Claim OwnershipCYFIRMA Research
Subscribed: 5Played: 57
Subscribe
© 2025 CYFIRMA Research
Description
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
269 Episodes
Reverse
CYFIRMA researchers have identified a sophisticated Android malware operation spreading via fake RTO Challan/e-Challan notifications shared over WhatsApp. The malicious APK uses two-stage installation, NP-based code obfuscation, and a custom VPN layer to evade detection and maintain persistent control over infected devices. C2 Infrastructure Exposed. Our analysis uncovered two domains used as the campaign’s Command-and-Control (C2) backend: Jsonserv[.]xyz jsonserv[.]biz Both domains ...
CYFIRMA | November 2025 Ransomware Snapshot Ransomware activity shifted fast in November—Akira and INC Ransom surged; AI-driven tools accelerated attacks, and critical sectors like Manufacturing, IT, and Professional Services took the heaviest hits. North America remained the top target as threat actors expanded into virtualization platforms and even official software marketplaces. The ransomware ecosystem is evolving rapidly—speed, automation, and precision are defining the new threat land...
APT36 Targets Indian Government Entities with a New Python-Based ELF Malware. CYFIRMA has uncovered a new cyber-espionage campaign by APT36 (Transparent Tribe), a Pakistan-based threat actor long known for targeting Indian government entities and strategic sectors. This campaign showcases a major leap in the group’s technical sophistication — delivering custom Python-based ELF malware through weaponized .desktop shortcut files distributed via spear-phishing. 📌 Key Highlights: The campaign ...
After Russia’s veto of the UN Panel of Experts and increased military cooperation over the war in Ukraine, North Korea is ramping up sanctions evasion—deepening its military ties with Moscow and stealing billions in cryptocurrency to finance its WMD programs. Link to the Research Report: NORTH KOREAN CYBER CRIME AS A STATECRAFT TOOL - CYFIRMA #NorthKorea #Russia #sanctions #cryptoheist #Geopolitics #CYFIRMAResearch#ThreatIntelligence #cybersecurity #ETLM&nbs...
Black Friday & Cyber Monday Cyber Threats Are Already Here As festive shopping surges, so does cybercrime. CYFIRMA’s latest analysis reveals a spike in fake websites, phishing campaigns, malicious ZIP downloads, UPI-based payment scams, and dark-web-powered phishing kits—all engineered to exploit the 2025 holiday rush. Our researchers uncovered multiple spoofed retail domains, automated malware downloads, and dynamic UPI-ID switching techniques used by scammers to evade detection. With ...
Tycoon 2FA - The Phishing-as-a-Service Platform Our latest technical deep-dive reveals how Tycoon 2FA, a sophisticated Phishing-as-a-Service (PhaaS) platform, is successfully evading detection and bypassing multi-factor authentication (MFA) to compromise enterprise cloud environments. This isn't just another phishing kit. It's an Adversary-in-the-Middle (AitM) framework that captures session tokens in real-time, making traditional MFA like SMS, TOTP apps, and push notifications ineffective...
Pig-butchering scams have evolved into one of the most damaging global cybercrime models, combining long-term emotional grooming, AI-driven impersonation, fake investment platforms, and sophisticated crypto-laundering networks. Our latest CYFIRMA Threat Intelligence Report breaks down: How global scam compounds operate like industrial-scale BPOs The role of AI-generated personas, fake trading apps, and cross-chain laundering Tens of billions are lost annually across victims of a...
The Middle East observes a fragile ceasefire, but Iran’s escalating cyberattacks could potentially threaten to unravel the region’s shaky peace. Link to the Research Report: Regional Stability on Shaky Ground : Cyber Threat Escalation in the Middle East - CYFIRMA #Geopolitics #CYFIRMAaResearch #ThreatIntelligence #cybersecurity #ETLM #currentaffairs #MuddyWater #IRGC #Iran #CYFIRMA #ExternalThreatLandscapeManagement https://www.cyfirma.com/
CYFIRMA Research's latest report: “Telemetry Relay”, describes logic-abuse attacks that trick telemetry/crash processors into fetching attacker-controlled resources. Instead of compromising clients, attackers get vendor or enterprise systems to reveal internal metadata (IPs, hostnames, cluster/tenant IDs) — and sometimes enable deeper server-side attacks. The technique is low-noise and broadly relevant across SaaS and modern apps. Link to the Research Report: TELEMETRY RELAY : WHEN DI...
Stay ahead with CYFIRMA’s Monthly Ransomware Report – October 2025. CYFIRMA’s October 2025 Ransomware Report reveals a strong resurgence in global ransomware activity, with 738 victims recorded marking one of the highest monthly volumes this year. The spike was led by Qilin, which more than doubled its attacks, and Sinobi, which surged sixfold, while new actors such as Black Shrantac, Coinbase Cartel, and GENESIS intensified the threat landscape. Adversaries increasingly exploited kernel v...
New Malware Analysis Report Our latest research uncovers Android/BankBot-YNRK, a mobile banking trojan disguised as a legitimate app such as Google News. Key findings: • Abuses Accessibility Services for remote control • Uses C2 servers at ping.ynrkone[.]top for device commands • Targets financial and cryptocurrency applications • Employs code obfuscation via nmm-protect • Capable of exfiltrating sensitive data and performing unauthorized transactions Link to the Research Report: https://w...
Mobile Threat Alert: GhostGrab Malware! Cybercriminals are getting more sophisticated, and GhostGrab is a clear example. This Android malware doesn’t just steal banking credentials—it can also: Run hidden cryptocurrency mining that drains your battery and CPUHarvest debit card and online banking login informationIntercept SMS messages, including one-time passwords (OTPs)Collect detailed device and SIM dataHide itself and resist removalUse phishing pages within apps to trick victims int...
Critical Alert: CVE-2025-6541 – TP-Link Omada Gateway Remote Command Injection Organizations using TP-Link Omada Gateway devices must act immediately. This critical vulnerability allows attackers to execute arbitrary OS-level commands via the device web management interface. Exploitation can lead to full device compromise, exposure of credentials, configuration changes, and potential lateral movement within enterprise networks. Link to the Research Report: https://www.cyfirma.com/research/...
North Korea’s cyber operations are evolving into one of the most significant global sanctions-evasion threats. CYFIRMA's new report, DPRK Sanctions Violations in Cyber Operations Post UN Panel Demise, highlights escalating multi-billion-dollar crypto heists, advanced laundering through cross-chain bridges, widespread IT worker infiltration schemes, direct targeting of defense technologies, and the deepening DPRK–Russia cyber nexus. The findings highlight how geopolitical shifts and fragmented...
CYFIRMA’s Sept 2025 Ransomware Report highlights major evolutions across the ransomware landscape. Akira advanced by bypassing MFA on SonicWall VPNs through OTP seed theft, signalling a move beyond patchable flaws. MalTerminal broke new ground with AI-powered, runtime-generated ransomware payloads, while Scattered Spider reemerged to target financial workflows via AI-driven vishing and VMware ESXi exploits. CountLoader reinforced Russia’s ecosystem with modular, multi-language loaders distrib...
CYFIRMA has identified Yurei Ransomware, a Go-based strain engineered for speed, stealth, and irreversible impact. It encrypts files with ChaCha20 + ECIES, appends a .Yurei extension, and drops ransom notes _README_Yurei.txt with Tor-based communication channels. Yurei destroys backups, wipes logs, manipulates timestamps, and even self-destructs to erase traces, leaving defenders blind. It spreads laterally via SMB shares, USBs, and PsExec/CIM-based credential execution, while adopting ...
Malware Alert: New DeerStealer Campaign A new variant of sophisticated information-stealing malware, DeerStealer, has been identified targeting personal and financial data across infected systems. Using signed binaries, rootkit-like techniques, and deceptive installers (like Adobe Acrobat Reader), it evades detection while maintaining persistence via scheduled tasks. Key highlights: Steals system info, credentials, crypto wallets, browser & app data.Uses obfuscated files and hidde...
Defence Industry Cyber Threats: Espionage Meets Monetization CYFIRMA observed sustained cyber campaigns targeting the global defence sector. Key Highlights from the report: China: Long-term persistence in telecom & enterprise networks via router/switch compromises, harvesting IP and credentials.Russia: Disrupting logistics & transport contractors supporting Ukraine, aiming to destabilize defence supply chains.North Korea: Blending IP theft with aggressive financial operations, tre...
🚨 Threat Intelligence Alert – XillenStealer 🚨 CYFIRMA research identifies XillenStealer, a Python-based open-source information stealer circulating on GitHub, built to exfiltrate: 🔹 Browser credentials & cookies 🔹 Cryptocurrency wallets 🔹 Discord, Steam, Telegram sessions 🔹 System & network data + screenshots Key insights: ⚙️ Builder GUI lowers entry barriers, enabling even low-skilled actors to deploy the malware. 📤 Data exfiltration is rout...
India faced a wave of coordinated cyberattacks in July-August 2025 from multiple countries targeting government and public systems. Notably, a sophisticated malware campaign impersonated the Income Tax Department, tricking users into downloading a malicious file linked to a Chinese-operated server for data theft. Other attacks included data breaches, DDoS, defacements, and phishing scams. This rise in multi-nation hacktivism highlights the urgent need for strong cyber defenses and vigilance. ...
Comments
Download from Google Play
Download from App Store
United States