malware analysis

ClickFix to Cash-Out: Anatomy of a Mexican Banking-Fraud Toolkit
A sophisticated banking fraud operation, dubbed REF6045, utilizes a PowerShell toolkit named SCMBANKER, delivered via fake CAPTCHA pages. Unlike automated attacks, this operation is manually controlled, allowing operators to monitor victim banking sessions, deploy fake warnings, and manipulate browser activity. The toolkit also facilitates the installation of commercial remote access tools for full system takeover. Researchers discovered the operation through exposed directories and archives, revealing the use of AI-generated scripts and operator misconfigurations.

Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders and File Inflation
Researchers have uncovered a sophisticated campaign distributing the Vidar stealer and XMRig cryptocurrency miner, primarily targeting users seeking cracked software. Attackers use malvertising to lure victims into downloading password-protected archives containing malicious loaders. These loaders are signed with a fake certificate and employ techniques like file-size inflation and AMSI bypass to evade detection before dropping the final payloads.

Cavern Manticore: Exposing Iran-Linked Modular C2 Framework
A new modular command-and-control framework, dubbed 'Cavern Manticore,' has been observed in the wild, attributed to an Iran-nexus threat actor targeting Israeli government and IT sectors. The framework utilizes a .NET foundation but employs diverse compilation formats to evade analysis. Attackers gain initial access by exploiting legitimate software deployment features, such as RMM tools, to infiltrate victim environments.

Context Engineering | Compaction & Agent Memory for Automated Malware Analysis
SentinelLABS has evaluated OpenAI's native context compaction feature for automated malware analysis, finding it significantly reduces token usage and costs without impacting overall task quality. Compaction compresses past context into a denser working state, which is crucial for long-running agent tasks where context can accumulate rapidly and degrade performance. While effective, the analysis noted a slight decrease in the model's ability to recover higher-level structural reasoning, underscoring the need to store critical artifacts in durable storage rather than relying solely on compacted context.