home.social

#troll — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #troll, aggregated by home.social.

  1. Oh, look! #AMD decided to #troll #Linux users with #Vivado licensing changes, proving once again that open-source enthusiasts are merely pawns in their corporate chess game. 🎯🤦‍♂️ Meanwhile, AMD's PR department must be working overtime crafting excuses that no one will read. 📉
    itsfoss.com/news/amd-vivado-ba #OpenSource #CorporateChess #HackerNews #ngated

  2. Oh, look! #AMD decided to #troll #Linux users with #Vivado licensing changes, proving once again that open-source enthusiasts are merely pawns in their corporate chess game. 🎯🤦‍♂️ Meanwhile, AMD's PR department must be working overtime crafting excuses that no one will read. 📉
    itsfoss.com/news/amd-vivado-ba #OpenSource #CorporateChess #HackerNews #ngated

  3. Oh, look! #AMD decided to #troll #Linux users with #Vivado licensing changes, proving once again that open-source enthusiasts are merely pawns in their corporate chess game. 🎯🤦‍♂️ Meanwhile, AMD's PR department must be working overtime crafting excuses that no one will read. 📉
    itsfoss.com/news/amd-vivado-ba #OpenSource #CorporateChess #HackerNews #ngated

  4. Oh, look! #AMD decided to #troll #Linux users with #Vivado licensing changes, proving once again that open-source enthusiasts are merely pawns in their corporate chess game. 🎯🤦‍♂️ Meanwhile, AMD's PR department must be working overtime crafting excuses that no one will read. 📉
    itsfoss.com/news/amd-vivado-ba #OpenSource #CorporateChess #HackerNews #ngated

  5. Oh, look! #AMD decided to #troll #Linux users with #Vivado licensing changes, proving once again that open-source enthusiasts are merely pawns in their corporate chess game. 🎯🤦‍♂️ Meanwhile, AMD's PR department must be working overtime crafting excuses that no one will read. 📉
    itsfoss.com/news/amd-vivado-ba #OpenSource #CorporateChess #HackerNews #ngated

  6. @masnick.com

    I don't post on Twitter any more, read-only

    But just as a *lot* of people cannot bring themselves to admit that #Trump is *not* some sort of god-tier strategist who is playing twelve-dimensional geopolitical chess in a way that is too subtle for the human mind to comprehend,

    so a *lot* of peeple cannot bring themselves to admit that #Musk is just a petty little twenty-something 4Chan /pol shitposting edgelord most of the time

    He's not an adult, people, he's a troll who just loves how many people Musk has hanging on his every word, searching for wisdom

    Musk is a fucking #Troll, people

    Catch a clue, laugh at him, and move on

  7. Politicians to Ditch Signal for Homegrown Apps

    European governments are transitioning from encrypted messaging applications like Signal and WhatsApp to sovereign Matrix-based solutions. This shift follows successful phishing campaigns, primarily attributed to Russian intelligence services, exploiting Signal's linked devices feature to gain persistent access to political communications. While Signal was initially recommended for external communications, scope creep led to its widespread use for sensitive statecraft discussions. Matrix-based systems offer advantages including federated architecture, government-controlled identity platforms, and customizable data retention policies. However, these homegrown solutions introduce new security vulnerabilities and implementation challenges. The walled-garden nature of current sovereign systems limits their utility for international diplomacy, suggesting Signal will continue to be used for communications with external parties despite the security concerns.

    Pulse ID: 6a0ec4bc3bab6cd24d3d05be
    Pulse Link: otx.alienvault.com/pulse/6a0ec
    Pulse Author: AlienVault
    Created: 2026-05-21 08:39:24

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #Europe #Government #InfoSec #Mac #OTX #OpenThreatExchange #Phishing #RAT #Russia #Troll #WhatsApp #bot #AlienVault

  8. The Worm That Keeps on Digging: Latest Wave

    A sophisticated supply chain campaign targeting the open source developer ecosystem has emerged, compromising NPM packages in the @antv namespace, GitHub Actions including actions-cool/issues-helper, and the VSCode extension nrwl.angular-console. The malware initiates multi-stage infection chains using GitHub-hosted infrastructure and orphaned commits to deploy payloads via bun. It harvests extensive credentials including GitHub tokens, SSH keys, cloud credentials, and browser secrets, exfiltrating data through attacker-controlled public GitHub repositories. The campaign establishes persistence through a Python backdoor that polls GitHub for signed commands containing specific trigger strings, enabling remote code execution. Infrastructure analysis and operational patterns indicate moderate confidence attribution to the threat actor TeamPCP.

    Pulse ID: 6a0c5b666ccb232590e33087
    Pulse Link: otx.alienvault.com/pulse/6a0c5
    Pulse Author: AlienVault
    Created: 2026-05-19 12:45:26

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Cloud #CyberSecurity #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #Python #RAT #RCE #RemoteCodeExecution #SSH #SupplyChain #Troll #Worm #bot #AlienVault

  9. Popular node-ipc npm Package Infected with Credential Stealer

    A supply chain attack has compromised the node-ipc npm package, with malicious versions 9.1.6, 9.2.3, and 12.0.1 containing obfuscated stealer and backdoor functionality. The attack vector involved takeover of a dormant maintainer account through an expired email domain. The malware fingerprints host environments, enumerates and reads local files including SSH keys, cloud credentials, database configurations, and various developer secrets. Collected data is compressed into a gzip archive and exfiltrated via DNS TXT queries to attacker-controlled infrastructure disguised as legitimate Azure domains. The payload targets over 100 file patterns across macOS and Linux systems, focusing on developer credentials from AWS, Azure, GCP, Kubernetes, Docker, npm, GitHub, and numerous other services. The malicious code executes during CommonJS module loading, forking a detached child process to perform credential harvesting while avoiding detection through obfuscation and DNS-based covert channels.

    Pulse ID: 6a0d970e99916e7e7e17c893
    Pulse Link: otx.alienvault.com/pulse/6a0d9
    Pulse Author: AlienVault
    Created: 2026-05-20 11:12:14

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AWS #Azure #BackDoor #Cloud #CredentialHarvesting #CyberSecurity #DNS #Docker #Email #GitHub #InfoSec #Linux #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #RAT #SSH #SupplyChain #Troll #ZIP #bot #AlienVault

  10. Popular node-ipc npm Package Infected with Credential Stealer

    A supply chain attack has compromised the node-ipc npm package, with malicious versions 9.1.6, 9.2.3, and 12.0.1 containing obfuscated stealer and backdoor functionality. The attack vector involved takeover of a dormant maintainer account through an expired email domain. The malware fingerprints host environments, enumerates and reads local files including SSH keys, cloud credentials, database configurations, and various developer secrets. Collected data is compressed into a gzip archive and exfiltrated via DNS TXT queries to attacker-controlled infrastructure disguised as legitimate Azure domains. The payload targets over 100 file patterns across macOS and Linux systems, focusing on developer credentials from AWS, Azure, GCP, Kubernetes, Docker, npm, GitHub, and numerous other services. The malicious code executes during CommonJS module loading, forking a detached child process to perform credential harvesting while avoiding detection through obfuscation and DNS-based covert channels.

    Pulse ID: 6a0d970e99916e7e7e17c893
    Pulse Link: otx.alienvault.com/pulse/6a0d9
    Pulse Author: AlienVault
    Created: 2026-05-20 11:12:14

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AWS #Azure #BackDoor #Cloud #CredentialHarvesting #CyberSecurity #DNS #Docker #Email #GitHub #InfoSec #Linux #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #RAT #SSH #SupplyChain #Troll #ZIP #bot #AlienVault

  11. Popular node-ipc npm Package Infected with Credential Stealer

    A supply chain attack has compromised the node-ipc npm package, with malicious versions 9.1.6, 9.2.3, and 12.0.1 containing obfuscated stealer and backdoor functionality. The attack vector involved takeover of a dormant maintainer account through an expired email domain. The malware fingerprints host environments, enumerates and reads local files including SSH keys, cloud credentials, database configurations, and various developer secrets. Collected data is compressed into a gzip archive and exfiltrated via DNS TXT queries to attacker-controlled infrastructure disguised as legitimate Azure domains. The payload targets over 100 file patterns across macOS and Linux systems, focusing on developer credentials from AWS, Azure, GCP, Kubernetes, Docker, npm, GitHub, and numerous other services. The malicious code executes during CommonJS module loading, forking a detached child process to perform credential harvesting while avoiding detection through obfuscation and DNS-based covert channels.

    Pulse ID: 6a0d970e99916e7e7e17c893
    Pulse Link: otx.alienvault.com/pulse/6a0d9
    Pulse Author: AlienVault
    Created: 2026-05-20 11:12:14

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AWS #Azure #BackDoor #Cloud #CredentialHarvesting #CyberSecurity #DNS #Docker #Email #GitHub #InfoSec #Linux #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #RAT #SSH #SupplyChain #Troll #ZIP #bot #AlienVault

  12. Popular node-ipc npm Package Infected with Credential Stealer

    A supply chain attack has compromised the node-ipc npm package, with malicious versions 9.1.6, 9.2.3, and 12.0.1 containing obfuscated stealer and backdoor functionality. The attack vector involved takeover of a dormant maintainer account through an expired email domain. The malware fingerprints host environments, enumerates and reads local files including SSH keys, cloud credentials, database configurations, and various developer secrets. Collected data is compressed into a gzip archive and exfiltrated via DNS TXT queries to attacker-controlled infrastructure disguised as legitimate Azure domains. The payload targets over 100 file patterns across macOS and Linux systems, focusing on developer credentials from AWS, Azure, GCP, Kubernetes, Docker, npm, GitHub, and numerous other services. The malicious code executes during CommonJS module loading, forking a detached child process to perform credential harvesting while avoiding detection through obfuscation and DNS-based covert channels.

    Pulse ID: 6a0d970e99916e7e7e17c893
    Pulse Link: otx.alienvault.com/pulse/6a0d9
    Pulse Author: AlienVault
    Created: 2026-05-20 11:12:14

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AWS #Azure #BackDoor #Cloud #CredentialHarvesting #CyberSecurity #DNS #Docker #Email #GitHub #InfoSec #Linux #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #RAT #SSH #SupplyChain #Troll #ZIP #bot #AlienVault

  13. Popular node-ipc npm Package Infected with Credential Stealer

    A supply chain attack has compromised the node-ipc npm package, with malicious versions 9.1.6, 9.2.3, and 12.0.1 containing obfuscated stealer and backdoor functionality. The attack vector involved takeover of a dormant maintainer account through an expired email domain. The malware fingerprints host environments, enumerates and reads local files including SSH keys, cloud credentials, database configurations, and various developer secrets. Collected data is compressed into a gzip archive and exfiltrated via DNS TXT queries to attacker-controlled infrastructure disguised as legitimate Azure domains. The payload targets over 100 file patterns across macOS and Linux systems, focusing on developer credentials from AWS, Azure, GCP, Kubernetes, Docker, npm, GitHub, and numerous other services. The malicious code executes during CommonJS module loading, forking a detached child process to perform credential harvesting while avoiding detection through obfuscation and DNS-based covert channels.

    Pulse ID: 6a0d970e99916e7e7e17c893
    Pulse Link: otx.alienvault.com/pulse/6a0d9
    Pulse Author: AlienVault
    Created: 2026-05-20 11:12:14

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AWS #Azure #BackDoor #Cloud #CredentialHarvesting #CyberSecurity #DNS #Docker #Email #GitHub #InfoSec #Linux #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #RAT #SSH #SupplyChain #Troll #ZIP #bot #AlienVault

  14. @hoernchen

    Ich stelle fest, es gibt keine Antwort, somit keinen Beleg für Deine Behauptung. Offenbar ein #Troll.

    ➡️ geblockt 🚫

    @nocci @antifa_im_exil

  15. Yen a qui sont sur #bluesky ? Je me suis reconnecté, ça faisait 1 an que j’y avais pas mis les pieds 😅

    J’ai l’impression qu’il y a toujours aussi peu d’interactions entre utilisateurices, et que c’est surtout des comptes “mainstream”/médias qui postent.

    Y a eu des vraies évolutions depuis ? Leur modèle économique a changé ou c’est toujours un peu flou ? Oui je sais techniquement leur protocole est meilleur que Masto (#troll)
    #retourdexpériences

  16. Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities

    Cisco Talos tracks active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing remote attackers to obtain administrative privileges. The exploitation is attributed to UAT-8616, a sophisticated threat actor previously involved in similar attacks. Additionally, multiple threat clusters have been exploiting CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 since March 2026, following public release of proof-of-concept code by ZeroZenX Labs. Post-compromise activities include deployment of various webshells, including XenShell, Godzilla, and Behinder variants, along with cryptocurrency miners, red team frameworks like Sliver and AdaptixC2, and credential stealers. Ten distinct threat clusters have been identified, each utilizing different malicious tooling and infrastructure. Affected systems require immediate patching and security measures.

    Pulse ID: 6a062c38dfdb5434bb2f0876
    Pulse Link: otx.alienvault.com/pulse/6a062
    Pulse Author: AlienVault
    Created: 2026-05-14 20:10:32

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Sliver #Talos #Troll #Vulnerability #bot #cryptocurrency #AlienVault

  17. Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities

    Cisco Talos tracks active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing remote attackers to obtain administrative privileges. The exploitation is attributed to UAT-8616, a sophisticated threat actor previously involved in similar attacks. Additionally, multiple threat clusters have been exploiting CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 since March 2026, following public release of proof-of-concept code by ZeroZenX Labs. Post-compromise activities include deployment of various webshells, including XenShell, Godzilla, and Behinder variants, along with cryptocurrency miners, red team frameworks like Sliver and AdaptixC2, and credential stealers. Ten distinct threat clusters have been identified, each utilizing different malicious tooling and infrastructure. Affected systems require immediate patching and security measures.

    Pulse ID: 6a062c38dfdb5434bb2f0876
    Pulse Link: otx.alienvault.com/pulse/6a062
    Pulse Author: AlienVault
    Created: 2026-05-14 20:10:32

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Sliver #Talos #Troll #Vulnerability #bot #cryptocurrency #AlienVault

  18. Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities

    Cisco Talos tracks active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing remote attackers to obtain administrative privileges. The exploitation is attributed to UAT-8616, a sophisticated threat actor previously involved in similar attacks. Additionally, multiple threat clusters have been exploiting CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 since March 2026, following public release of proof-of-concept code by ZeroZenX Labs. Post-compromise activities include deployment of various webshells, including XenShell, Godzilla, and Behinder variants, along with cryptocurrency miners, red team frameworks like Sliver and AdaptixC2, and credential stealers. Ten distinct threat clusters have been identified, each utilizing different malicious tooling and infrastructure. Affected systems require immediate patching and security measures.

    Pulse ID: 6a062c38dfdb5434bb2f0876
    Pulse Link: otx.alienvault.com/pulse/6a062
    Pulse Author: AlienVault
    Created: 2026-05-14 20:10:32

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Sliver #Talos #Troll #Vulnerability #bot #cryptocurrency #AlienVault

  19. Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities

    Cisco Talos tracks active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing remote attackers to obtain administrative privileges. The exploitation is attributed to UAT-8616, a sophisticated threat actor previously involved in similar attacks. Additionally, multiple threat clusters have been exploiting CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 since March 2026, following public release of proof-of-concept code by ZeroZenX Labs. Post-compromise activities include deployment of various webshells, including XenShell, Godzilla, and Behinder variants, along with cryptocurrency miners, red team frameworks like Sliver and AdaptixC2, and credential stealers. Ten distinct threat clusters have been identified, each utilizing different malicious tooling and infrastructure. Affected systems require immediate patching and security measures.

    Pulse ID: 6a062c38dfdb5434bb2f0876
    Pulse Link: otx.alienvault.com/pulse/6a062
    Pulse Author: AlienVault
    Created: 2026-05-14 20:10:32

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Sliver #Talos #Troll #Vulnerability #bot #cryptocurrency #AlienVault

  20. Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities

    Cisco Talos tracks active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing remote attackers to obtain administrative privileges. The exploitation is attributed to UAT-8616, a sophisticated threat actor previously involved in similar attacks. Additionally, multiple threat clusters have been exploiting CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 since March 2026, following public release of proof-of-concept code by ZeroZenX Labs. Post-compromise activities include deployment of various webshells, including XenShell, Godzilla, and Behinder variants, along with cryptocurrency miners, red team frameworks like Sliver and AdaptixC2, and credential stealers. Ten distinct threat clusters have been identified, each utilizing different malicious tooling and infrastructure. Affected systems require immediate patching and security measures.

    Pulse ID: 6a062c38dfdb5434bb2f0876
    Pulse Link: otx.alienvault.com/pulse/6a062
    Pulse Author: AlienVault
    Created: 2026-05-14 20:10:32

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Sliver #Talos #Troll #Vulnerability #bot #cryptocurrency #AlienVault

  21. Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

    This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...

    Pulse ID: 6a073a73501adf1f890b1a5e
    Pulse Link: otx.alienvault.com/pulse/6a073
    Pulse Author: AlienVault
    Created: 2026-05-15 15:23:31

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault

  22. Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

    This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...

    Pulse ID: 6a073a73501adf1f890b1a5e
    Pulse Link: otx.alienvault.com/pulse/6a073
    Pulse Author: AlienVault
    Created: 2026-05-15 15:23:31

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault

  23. Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

    This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...

    Pulse ID: 6a073a73501adf1f890b1a5e
    Pulse Link: otx.alienvault.com/pulse/6a073
    Pulse Author: AlienVault
    Created: 2026-05-15 15:23:31

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault

  24. Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

    This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...

    Pulse ID: 6a073a73501adf1f890b1a5e
    Pulse Link: otx.alienvault.com/pulse/6a073
    Pulse Author: AlienVault
    Created: 2026-05-15 15:23:31

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault

  25. Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

    This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...

    Pulse ID: 6a073a73501adf1f890b1a5e
    Pulse Link: otx.alienvault.com/pulse/6a073
    Pulse Author: AlienVault
    Created: 2026-05-15 15:23:31

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault