Executive Summary This report analyzes RegPhantom, a stealthy Windows kernel rootkit designed to give attackers code execution in kernel mode while leaving very little visible evidence behind. The malware abuses the Windows registry as a covert trigger mechanism: a...
Our analysis uncovered a phishing campaign targeting organizations in India, leveraging spear-phishing techniques reminiscent of Operation Sindoor. What makes this activity stand out is the use of a Linux-focused infection method that relies on weaponized .desktop...
As part of our ongoing threat hunting efforts, we identified a stealthy Linux backdoor that appears to have gone publicly unnoticed so far. We named it Plague. The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently...
Abuse of Modular Trust PAM (Pluggable Authentication Modules) is a fundamental part of Linux authentication infrastructure. Its flexibility - designed to support various authentication mechanisms - can be exploited by adversaries. In our analysis, we encountered a...