#troll — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #troll, aggregated by home.social.
-
#ThrowbackThursday with an old Troll graphite drawing.✏️
#myart #troll #fairytale #folklore #fantasy #darkfantasy #horrorart #horror #drawing #monster #fantasyart #doodle #zeichnen #fediart #art #artist #artofmastodon #artistsofmastodon #Konaa #Kmac #macNessa #Konaa #illustration #AkasaSigna
-
#ThrowbackThursday with an old Troll graphite drawing.✏️
#myart #troll #fairytale #folklore #fantasy #darkfantasy #horrorart #horror #drawing #monster #fantasyart #doodle #zeichnen #fediart #art #artist #artofmastodon #artistsofmastodon #Konaa #Kmac #macNessa #Konaa #illustration #AkasaSigna
-
#ThrowbackThursday with an old Troll graphite drawing.✏️
#myart #troll #fairytale #folklore #fantasy #darkfantasy #horrorart #horror #drawing #monster #fantasyart #doodle #zeichnen #fediart #art #artist #artofmastodon #artistsofmastodon #Konaa #Kmac #macNessa #Konaa #illustration #AkasaSigna
-
#ThrowbackThursday with an old Troll graphite drawing.✏️
#myart #troll #fairytale #folklore #fantasy #darkfantasy #horrorart #horror #drawing #monster #fantasyart #doodle #zeichnen #fediart #art #artist #artofmastodon #artistsofmastodon #Konaa #Kmac #macNessa #Konaa #illustration #AkasaSigna
-
#ThrowbackThursday with an old Troll graphite drawing.✏️
#myart #troll #fairytale #folklore #fantasy #darkfantasy #horrorart #horror #drawing #monster #fantasyart #doodle #zeichnen #fediart #art #artist #artofmastodon #artistsofmastodon #Konaa #Kmac #macNessa #Konaa #illustration #AkasaSigna
-
Oh, look! #AMD decided to #troll #Linux users with #Vivado licensing changes, proving once again that open-source enthusiasts are merely pawns in their corporate chess game. 🎯🤦♂️ Meanwhile, AMD's PR department must be working overtime crafting excuses that no one will read. 📉
https://itsfoss.com/news/amd-vivado-bait-and-switch-on-linux-users/ #OpenSource #CorporateChess #HackerNews #ngated -
Oh, look! #AMD decided to #troll #Linux users with #Vivado licensing changes, proving once again that open-source enthusiasts are merely pawns in their corporate chess game. 🎯🤦♂️ Meanwhile, AMD's PR department must be working overtime crafting excuses that no one will read. 📉
https://itsfoss.com/news/amd-vivado-bait-and-switch-on-linux-users/ #OpenSource #CorporateChess #HackerNews #ngated -
Oh, look! #AMD decided to #troll #Linux users with #Vivado licensing changes, proving once again that open-source enthusiasts are merely pawns in their corporate chess game. 🎯🤦♂️ Meanwhile, AMD's PR department must be working overtime crafting excuses that no one will read. 📉
https://itsfoss.com/news/amd-vivado-bait-and-switch-on-linux-users/ #OpenSource #CorporateChess #HackerNews #ngated -
Oh, look! #AMD decided to #troll #Linux users with #Vivado licensing changes, proving once again that open-source enthusiasts are merely pawns in their corporate chess game. 🎯🤦♂️ Meanwhile, AMD's PR department must be working overtime crafting excuses that no one will read. 📉
https://itsfoss.com/news/amd-vivado-bait-and-switch-on-linux-users/ #OpenSource #CorporateChess #HackerNews #ngated -
Oh, look! #AMD decided to #troll #Linux users with #Vivado licensing changes, proving once again that open-source enthusiasts are merely pawns in their corporate chess game. 🎯🤦♂️ Meanwhile, AMD's PR department must be working overtime crafting excuses that no one will read. 📉
https://itsfoss.com/news/amd-vivado-bait-and-switch-on-linux-users/ #OpenSource #CorporateChess #HackerNews #ngated -
I don't post on Twitter any more, read-only
But just as a *lot* of people cannot bring themselves to admit that #Trump is *not* some sort of god-tier strategist who is playing twelve-dimensional geopolitical chess in a way that is too subtle for the human mind to comprehend,
so a *lot* of peeple cannot bring themselves to admit that #Musk is just a petty little twenty-something 4Chan /pol shitposting edgelord most of the time
He's not an adult, people, he's a troll who just loves how many people Musk has hanging on his every word, searching for wisdom
Musk is a fucking #Troll, people
Catch a clue, laugh at him, and move on
-
😦Zenoni is about to fight Koron❕❕❕❕❕❕❕❕❕❕❕❕
#mythicalcreatures #breakingnews
#thetruth #troll #stromdragon
#Luisenterianmentcrop #Waltonpictures
#starwaystudios #ravestudios
#snowmassmeidaenterprisesworldwide
#closeencountersproductions
#blueskycinemamagic #scifi #projectbluebook #worldpressexpeditions -
😦Zenoni is about to fight Koron❕❕❕❕❕❕❕❕❕❕❕❕
#mythicalcreatures #breakingnews
#thetruth #troll #stromdragon
#Luisenterianmentcrop #Waltonpictures
#starwaystudios #ravestudios
#snowmassmeidaenterprisesworldwide
#closeencountersproductions
#blueskycinemamagic #scifi #projectbluebook #worldpressexpeditions -
😦Zenoni is about to fight Koron❕❕❕❕❕❕❕❕❕❕❕❕
#mythicalcreatures #breakingnews
#thetruth #troll #stromdragon
#Luisenterianmentcrop #Waltonpictures
#starwaystudios #ravestudios
#snowmassmeidaenterprisesworldwide
#closeencountersproductions
#blueskycinemamagic #scifi #projectbluebook #worldpressexpeditions -
😦Zenoni is about to fight Koron❕❕❕❕❕❕❕❕❕❕❕❕
#mythicalcreatures #breakingnews
#thetruth #troll #stromdragon
#Luisenterianmentcrop #Waltonpictures
#starwaystudios #ravestudios
#snowmassmeidaenterprisesworldwide
#closeencountersproductions
#blueskycinemamagic #scifi #projectbluebook #worldpressexpeditions -
😦Zenoni is about to fight Koron❕❕❕❕❕❕❕❕❕❕❕❕
#mythicalcreatures #breakingnews
#thetruth #troll #stromdragon
#Luisenterianmentcrop #Waltonpictures
#starwaystudios #ravestudios
#snowmassmeidaenterprisesworldwide
#closeencountersproductions
#blueskycinemamagic #scifi #projectbluebook #worldpressexpeditions -
Politicians to Ditch Signal for Homegrown Apps
European governments are transitioning from encrypted messaging applications like Signal and WhatsApp to sovereign Matrix-based solutions. This shift follows successful phishing campaigns, primarily attributed to Russian intelligence services, exploiting Signal's linked devices feature to gain persistent access to political communications. While Signal was initially recommended for external communications, scope creep led to its widespread use for sensitive statecraft discussions. Matrix-based systems offer advantages including federated architecture, government-controlled identity platforms, and customizable data retention policies. However, these homegrown solutions introduce new security vulnerabilities and implementation challenges. The walled-garden nature of current sovereign systems limits their utility for international diplomacy, suggesting Signal will continue to be used for communications with external parties despite the security concerns.
Pulse ID: 6a0ec4bc3bab6cd24d3d05be
Pulse Link: https://otx.alienvault.com/pulse/6a0ec4bc3bab6cd24d3d05be
Pulse Author: AlienVault
Created: 2026-05-21 08:39:24Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Europe #Government #InfoSec #Mac #OTX #OpenThreatExchange #Phishing #RAT #Russia #Troll #WhatsApp #bot #AlienVault
-
The Worm That Keeps on Digging: Latest Wave
A sophisticated supply chain campaign targeting the open source developer ecosystem has emerged, compromising NPM packages in the @antv namespace, GitHub Actions including actions-cool/issues-helper, and the VSCode extension nrwl.angular-console. The malware initiates multi-stage infection chains using GitHub-hosted infrastructure and orphaned commits to deploy payloads via bun. It harvests extensive credentials including GitHub tokens, SSH keys, cloud credentials, and browser secrets, exfiltrating data through attacker-controlled public GitHub repositories. The campaign establishes persistence through a Python backdoor that polls GitHub for signed commands containing specific trigger strings, enabling remote code execution. Infrastructure analysis and operational patterns indicate moderate confidence attribution to the threat actor TeamPCP.
Pulse ID: 6a0c5b666ccb232590e33087
Pulse Link: https://otx.alienvault.com/pulse/6a0c5b666ccb232590e33087
Pulse Author: AlienVault
Created: 2026-05-19 12:45:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Browser #Cloud #CyberSecurity #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #Python #RAT #RCE #RemoteCodeExecution #SSH #SupplyChain #Troll #Worm #bot #AlienVault
-
Popular node-ipc npm Package Infected with Credential Stealer
A supply chain attack has compromised the node-ipc npm package, with malicious versions 9.1.6, 9.2.3, and 12.0.1 containing obfuscated stealer and backdoor functionality. The attack vector involved takeover of a dormant maintainer account through an expired email domain. The malware fingerprints host environments, enumerates and reads local files including SSH keys, cloud credentials, database configurations, and various developer secrets. Collected data is compressed into a gzip archive and exfiltrated via DNS TXT queries to attacker-controlled infrastructure disguised as legitimate Azure domains. The payload targets over 100 file patterns across macOS and Linux systems, focusing on developer credentials from AWS, Azure, GCP, Kubernetes, Docker, npm, GitHub, and numerous other services. The malicious code executes during CommonJS module loading, forking a detached child process to perform credential harvesting while avoiding detection through obfuscation and DNS-based covert channels.
Pulse ID: 6a0d970e99916e7e7e17c893
Pulse Link: https://otx.alienvault.com/pulse/6a0d970e99916e7e7e17c893
Pulse Author: AlienVault
Created: 2026-05-20 11:12:14Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #Azure #BackDoor #Cloud #CredentialHarvesting #CyberSecurity #DNS #Docker #Email #GitHub #InfoSec #Linux #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #RAT #SSH #SupplyChain #Troll #ZIP #bot #AlienVault
-
Popular node-ipc npm Package Infected with Credential Stealer
A supply chain attack has compromised the node-ipc npm package, with malicious versions 9.1.6, 9.2.3, and 12.0.1 containing obfuscated stealer and backdoor functionality. The attack vector involved takeover of a dormant maintainer account through an expired email domain. The malware fingerprints host environments, enumerates and reads local files including SSH keys, cloud credentials, database configurations, and various developer secrets. Collected data is compressed into a gzip archive and exfiltrated via DNS TXT queries to attacker-controlled infrastructure disguised as legitimate Azure domains. The payload targets over 100 file patterns across macOS and Linux systems, focusing on developer credentials from AWS, Azure, GCP, Kubernetes, Docker, npm, GitHub, and numerous other services. The malicious code executes during CommonJS module loading, forking a detached child process to perform credential harvesting while avoiding detection through obfuscation and DNS-based covert channels.
Pulse ID: 6a0d970e99916e7e7e17c893
Pulse Link: https://otx.alienvault.com/pulse/6a0d970e99916e7e7e17c893
Pulse Author: AlienVault
Created: 2026-05-20 11:12:14Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #Azure #BackDoor #Cloud #CredentialHarvesting #CyberSecurity #DNS #Docker #Email #GitHub #InfoSec #Linux #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #RAT #SSH #SupplyChain #Troll #ZIP #bot #AlienVault
-
Popular node-ipc npm Package Infected with Credential Stealer
A supply chain attack has compromised the node-ipc npm package, with malicious versions 9.1.6, 9.2.3, and 12.0.1 containing obfuscated stealer and backdoor functionality. The attack vector involved takeover of a dormant maintainer account through an expired email domain. The malware fingerprints host environments, enumerates and reads local files including SSH keys, cloud credentials, database configurations, and various developer secrets. Collected data is compressed into a gzip archive and exfiltrated via DNS TXT queries to attacker-controlled infrastructure disguised as legitimate Azure domains. The payload targets over 100 file patterns across macOS and Linux systems, focusing on developer credentials from AWS, Azure, GCP, Kubernetes, Docker, npm, GitHub, and numerous other services. The malicious code executes during CommonJS module loading, forking a detached child process to perform credential harvesting while avoiding detection through obfuscation and DNS-based covert channels.
Pulse ID: 6a0d970e99916e7e7e17c893
Pulse Link: https://otx.alienvault.com/pulse/6a0d970e99916e7e7e17c893
Pulse Author: AlienVault
Created: 2026-05-20 11:12:14Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #Azure #BackDoor #Cloud #CredentialHarvesting #CyberSecurity #DNS #Docker #Email #GitHub #InfoSec #Linux #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #RAT #SSH #SupplyChain #Troll #ZIP #bot #AlienVault
-
Popular node-ipc npm Package Infected with Credential Stealer
A supply chain attack has compromised the node-ipc npm package, with malicious versions 9.1.6, 9.2.3, and 12.0.1 containing obfuscated stealer and backdoor functionality. The attack vector involved takeover of a dormant maintainer account through an expired email domain. The malware fingerprints host environments, enumerates and reads local files including SSH keys, cloud credentials, database configurations, and various developer secrets. Collected data is compressed into a gzip archive and exfiltrated via DNS TXT queries to attacker-controlled infrastructure disguised as legitimate Azure domains. The payload targets over 100 file patterns across macOS and Linux systems, focusing on developer credentials from AWS, Azure, GCP, Kubernetes, Docker, npm, GitHub, and numerous other services. The malicious code executes during CommonJS module loading, forking a detached child process to perform credential harvesting while avoiding detection through obfuscation and DNS-based covert channels.
Pulse ID: 6a0d970e99916e7e7e17c893
Pulse Link: https://otx.alienvault.com/pulse/6a0d970e99916e7e7e17c893
Pulse Author: AlienVault
Created: 2026-05-20 11:12:14Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #Azure #BackDoor #Cloud #CredentialHarvesting #CyberSecurity #DNS #Docker #Email #GitHub #InfoSec #Linux #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #RAT #SSH #SupplyChain #Troll #ZIP #bot #AlienVault
-
Popular node-ipc npm Package Infected with Credential Stealer
A supply chain attack has compromised the node-ipc npm package, with malicious versions 9.1.6, 9.2.3, and 12.0.1 containing obfuscated stealer and backdoor functionality. The attack vector involved takeover of a dormant maintainer account through an expired email domain. The malware fingerprints host environments, enumerates and reads local files including SSH keys, cloud credentials, database configurations, and various developer secrets. Collected data is compressed into a gzip archive and exfiltrated via DNS TXT queries to attacker-controlled infrastructure disguised as legitimate Azure domains. The payload targets over 100 file patterns across macOS and Linux systems, focusing on developer credentials from AWS, Azure, GCP, Kubernetes, Docker, npm, GitHub, and numerous other services. The malicious code executes during CommonJS module loading, forking a detached child process to perform credential harvesting while avoiding detection through obfuscation and DNS-based covert channels.
Pulse ID: 6a0d970e99916e7e7e17c893
Pulse Link: https://otx.alienvault.com/pulse/6a0d970e99916e7e7e17c893
Pulse Author: AlienVault
Created: 2026-05-20 11:12:14Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #Azure #BackDoor #Cloud #CredentialHarvesting #CyberSecurity #DNS #Docker #Email #GitHub #InfoSec #Linux #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #RAT #SSH #SupplyChain #Troll #ZIP #bot #AlienVault
-
Ich stelle fest, es gibt keine Antwort, somit keinen Beleg für Deine Behauptung. Offenbar ein #Troll.
➡️ geblockt 🚫
-
Yen a qui sont sur #bluesky ? Je me suis reconnecté, ça faisait 1 an que j’y avais pas mis les pieds 😅
J’ai l’impression qu’il y a toujours aussi peu d’interactions entre utilisateurices, et que c’est surtout des comptes “mainstream”/médias qui postent.
Y a eu des vraies évolutions depuis ? Leur modèle économique a changé ou c’est toujours un peu flou ? Oui je sais techniquement leur protocole est meilleur que Masto (#troll)
#retourdexpériences -
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
Cisco Talos tracks active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing remote attackers to obtain administrative privileges. The exploitation is attributed to UAT-8616, a sophisticated threat actor previously involved in similar attacks. Additionally, multiple threat clusters have been exploiting CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 since March 2026, following public release of proof-of-concept code by ZeroZenX Labs. Post-compromise activities include deployment of various webshells, including XenShell, Godzilla, and Behinder variants, along with cryptocurrency miners, red team frameworks like Sliver and AdaptixC2, and credential stealers. Ten distinct threat clusters have been identified, each utilizing different malicious tooling and infrastructure. Affected systems require immediate patching and security measures.
Pulse ID: 6a062c38dfdb5434bb2f0876
Pulse Link: https://otx.alienvault.com/pulse/6a062c38dfdb5434bb2f0876
Pulse Author: AlienVault
Created: 2026-05-14 20:10:32Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Sliver #Talos #Troll #Vulnerability #bot #cryptocurrency #AlienVault
-
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
Cisco Talos tracks active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing remote attackers to obtain administrative privileges. The exploitation is attributed to UAT-8616, a sophisticated threat actor previously involved in similar attacks. Additionally, multiple threat clusters have been exploiting CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 since March 2026, following public release of proof-of-concept code by ZeroZenX Labs. Post-compromise activities include deployment of various webshells, including XenShell, Godzilla, and Behinder variants, along with cryptocurrency miners, red team frameworks like Sliver and AdaptixC2, and credential stealers. Ten distinct threat clusters have been identified, each utilizing different malicious tooling and infrastructure. Affected systems require immediate patching and security measures.
Pulse ID: 6a062c38dfdb5434bb2f0876
Pulse Link: https://otx.alienvault.com/pulse/6a062c38dfdb5434bb2f0876
Pulse Author: AlienVault
Created: 2026-05-14 20:10:32Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Sliver #Talos #Troll #Vulnerability #bot #cryptocurrency #AlienVault
-
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
Cisco Talos tracks active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing remote attackers to obtain administrative privileges. The exploitation is attributed to UAT-8616, a sophisticated threat actor previously involved in similar attacks. Additionally, multiple threat clusters have been exploiting CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 since March 2026, following public release of proof-of-concept code by ZeroZenX Labs. Post-compromise activities include deployment of various webshells, including XenShell, Godzilla, and Behinder variants, along with cryptocurrency miners, red team frameworks like Sliver and AdaptixC2, and credential stealers. Ten distinct threat clusters have been identified, each utilizing different malicious tooling and infrastructure. Affected systems require immediate patching and security measures.
Pulse ID: 6a062c38dfdb5434bb2f0876
Pulse Link: https://otx.alienvault.com/pulse/6a062c38dfdb5434bb2f0876
Pulse Author: AlienVault
Created: 2026-05-14 20:10:32Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Sliver #Talos #Troll #Vulnerability #bot #cryptocurrency #AlienVault
-
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
Cisco Talos tracks active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing remote attackers to obtain administrative privileges. The exploitation is attributed to UAT-8616, a sophisticated threat actor previously involved in similar attacks. Additionally, multiple threat clusters have been exploiting CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 since March 2026, following public release of proof-of-concept code by ZeroZenX Labs. Post-compromise activities include deployment of various webshells, including XenShell, Godzilla, and Behinder variants, along with cryptocurrency miners, red team frameworks like Sliver and AdaptixC2, and credential stealers. Ten distinct threat clusters have been identified, each utilizing different malicious tooling and infrastructure. Affected systems require immediate patching and security measures.
Pulse ID: 6a062c38dfdb5434bb2f0876
Pulse Link: https://otx.alienvault.com/pulse/6a062c38dfdb5434bb2f0876
Pulse Author: AlienVault
Created: 2026-05-14 20:10:32Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Sliver #Talos #Troll #Vulnerability #bot #cryptocurrency #AlienVault
-
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
Cisco Talos tracks active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing remote attackers to obtain administrative privileges. The exploitation is attributed to UAT-8616, a sophisticated threat actor previously involved in similar attacks. Additionally, multiple threat clusters have been exploiting CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 since March 2026, following public release of proof-of-concept code by ZeroZenX Labs. Post-compromise activities include deployment of various webshells, including XenShell, Godzilla, and Behinder variants, along with cryptocurrency miners, red team frameworks like Sliver and AdaptixC2, and credential stealers. Ten distinct threat clusters have been identified, each utilizing different malicious tooling and infrastructure. Affected systems require immediate patching and security measures.
Pulse ID: 6a062c38dfdb5434bb2f0876
Pulse Link: https://otx.alienvault.com/pulse/6a062c38dfdb5434bb2f0876
Pulse Author: AlienVault
Created: 2026-05-14 20:10:32Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Sliver #Talos #Troll #Vulnerability #bot #cryptocurrency #AlienVault
-
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...
Pulse ID: 6a073a73501adf1f890b1a5e
Pulse Link: https://otx.alienvault.com/pulse/6a073a73501adf1f890b1a5e
Pulse Author: AlienVault
Created: 2026-05-15 15:23:31Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault
-
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...
Pulse ID: 6a073a73501adf1f890b1a5e
Pulse Link: https://otx.alienvault.com/pulse/6a073a73501adf1f890b1a5e
Pulse Author: AlienVault
Created: 2026-05-15 15:23:31Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault
-
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...
Pulse ID: 6a073a73501adf1f890b1a5e
Pulse Link: https://otx.alienvault.com/pulse/6a073a73501adf1f890b1a5e
Pulse Author: AlienVault
Created: 2026-05-15 15:23:31Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault
-
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...
Pulse ID: 6a073a73501adf1f890b1a5e
Pulse Link: https://otx.alienvault.com/pulse/6a073a73501adf1f890b1a5e
Pulse Author: AlienVault
Created: 2026-05-15 15:23:31Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault
-
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...
Pulse ID: 6a073a73501adf1f890b1a5e
Pulse Link: https://otx.alienvault.com/pulse/6a073a73501adf1f890b1a5e
Pulse Author: AlienVault
Created: 2026-05-15 15:23:31Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault
-
-
-
-
-