Cyber Threat Trends

Summary: 2025/04/29 04:18

First reported date: 2018/04/19
Inquiry period : 2025/03/30 04:18 ~ 2025/04/29 04:18 (1 months), 10 search results

전 기간대비 70% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Xloader Malware Email Advertising 입니다.
악성코드 유형 Remcos RAT NetWireRC Lumma GameoverP2P Emotet Raccoon Nanocore RecordBreaker DYEPACK RedLine 도 새롭게 확인됩니다.
공격기술 Campaign Phishing Stealer 도 새롭게 확인됩니다.
기관 및 기업 Palo Alto Networks Microsoft 도 새롭게 확인됩니다.
기타 attack multistage powershell Tesla Agent 등 신규 키워드도 확인됩니다.

Xloader is a Rebranding of Formbook malware (mainly a stealer), available for macOS as well.

Formbook has a "magic"-value FBNG (FormBook-NG), while Xloader has a "magic"-value XLNG (XLoader-NG). This "magic"-value XLNG is platform-independent.

Not to be confused with apk.xloader or ios.xloader.  Ref.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/18 Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
    ㆍ 2025/04/18 Threat Actors Leverage Cascading Shadows Attack Chain to Evade Detection and Hinder Analysis
    ㆍ 2025/04/17 Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis

참고로 동일한 그룹의 악성코드 타입은 SmokeLoader GuLoader Zloader 등 47개 종이 확인됩니다.

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Xloader	10	▲ 7 (70%)
2	Remcos	9	▲ new
3	Campaign	7	▲ new
4	Malware	7	▲ 5 (71%)
5	Phishing	6	▲ new
6	RAT	5	▲ new
7	attack	5	▲ new
8	NetWireRC	5	▲ new
9	multistage	4	▲ new
10	powershell	3	▲ new
11	Tesla	2	▲ new
12	Agent	2	▲ new
13	Palo Alto Networks	2	▲ new
14	Email	2	▲ 1 (50%)
15	recent	2	▲ new
16	Advertising	2	▲ 1 (50%)
17	IoC	2	▲ new
18	Report	2	▲ new
19	Shadows	2	▲ new
20	Avoid	1	▲ new
21	Chain	1	▲ new
22	Palo	1	▲ new
23	Approach	1	▲ new
24	FormBook	1	▼ -1 (-100%)
25	Altos	1	▲ new
26	Saqib	1	▲ new
27	Khanzada	1	▲ new
28	past	1	▲ new
29	simple	1	▲ new
30	complex	1	▲ new
31	target	1	▲ new
32	Russia	1	- 0 (0%)
33	Kaspersky	1	- 0 (0%)
34	Cascading	1	▲ new
35	Threat	1	▼ -1 (-100%)
36	Leverage	1	▲ new
37	utilizes	1	▲ new
38	detection	1	▲ new
39	Lumma	1	▲ new
40	analysis	1	▲ new
41	GameoverP2P	1	▲ new
42	Emotet	1	▲ new
43	Malware download	1	▲ new
44	Raccoon	1	▲ new
45	Nanocore	1	▲ new
46	Cobalt Strike	1	▲ new
47	Android	1	- 0 (0%)
48	United States	1	- 0 (0%)
49	c&c	1	▲ new
50	RecordBreaker	1	▲ new
51	Microsoft	1	▲ new
52	DYEPACK	1	▲ new
53	GitHub	1	▲ new
54	Stealer	1	▲ new
55	Linux	1	▲ new
56	Windows	1	▲ new
57	Education	1	▲ new
58	NodeDownloader	1	▲ new
59	LummaC	1	▲ new
60	nodeexe	1	▲ new
61	download	1	▲ new
62	githubcomJohsHuxhelloworldreleasesdownloadvRBXLoaderexe	1	▲ new
63	RedLine	1	▲ new
64	delivery	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Xloader		10 (26.3%)
Remcos		9 (23.7%)
RAT		5 (13.2%)
NetWireRC		5 (13.2%)
FormBook		1 (2.6%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		7 (50%)
Phishing		6 (42.9%)
Stealer		1 (7.1%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Palo Alto Networks		2 (33.3%)
Russia		1 (16.7%)
Kaspersky		1 (16.7%)
United States		1 (16.7%)
Microsoft		1 (16.7%)

Malware Family

Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info

Last 5

SNS

(Total : 6)

Total keyword

Xloader Remcos Malware Campaign Phishing RAT Email NetWireRC attack Attacker Advertising target Russia Kaspersky powershell Report GitHub Lumma IoC Palo Alto Networks

No	Title	Date
1	Cyber_OSINT @Cyber_O51NT A recent multi-stage malware attack utilizes .JSE and PowerShell to deliver Agent Tesla, Remcos RAT, and XLoader, as noted by Palo Alto Networks' Saqib Khanzada, who highlights attackers' tactics to evade detection and ensure payload execution. https://t.co/i7vn5wZL9L	2025.04.18
2	The Hacker News @TheHackersNews ???? Attackers are now using multi-stage payloads that slip past detection—via simple tricks, not complex code. One phishing email = 3 malware strains: • Agent Tesla • Remcos RAT • XLoader ???? Plus: a new MysterySnail variant is targeting Mongolia & Russia—40+ commands, remote https://t.co/NA	2025.04.18
3	Cyber_OSINT @Cyber_O51NT A recent report reveals that Agent Tesla, Remcos RAT, and XLoader are being delivered through a complex phishing campaign, using multi-stage delivery to complicate analysis and evade detection. #CyberSecurity #Phishing https://t.co/D1lXUtRgyg	2025.04.17
4	Virus Bulletin @virusbtn Palo Alto's Saqib Khanzada looks into a multi-layered campaign that delivers malware like Agent Tesla variants, Remcos RAT or XLoader. This multi-layered attack chain leverages multiple execution paths to evade detection and complicate analysis. https://t.co/CsbOhKy9w5 https://t.co/BbMf6FnK1D	2025.04.17
5	Unit 42 @Unit42_Intel Our analysis of a phishing campaign examines multistage malware. The malware is delivered via fake order release emails, leading to installation of Agent Tesla variants, Remcos RAT or XLoader. https://t.co/lFQ4XkP61r https://t.co/2x63aoCmxc	2025.04.17

News

(Total : 4)

Total keyword

Campaign Remcos Xloader NetWireRC Attacker RAT attack Malware Phishing powershell FormBook Education Palo Alto Networks Advertising DYEPACK Windows Report Emotet Raccoon Nanocore Cobalt Strike Android United States Linux IoC c&c RecordBreaker Microsoft GameoverP2P RedLine Stealer

No	Title	Date
1	Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader - The Hacker News	2025.04.18
2	Threat Actors Leverage Cascading Shadows Attack Chain to Evade Detection and Hinder Analysis - Malware.News	2025.04.18
3	Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis - Unit 42	2025.04.17
4	How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis - Malware.News	2025.04.08

Additional information

No	Title	Date
1	FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023 - Malware.News	2025.04.29
2	US intensifies Salt Typhoon crackdown with public info request - Malware.News	2025.04.29
3	Trump moves threaten US cyber defenses, says former CISA director Easterly - Malware.News	2025.04.29
4	Escalating attacks against Ivanti VPN appliances expected - Malware.News	2025.04.29
5	Critical Planet Technology switch vulnerabilities pose total takeover risk - Malware.News	2025.04.29
View only the last 5

No	Title	Date
1	Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader - The Hacker News	2025.04.18
2	How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis - Malware.News	2025.04.08
3	Threat Intelligence Snapshot: Week 10, 2025 - Malware.News	2025.03.07
4	Threat Intelligence Snapshot: Week 10, 2025 - Malware.News	2025.03.07
5	XLoader malware deployed via Eclipse jarsigner app - Malware.News	2025.02.21
View only the last 5

No data

No	URL	CC	ASN Co	Reporter	Date
1	http://dndmelectrical.co.za/tt/tt.exe Formbook xloader	ZA	Gridhost	James_inthe_box	2025.04.10
2	http://combo.s3.eu-north-1.amazonaws.com/lisontek2.1.exe xloader	US		James_inthe_box	2025.03.11
3	https://www2.0zz0.com/2025/02/19/16/117645293.png xloader	US	CLOUDFLARENET	James_inthe_box	2025.02.24
4	https://www2.0zz0.com/2025/02/17/16/513083181.png xloader	US	CLOUDFLARENET	James_inthe_box	2025.02.18
5	https://www2.0zz0.com/2025/02/12/20/925844558.png xloader	US	CLOUDFLARENET	James_inthe_box	2025.02.17
View only the last 5

Beta Service, If you select keyword, you can check detailed information.