Category: FortiGuard Labs Threat Research

Threat Actors Weaponize AI Hype to Deliver AsyncRAT

FortiGuard Labs analyzes a multi-stage malware campaign that uses fake AI-themed documents, hidden PowerShell scripts, AutoHotkey loaders, and process injection to deploy AsyncRAT and maintain remote access.        This article has been indexed from FortiGuard Labs Threat Research Read the…

Read more →

Cybercriminals Are Targeting the FIFA World Cup 2026

FortiGuard Labs research shows how cybercriminals are exploiting the demand for the FIFA World Cup 2026 through phishing, fake tickets, malware, impersonation, and credential theft.        This article has been indexed from FortiGuard Labs Threat Research Read the original article:…

Read more →

Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO

FortiGuard Labs analyzes C0XMO, a new Gafgyt variant leveraging DD-WRT exploitation and multi-architecture propagation to expand IoT botnet infections.        This article has been indexed from FortiGuard Labs Threat Research Read the original article: Inside the Cross-Platform Propagation of a…

Read more →

PureLogs: Delivery via PawsRunner Steganography

FortiGuard Labs has analyzed a steganography-based malware campaign that uses PawsRunner to deliver the PureLogs infostealer, highlighting evolving delivery methods and detection strategies.        This article has been indexed from FortiGuard Labs Threat Research Read the original article: PureLogs: Delivery…

Read more →

DPRK-Related Campaigns with LNK and GitHub C2

Analysis of DPRK-linked LNK-based attacks using GitHub as covert C2 infrastructure, detailing multi-stage PowerShell execution, persistence mechanisms, and data exfiltration techniques targeting Windows environments.        This article has been indexed from FortiGuard Labs Threat Research Read the original article: DPRK-Related…

Read more →

Cyber Fallout After the Strikes: Signal, Noise, and What Comes Next

Following U.S.-Israeli strikes on Iran, FortiGuard Labs has not yet observed large-scale cyber retaliation. However, we observed that regional cyber activity is rising. Organizations should take action to strengthen cyber hygiene, rotate credentials, and reduce exposure.        This article has…

Read more →

Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign

FortiGuard Labs provides a technical breakdown of a multi-stage Agent Tesla campaign, from phishing and encrypted scripts to in-memory execution, process hollowing, and data exfiltration        This article has been indexed from FortiGuard Labs Threat Research Read the original article:…

Read more →

Massive Winos 4.0 Campaigns Target Taiwan

FortiGuard Labs analyzes Winos 4.0 (ValleyRat) campaigns targeting Taiwan, detailing phishing lures, DLL sideloading, BYOVD abuse, and evolving attacker infrastructure        This article has been indexed from FortiGuard Labs Threat Research Read the original article: Massive Winos 4.0 Campaigns Target…

Read more →

Interlock Ransomware: New Techniques, Same Old Tricks

An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection strategies.        This article has been indexed from FortiGuard Labs Threat Research Read the original article: Interlock Ransomware: New Techniques, Same Old…

Read more →

Unveiling the Weaponized Web Shell EncystPHP

FortiGuard Labs analyzes EncystPHP, a stealthy web shell exploiting CVE-2025-64328 in FreePBX environments to enable remote command execution, persistence, and long-term system compromise        This article has been indexed from FortiGuard Labs Threat Research Read the original article: Unveiling the…

Read more →

Inside a Multi-Stage Windows Malware Campaign

FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver ransomware.        This article has been indexed from FortiGuard Labs Threat Research Read the original article: Inside a Multi-Stage Windows…

Read more →

New Remcos Campaign Distributed Through Fake Shipping Document

FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and in-memory execution.        This article has been indexed from FortiGuard Labs Threat Research Read the original article: New Remcos Campaign Distributed Through…

Read more →

UDPGangster Campaigns Target Multiple Countries

FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to target multiple countries        This article has been indexed from FortiGuard Labs Threat Research Read the original article: UDPGangster Campaigns Target Multiple…

Read more →

New eBPF Filters for Symbiote and BPFdoor Malware

FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication.        This article has been indexed from FortiGuard Labs Threat Research Read the…

Read more →

ShadowV2 Casts a Shadow Over IoT Devices | FortiGuard Lab

ShadowV2, a new Mirai-based botnet targeting IoT devices, surfaced during the recent AWS outage. FortiGuard Labs examines its propagation, DDoS capabilities, and global footprint.        This article has been indexed from FortiGuard Labs Threat Research Read the original article: ShadowV2…

Read more →