Podcast Detail

SANS Stormcast Tuesday, July 8th, 2025: Detecting Filename (Windows); Atomic Stealer now with Backdoor; SEO Scams

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9516.mp3

previous
Podcast Logo
Detecting Filename (Windows); Atomic Stealer now with Backdoor; SEO Scams
00:00

What’s My File Name
Malware may use the GetModuleFileName API to detect if it was renamed to a name typical for analysis, like sample.exe or malware.exe
https://isc.sans.edu/diary/What%27s%20My%20%28File%29Name%3F/32084

Atomic macOS infostealer adds backdoor for persistent attacks
Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems.
https://moonlock.com/amos-backdoor-persistent-access

HOUKEN SEEKING A PATH BY LIVING ON THE EDGE WITH ZERO-DAYS
At the beginning of September 2024, an attacker repeatedly exploited vulnerabilities CVE-2024- 8190, CVE-2024-8963, and CVE-2024-9380 vulnerabilities to remotely execute arbitrary code on vulnerable Ivanti Cloud Service Appliance devices.
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2025-CTI-009.pdf

SEO Scams Targeting Putty, WinSCP, and AI Tools
Paid Google ads are advertising trojaned versions of popuplar tools like ssh and winscp
https://arcticwolf.com/resources/blog-uk/malvertising-campaign-delivers-oyster-broomstick-backdoor-via-seo-poisoning-and-trojanized-tools/

no transcript found