North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT
Antivirus software detects, blocks, and removes malicious code, helping reduce the risk of malware-driven data theft and system disruption.
Search across headline titles and summaries.
Background for this topic.
Antivirus software scans files and running processes to detect and remove malicious code such as viruses, worms, trojans, ransomware, and spyware. It uses signature databases, heuristic rules, and behavioral analysis to identify threats during real-time monitoring or scheduled scans. Regular updates to detection rules are necessary to recognize new malware variants and reduce false negatives.
While antivirus helps block many common malware infections on endpoints, it has limited effectiveness against advanced threats like fileless malware or attacks that evade signature detection. Security teams should combine antivirus with complementary tools such as endpoint detection and response (EDR) to improve visibility and threat hunting. Proper tuning is important to minimize false positives and performance impacts that can disrupt operations or obscure genuine alerts.
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT
A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks
In this blog entry, we discuss Trend Micro's contributions to an Interpol-coordinated operation to help Brazilian and Spanish law enforcement agencies analyze malware samples of the Grandoreiro banking trojan.
North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. [...]
The scheme was uncovered by Kaspersky and has been operational since November 2023
The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data
Two rounds of reports and patches may not have completely closed this hole BLACK HAT ASIA Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files. And, they asserted, the hole could remain exploitable – even after both vendors claim to have patched the problem.…