PRODAFT
@PRODAFT
Proactive Defense Against Future Threats | Pioneering #CyberSec and #ThreatIntelligence in Europe & MENA since ’12. CTI Platform: #USTA Risk Intel: #BLINDSPOT
🚨 BIG NEWS: THE SYS INITIATIVE 🚨 For years, cyber criminals have hidden in the shadows of forums. They operated behind fake names, encrypted channels, and closed communities. Reputation and trust were their most valuable currencies. Now is the time to shift from defense to…
Hacker sneaks infostealer malware into early access Steam game - @billtoulas bleepingcomputer.com/news/security/…
Ransomware group’s internal news exposes management’s plans and decisions. Highlights from Qilin: 🔒 Mandated 50% minimum ransom price 📰 Journalists engaged for the blog 🚫 Restrictions on BRICS attacks ⚖️Lawyer service and more… #Ransomware #Cybersecurity #ThreatIntel
🚨 New malware CastleLoader is hijacking systems through fake GitHub repos and phishing sites—469 confirmed infections. It spreads stealers and RATs, uses PowerShell, and mimics trusted dev tools. It’s stealthy. It’s spreading. Here’s how it works ↓ thehackernews.com/2025/07/castle…
🚨 CastleLoader: An emerging loader malware using phishing & fake GitHub repos to deploy RATs & stealers. Now targeting enterprise users via fake Zscaler Client & more. 📄 Read the report: catalyst.prodaft.com/public/report/… 🔍IOCs: github.com/prodaft/malwar… #ThreatIntel #Malware
Catch the unknowns. 🕵️♂️ Understand the attackers. Be ready. 🛡️ CATALYST delivers fresh IOCs & never-before-seen TTPs, linked to threat clusters. Level up your threat intel! 👉 Try it: catalyst.prodaft.com/welcome #ThreatIntel #Malware #IOCs #TTPs
Did you play Chemia on Steam? 🎮 Then you should be worried. LARVA-208’s modification of the game to distribute Fickle Stealer, HijackLoader and Vidar demonstrates a concerning trend. ➡️Check the IOCs now: github.com/prodaft/malwar… #threatintel #cybersecurity #malware #IOC
Starting from Monday, we will no longer be accepting any accounts of XSS[.]is. Thank you for consistently providing accounts over the past months. We appreciate your business ! #SYSInitiative #SYS #PRODAFT #XMR
🚨 Suspected admin of xss.is, a top Russian-speaking cybercrime forum, was arrested in Ukraine. The suspect, active for nearly 20 years, allegedly made €7M facilitating cybercrime. 🇫🇷🇺🇦🇪🇺 Operation led by France with Europol support. europol.europa.eu/media-press/ne…
🚨 Web3 devs targeted with fake AI job interviews — to steal your crypto. Hackers lure victims with sites like “Norlax AI,” then drop malware disguised as a Realtek audio driver. One click = stolen wallets, credentials, and project data. Read → thehackernews.com/2025/07/encryp…
🚨 LARVA-208 is back! Now targeting Web3 developers via fake AI platforms with job offers & portfolio reviews. Malware disguised as a Realtek HD Audio Driver is deployed during interviews. 📄 Read the full report: catalyst.prodaft.com/public/report/… 🔍 IOCs: github.com/prodaft/malwar……
🚨 AI is supercharging phishing! Cybercriminals now use LLMs to auto-generate realistic sites, lowering the barrier to attack. They define detailed personas & use AI to build convincing pages. Are we ready to fight AI-powered phishing? #phishing #threatintel #LLMs #AI
➡️ Fresh IOCs on Matanbuchus 3.0: github.com/prodaft/malwar… #malware #threatintel #IOC
🚨Matanbuchus 3.0 is here! Threat actors are already buzzing about this completely rewritten loader. DNS/HTTPS C2, in-memory execution, reverse shell/WMI, morphing builds & a multitenant panel. Priced at $10K–$15K/month. Stay informed. #threatintelligence #cybersecurity…
🚨Matanbuchus 3.0 is here! Threat actors are already buzzing about this completely rewritten loader. DNS/HTTPS C2, in-memory execution, reverse shell/WMI, morphing builds & a multitenant panel. Priced at $10K–$15K/month. Stay informed. #threatintelligence #cybersecurity…
CoreSecThree spotted! 🔍 Exploiting Cloudflare Workers to deliver ClickFix & operate through a network of 5000+ compromised websites. Now a cybercrime "as-a-service." 🤯 Get IOCs: github.com/prodaft/malwar… Report (subscriber only): catalyst.prodaft.com/public/report/…
🇷🇺 Russian-speaking threat group Hopeful Mantis, managing by LARVA-200 (farnetwork/efwnet), is now operating Sinobi ransomware, alongside INC Ransom & Lynx, following their previous operation of Nokoyawa. It’s crucial to understand the connections. #threatintel #ransomware
From London 🇬🇧 to Putrajaya 🇲🇾 We had the opportunity to present some of our latest investigations at CYDES25, where we saw strong interest from both public and private sector attendees. One highlight was our deep dive into LARVA-210 (a threat actor leveraging fake…
🔍 Qilin Ransomware affiliates have access to a disturbing feature: a "Call Lawyer" button. This allows them to leverage legal threats to pressure victims into paying the ransom. A calculated intimidation tactic. #Ransomware #ThreatIntel
🔥 RussianMarket is OPEN for business… and we have a front-row seat. This notorious marketplace active since 2014 and run by LARVA-456 (aka Professor) fuels cybercrime with stolen data. We’ve mapped the inner workings, tracking the sellers, buyers & data flows in order to…
🚨 Android malware is getting brutal: 🔸AntiDot hijacks 3,775+ phones via fake Google updates 🔸 GodFather runs real banking apps in a fake sandbox 🔸 SuperCard X clones bank cards via NFC 🔸 150K+ spyware app installs from official stores Your phone isn’t safe. Details →…