Odyssey Stealer is an advanced information-stealing malware designed specifically for macOS devices. Threat actors use a ClickFix social engineering technique through software malvertising, phishing campaigns, or fake software update prompts to lure potential victims into...
There has been a massive increase in the availability, variety, and adoption of Cybercrime-as-a-Service (CaaS) tools. These services offer potential bad actors a low-cost, low-barrier entry into cybercrime by providing rentable, user-friendly tools and infrastructure for launching cyberattacks.
The NJCCIC has observed a rise in attacks distributing Vidar Stealer. Vidar operates as a Malware-as-a-Service (MaaS) information stealer and was first identified in 2018. It can gather passwords, cookies, auto-fill data, cryptocurrency wallets, files, device information, and installed...
Over the past month, the NJCCIC observed multiple XWorm campaigns targeting NJ State employees. XWorm malware is a remote access trojan (RAT) capable of evading detection, gaining remote access, stealing credentials, exfiltrating data, and deploying ransomware.
This Malware Analysis Report (MAR) was originally published on March 28, 2025 to share indicators of compromise (IOCs) and detection signatures for RESURGE Malware. The Cybersecurity and Infrastructure Security Agency (CISA) has updated this MAR to provide deeper technical...
The Federal Bureau of Investigation (FBI) released this FBI Liaison Alert System (FLASH) to disseminate indicators of compromise (IOCs) and technical details associated with malware enabled ATM jackpotting. Threat actors exploit physical and software vulnerabilities in ATMs.
The NJCCIC observed multiple Telephone-Oriented Attack Delivery (TOAD) emails targeting New Jersey State employees. Threat actors use email spoofing to make the email appear to come from the legitimate robinhood[.]com. The email header information reveals the sender’s...
The NJCCIC observed a significant increase in phishing campaigns impersonating security alerts about unusual account activity, including warnings about credential loss and account access. These emails use a subject line of "No Reply" and spoofed addresses.
This Malware Analysis Report (MAR) was originally published on December 4 to share indicators of compromise (IOCs) and detection signatures for BRICKSTORM malware. The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA)...
In these campaigns, threat actors pose as human resources (HR) departments and send emails claiming to contain information on upcoming salary increases and yearly bonuses. They deceive users into downloading unknown files, RMM tools, and more.
