#candc — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #candc, aggregated by home.social.
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Q1 2026 Malware Statistics Report for Windows Database Servers
During the first quarter of 2026, Windows-based MS-SQL and MySQL database servers experienced consistent malicious attacks with a temporary decrease in February before rising again in March. The primary threat actor, Larva-26002, leveraged various utilities including BCP, curl, bitsadmin, and PowerShell to deploy a Go-based scanner called ICE Cloud, which contained Turkish language strings and C&C-based scanning capabilities. This tool attempted MS-SQL authentication using predefined credentials. Attack methods primarily consisted of brute force attacks, dictionary attacks, and exploitation of unpatched systems with misconfigured accounts stemming from inadequate account management practices.
Pulse ID: 69de00aae91f11a6bf2fbe68
Pulse Link: https://otx.alienvault.com/pulse/69de00aae91f11a6bf2fbe68
Pulse Author: AlienVault
Created: 2026-04-14 08:54:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BruteForce #CandC #Cloud #CyberSecurity #ICS #InfoSec #MSSQL #Malware #MySQL #OTX #OpenThreatExchange #PowerShell #RCE #SQL #Turkish #Windows #bot #AlienVault
-
Q1 2026 Malware Statistics Report for Windows Database Servers
During the first quarter of 2026, Windows-based MS-SQL and MySQL database servers experienced consistent malicious attacks with a temporary decrease in February before rising again in March. The primary threat actor, Larva-26002, leveraged various utilities including BCP, curl, bitsadmin, and PowerShell to deploy a Go-based scanner called ICE Cloud, which contained Turkish language strings and C&C-based scanning capabilities. This tool attempted MS-SQL authentication using predefined credentials. Attack methods primarily consisted of brute force attacks, dictionary attacks, and exploitation of unpatched systems with misconfigured accounts stemming from inadequate account management practices.
Pulse ID: 69de00aae91f11a6bf2fbe68
Pulse Link: https://otx.alienvault.com/pulse/69de00aae91f11a6bf2fbe68
Pulse Author: AlienVault
Created: 2026-04-14 08:54:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BruteForce #CandC #Cloud #CyberSecurity #ICS #InfoSec #MSSQL #Malware #MySQL #OTX #OpenThreatExchange #PowerShell #RCE #SQL #Turkish #Windows #bot #AlienVault
-
Q1 2026 Malware Statistics Report for Windows Database Servers
During the first quarter of 2026, Windows-based MS-SQL and MySQL database servers experienced consistent malicious attacks with a temporary decrease in February before rising again in March. The primary threat actor, Larva-26002, leveraged various utilities including BCP, curl, bitsadmin, and PowerShell to deploy a Go-based scanner called ICE Cloud, which contained Turkish language strings and C&C-based scanning capabilities. This tool attempted MS-SQL authentication using predefined credentials. Attack methods primarily consisted of brute force attacks, dictionary attacks, and exploitation of unpatched systems with misconfigured accounts stemming from inadequate account management practices.
Pulse ID: 69de00aae91f11a6bf2fbe68
Pulse Link: https://otx.alienvault.com/pulse/69de00aae91f11a6bf2fbe68
Pulse Author: AlienVault
Created: 2026-04-14 08:54:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BruteForce #CandC #Cloud #CyberSecurity #ICS #InfoSec #MSSQL #Malware #MySQL #OTX #OpenThreatExchange #PowerShell #RCE #SQL #Turkish #Windows #bot #AlienVault
-
Q1 2026 Malware Statistics Report for Windows Database Servers
During the first quarter of 2026, Windows-based MS-SQL and MySQL database servers experienced consistent malicious attacks with a temporary decrease in February before rising again in March. The primary threat actor, Larva-26002, leveraged various utilities including BCP, curl, bitsadmin, and PowerShell to deploy a Go-based scanner called ICE Cloud, which contained Turkish language strings and C&C-based scanning capabilities. This tool attempted MS-SQL authentication using predefined credentials. Attack methods primarily consisted of brute force attacks, dictionary attacks, and exploitation of unpatched systems with misconfigured accounts stemming from inadequate account management practices.
Pulse ID: 69de00aae91f11a6bf2fbe68
Pulse Link: https://otx.alienvault.com/pulse/69de00aae91f11a6bf2fbe68
Pulse Author: AlienVault
Created: 2026-04-14 08:54:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BruteForce #CandC #Cloud #CyberSecurity #ICS #InfoSec #MSSQL #Malware #MySQL #OTX #OpenThreatExchange #PowerShell #RCE #SQL #Turkish #Windows #bot #AlienVault
-
Q1 2026 Malware Statistics Report for Windows Database Servers
During the first quarter of 2026, Windows-based MS-SQL and MySQL database servers experienced consistent malicious attacks with a temporary decrease in February before rising again in March. The primary threat actor, Larva-26002, leveraged various utilities including BCP, curl, bitsadmin, and PowerShell to deploy a Go-based scanner called ICE Cloud, which contained Turkish language strings and C&C-based scanning capabilities. This tool attempted MS-SQL authentication using predefined credentials. Attack methods primarily consisted of brute force attacks, dictionary attacks, and exploitation of unpatched systems with misconfigured accounts stemming from inadequate account management practices.
Pulse ID: 69de00aae91f11a6bf2fbe68
Pulse Link: https://otx.alienvault.com/pulse/69de00aae91f11a6bf2fbe68
Pulse Author: AlienVault
Created: 2026-04-14 08:54:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BruteForce #CandC #Cloud #CyberSecurity #ICS #InfoSec #MSSQL #Malware #MySQL #OTX #OpenThreatExchange #PowerShell #RCE #SQL #Turkish #Windows #bot #AlienVault
-
Let's all take a moment to celebrate this underappreciated masterpiece.
-
Let's all take a moment to celebrate this underappreciated masterpiece.
-
Uuh, EA open sourced some of it‘s iconic Command & Conquer games.
#EA #CommandAndConquer #CAndC #OpenSource #GitHub #Games #GameDev #IndieGameDev #Gameing
-
Finished the #ShadowsOfTheHalflingHall #CastelsAndCrusades #CAndC adventure last night with my group.
I'm still really pleased with the game. Most of the players appreciate the simple resolution mechanic and how fast we can move through things.
I also came to realize that I tend to run most of my #TTRPG sessions much more old school than I initially realize.
I like to give them puzzles with no clear or set resolution and watch them come up with the cleverest solutions then let them make some rolls. They get so excited and it's a lot of work and planning off of my shoulders.
-
Nice day out yesterday on inaugural #CandC #BillyBlandChallenge club training #run on #TherfieldHeath, near #Royston. About the best #hills we get around here, which is a bit sad for a #FellRunning group! https://strava.app.link/onTgECAYWub