FileScan.io captured a complete four-stage delivery chain for a Quasar-based RAT before the operator replaced its loopback C2. 0/21 AV detections. Here is what we found.

OPSWAT discovered a barely documented malware-as-a-service now using opportunistic Christmas themes. This loader framework leverages steganography and several layers in the infection chain before dropping the final payload, commnly commodity RATs.

With the rise of AI adoption, malicious AI models are emerging as a new vector in real-world attack campaigns. This blog explores how threat actors leverage AI to make it become real threats — and how emulation-based sandbox ultilizes pickle scanning tools, disassembly code analysis to deal with these Malicious models and detect advanced evasion techniques used in the wild

Discover how AI-powered services enhance our sandbox, enabling advanced detection capabilities. We explore intricate details, showcase real-world cases, and demonstrate how AI-driven features dynamically adapt to evolving threats with precision.

OPSWAT discovered JavaSquid, a new malware family using fake AI software to infect systems. The campaign, ongoing since mid-July 2024, uses evasive JavaScript techniques and links to previous attacks with stolen digital certificates from Chinese companies. Insights gained have enhanced OPSWAT's MetaDefender Sandbox capabilities.

We dive deep into a Turla APT malware sample, leveraging the power of emulation-based sandboxes to unravel its complex obfuscation layers and adapt to its polymorphic techniques used in real-world campaigns by sophisticated threat actors