Malware

PamDOORa functions as a post-exploitation toolkit, enabling attackers to gain persistent access to Linux systems (x86_64) through a "magic password" and a specific TCP port combination.

Bleeping Computer reports that the Australian Cyber Security Center (ACSC) has issued a warning to organizations about an ongoing campaign that utilizes the ClickFix social engineering technique to distribute the Vidar Stealer info-stealing malware.

QLNX is designed for stealth and long-term persistence, operating in-memory and employing multiple techniques to evade detection, including log wiping, process spoofing, and the use of seven distinct persistence mechanisms.

The purported ransomware attack did not encrypt files and used infrastructure tied to MuddyWater.

The attack involved tampering with three core DAEMON Tools components: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe.

The Pheno plugin monitors active Phone Link connections to eavesdrop on texts and notifications.

Kaspersky reported that the campaign utilized phishing emails styled as official notices regarding tax audits, prompting users to download an archive containing a "list of tax violations."