Our UK correspondent Carole Theriault is talking with London insurance market CISO Thom Langford about insider threats. Joe and Dave share some listener follow up from Waldo who writes in to share a video explaining how bad guys are able to hack users. Joe shares a report from Verizon, one of the industries leading phone companies, about social engineering. Dave’s story follows a gentleman who was able to steal one million dollars from at least 700 DoorDash drivers, and now police are warning against this sophisticated phishing scam. Our catch of the day comes from listener Ami who writes in to share her victory in catching a scammer after receiving a weird voicemail from a so called police officer. Read More
Free Malware Research with ANY.RUN Sandbox: Now Windows 10 Access for All Users
In a significant move to enhance cybersecurity analysis for all its users, ANY.RUN has announced that Windows 10 is now available to everyone, including Community plan users. This update marks a substantial improvement in the platform’s ability to detect and analyze modern threats for SOC and DFIR Teams.
Previously, Community plan users were restricted to a basic Windows 7 32-bit virtual machine (VM), which limited their ability to analyze newer, more sophisticated threats. With this update, ALL users can access a Windows 10 64-bit environment, significantly improving overall threat detection and analysis capabilities.
“We believe everyone should have access to good security analysis tools, regardless of whether they’re on a paid or free plan,” said a spokesperson for ANY.RUN. “This update is our way of making that happen.”
With ANY.RUN’s new update, you can:
Detect malware in under 40s.
Interact with samples in real-time.
Save time and money on sandbox setup and maintenance
Record and study all aspects of malware behavior.
Collaborate with your SOC/DFIR team
Scale as you need.
Are you From SOC/DFIR Team? Launch your first analysis in Win 10 VM – Free Sign-Up
Benefits of Windows 10 for Malware Analysis
The shift to Windows 10 brings several advantages:
Improved analysis of newer threats targeting popular systems
Higher detection rates
More accurate reporting
Ability to emulate 64-bit malware
A practical example highlighted by ANY.RUN is the Latrodectus malware, which doesn’t complete its full execution chain on Windows 7 but reveals itself fully on Windows 10.
This update is expected to benefit the entire ANY.RUN community. As more users adopt Windows 10 for analysis, the sandbox environment will detect a wider range of threats more effectively.
According to ANY.RUN Report, “We believe everyone should have good security analysis tools, whether you’re paying or using our free plan. This update is our way of making that happen.”
“But this update also benefits our entire community. As more users use Windows 10, our sandbox environment will become more effective at detecting a wider range of threats.”
How to Access Windows 10 on ANY.RUN
Community Plan users can now select Windows 10 64-bit from the drop-down menu when creating a new task. This option was previously grayed out for these users.
About ANY.RUN
ANY.RUN serves over 400,000 cybersecurity professionals worldwide with its interactive sandbox for malware analysis. The platform offers threat intelligence products including TI Lookup, Yara Search, and Feeds, helping professionals respond to incidents faster.
Key advantages of ANY.RUN include:
Rapid malware detection (under 40 seconds)
Real-time interaction with samples
Time and cost savings on sandbox setup and maintenance
Comprehensive malware behavior recording and study
Team collaboration features
Scalability
With this update, ANY.RUN continues demonstrating its commitment to providing cutting-edge tools for cybersecurity professionals across all subscription levels.
Progress warns of maximum severity WS_FTP Server vulnerability
Progress, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software. […] Read More
WogRAT Malware Exploits Notepad Service To Attack Windows & Linux Systems
[[{“value”:”
Malware can use the Notepad service to attack systems such as Windows and Linux since Notepad is a widely used application on most operating systems.
Through malware, it is possible to use this tool to exploit system resources and user privileges, thereby allowing unauthorized access or execution of malicious codes.
There is also less suspicion from clients concerning the legitimacy of undetected malware payloads that may be carried by well-known software like Notepad.
Cybersecurity analysts at ASEC recently discovered that threat actors are actively using new WogRAT malware that exploits the notepad service to exploit Windows and Linux systems.
Document
Integrate ANY.RUN in your company for Effective Malware Analysis
Malware analysis can be fast and simple. Just let us show you the way to:
Interact with malware safely
Set up virtual machine in Linux and all Windows OS versions
Work in a team
Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox: ..
WogRAT Malware Exploits Notepad Service
AhnLab’s team uncovered a backdoor trojan spreading through aNotepad, an online notepad service.
The malicious code targets Windows (PE format) and Linux (ELF format) systems.
This malware is dubbed ‘WogRAT’ due to the ‘WingOfGod’ string used by its creators, and since it’s a multi-platform threat so, it poses a serious risk.
aNotepad platform (Source – ASEC)
WogRAT has been active since late 2022 and is a multi-platform threat.
For Windows, it masquerades as utilities like “flashsetup_LL3gjJ7.exe” or “BrowserFixup.exe” to lure victims.
While Linux attacks are unconfirmed, VirusTotal data suggests Asian nations like Hong Kong, Singapore, China, and Japan are prime targets of this cunning malware campaign.
Dissecting a Windows WogRAT sample masquerading as an Adobe tool, we find a .NET-based Chrome utility guise concealing an encrypted downloader.
Encrypted source code (Source – ASEC)
Upon execution, it self-compiles and loads a DLL to fetch and Base64-decode strings from aNotepad which reveals an obfuscated .NET binary payload cached on the online notepad service.
Command downloads from C&C contain instructions like type, task ID, and associated data. For instance, an ‘upldr’ task would read ‘C:malware.exe’ and FTP uploads it to the server.
While the analyzed sample uses a test URL lacking upload capability, other WogRAT variants likely leverage this file exfiltration functionality.
AhnLab has uncovered a Linux variant with the same C&C infrastructure as its Windows equivalent, even though WogRAT’s initial vector is unclear.
Just like Rekoobe, this strain uses activities from Tiny SHell malware that is open-source.
When it runs, it disguises itself under the name “[kblockd]”, collects system metadata for exfiltration, and behave exactly as the Windows version of it does.
Linux payloads lack download functionality but encrypt C&C communications before transmission.
Rather than receiving commands directly, Linux WogRAT fetches a reverse shell address from C&C and connects to receive instructions.
This suggests the threat actor has a Tiny SHell server infrastructure, as WogRAT incorporates routines and C&C mechanisms from this open-source malware, including AES-128 encryption via HMAC SHA1 and unaltered 0x10 byte integrity checks.
AhnLab discovered WogRAT malware targeting Windows and Linux. Threat actors may disguise malicious files as utilities by luring downloads.
Researchers recommended avoiding untrusted executables and getting programs from official sources.
Not only that even they also recommended updating V3 to prevent infections.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter