Tag: Latrodectus
-
Lunar Spider Campaign: FakeCAPTCHA Used to Exploit CORS Flaws and Deliver Latrodectus Loader
The group Lunar Spider—also known under the aliases Gold SwathMore and Elara—has ramped up a new malicious campaign that leverages a counterfeit CAPTCHA verification interface to infect victims’ devices. The primary vector is the compromise of vulnerable European websites through misconfigured CORS (Cross-Origin Resource Sharing) policies. On breached sites, the attackers inject a JavaScript iframe…
-
Lunar Spider Campaign: Single Click Leads to Two-Month Intrusion and Domain Admin Theft
A cybercriminal group known as Lunar Spider executed a sprawling operation that began with a single click on a bogus file and culminated in weeks of sustained control over the victim’s infrastructure. According to analysts at THE DFIR Report, the campaign was initiated in May 2024 when an employee of an unnamed organization opened an…
-
YiBackdoor: New Stealthy Malware Emerges as Potential Successor to IcedID and Latrodectus
Zscaler ThreatLabz, in its recent report, disclosed the details of a newly observed malware family dubbed YiBackdoor, first detected in June 2025. From the outset, analysts noted substantial source-code commonalities with the IcedID and Latrodectus loaders—an association Zscaler highlights as a crucial clue to the malware’s possible provenance and its role within broader attack chains.…
-
Phishing Danger: Latrodectus Malware Deployed
Specialists from Proofpoint and Team Cymru have uncovered a novel malware dubbed Latrodectus, considered an evolution of the well-known IcedID loader, which has been actively deployed in phishing campaigns since November 2023. Initially identified in 2017, IcedID was categorized as a modular banking Trojan designed to pilfer financial information from infected computers. Over time, it…