Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 2

Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts

The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials.

Originally a legitimate meeting scheduling tool for Outlook users, the module was developed by an independent publisher and has been on the Microsoft Office Add-in Store since December 2022.

Office add-ins are just URLs pointing to content loaded into Microsoft products from the developer’s server. In the case of AgreeTo, the developer used a Vercel-hosted URL (outlook-one.vercel.app) but abandoned the project, despite the userbase it formed.

Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server

The fact that the attackers are pursuing the former method is an indication that it likely allows the malicious activity to blend in with typical administrative workflows, helping them avoid detection.

“By abusing legitimate features (password resets and drive mounting) instead of relying solely on a single ‘noisy’ exploit primitive, operators may reduce the effectiveness of detections tuned specifically for known RCE patterns,” Feminella added. “This pace of weaponization is consistent with ransomware operators rapidly analyzing vendor fixes and developing working tradecraft shortly after release.”

When reached for comment about the Warlock ransomware activity targeting SmarterTools, ReliaQuest told The Hacker News that it observed the attackers exploiting CVE-2026–23760 on unpatched systems running versions prior to Build 9,511 shortly after the patch was released.

ZeroDayRAT malware grants full access to Android, iOS devices

A new commercial mobile spyware platform dubbed ZeroDayRAT is being advertised to cybercriminals on Telegram as a tool that provides full remote control over compromised Android and iOS devices.

The malware provides buyers with a full-featured panel for managing infected devices, reportedly supporting Android 5 through 16 and iOS up to version 26 latest.

Researchers at mobile threat hunting company iVerify say that ZeroDayRAT not just steals data but also enables real-time surveillance and financial theft.

New Linux botnet SSHStalker uses old-school IRC for C2 comms

A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations.

The protocol was invented in 1988, and its adoption peaked during the 1990s, becoming the main text-based instant messaging solution for group and private communication.

Technical communities still appreciate it for its implementation simplicity, interoperability, low bandwidth requirements, and no need for a GUI.

Malicious 7-Zip site distributes installer laced with proxy tool

A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user’s computer into a residential proxy node.

Residential proxy networks use home user devices to route traffic with the goal of evading blocks and performing various malicious activities such as credential stuffing, phishing, and malware distribution.

The new campaign became better known after a user reported that they downloaded a malicious installer from a website impersonating the 7-Zip project while following instructions in a YouTube tutorial on building a PC system. BleepingComputer can confirm that the malicious website, 7zip[.]com, is still live.

/* */