended ten security measures for organizations, including restricting outbound RDP connections, blocking RDP files, enabling MFA, and adopting phishing-resistant authentication methods. CISA advises against SMS-based MFA due to its vulnerability to SIM-jacking attacks. Kaspersky has raised concerns about SIM swap fraud, particularly in areas with high smartphone usage. Organizations are encouraged to use stronger MFA alternatives, such as software authenticators or passkeys.
Search