NoGoolag
@NoGoolag
4.53K subscribers
13.7K photos
7.13K videos
591 files
14.5K links
Live free!

๐Ÿ“ก @NoGoolag

FAQ:
http://t.me/NoGoolag/169

โ˜…Group:
https://t.me/joinchat/nMOOE4YJPDFhZjZk

๐Ÿ“ก @Libreware

๐Ÿ“ก @TakeBackOurTech

๐ŸฆŠ @d3_works

๐Ÿ“š @SaveAlexandria

๐Ÿ’ฏ % satire OSINT
Download Telegram
About
Blog
Apps
Platform
Join
NoGoolag
4.53K subscribers
NoGoolag
#heart #rat
475 views
NoGoolag
Android app breaking bad: From legitimate screen recording to file exfiltration within a year | WeLiveSecurity โ€“ 2023

The applicationโ€™s specific malicious behavior, which involves extracting microphone recordings and stealing files with specific extensions, potentially indicates its involvement in an espionage campaign.

#AhRAT #RAT
WeLiveSecurity
Android app breaking bad: From legitimate screen recording to file exfiltration within a year
ESET research uncovers AhRat, a new Android RAT based on AhMyth that steals files and records audio and was distributed via an app in the Google Play Store.
688 viewsedited  
NoGoolag
Forwarded from Pegasus NSO & other spyware
Securonix Threat Labs Security Advisory: New MULTI#STORM Attack Campaign Involving Python-based Loader Masquerading as OneDrive Utilities Dropping Multiple RAT Payloads Using Security Analytics - Securonix โ€“ June 2023

An interesting phishing campaign was recently analyzed by the Securonix Threat Research Team. The attack kicks off when the user clicks on a heavily obfuscated JavaScript file contained in a password protected zip file. Some of the victims targeted by the MULTI#STORM campaign appear to be in the US and India.

The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances, such as Warzone RAT and Quasar RAT. Both are used for command and control during different stages of the infection chain.

#RAT #MultiStorm #Trojan #JS #Python #malware #India #US
443 views
NoGoolag
Forwarded from Pegasus NSO & other spyware
Untangling Android/TangleBot. We dig in a malicious sample ofโ€ฆ | Cryptax

We dig in a malicious sample of Android/TangleBot of May 2024. TangleBot is also reported as a BankBot, although it is more an Android RAT currently than a banking trojan. It is also known as Medusa, but I prefer not to use this name, as this confuses the Android malware with a Windows ransomware, or with the non-malicious and useful hacking tool Medusa.

An excellent analysis of TangleBot is available here. I invite you to read it to understand the history of TangleBot, how much the new versions have changed, who they target and what they do.

In this blog post, I will focus on something different: how to analyze the sample, and how it is implemented.

Via @androidmalware
#Android #RAT #TangleBot #BankBot
202 views