SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Tuesday, July 8th, 2025: Detecting Filename (Windows); Atomic Stealer now with Backdoor; SEO Scams
4 snips
Jul 8, 2025 Discover how malware can cleverly detect its environment through filename tricks, making analysis difficult. A new version of the Atomic macOS info-stealer, equipped with a backdoor, enables attackers to maintain persistent access to compromised systems. The podcast also dives into alarming SEO scams promoting trojaned versions of popular tools, showcasing the dangers of malvertising. Learn about vulnerabilities exploited by attackers that could lead to remote code execution on cloud services.
AI Snips
Chapters
Transcript
Episode notes
Detect Malware Renaming in Windows
- Use the Windows API GetModuleFileName to detect if a malware executable has been renamed.
- Compare the filename with a blocklist or allowlist to control malware execution.
Atomic Stealer Gains Backdoor
- The Atomic Stealer for macOS now includes a persistent backdoor for attackers.
- This escalation allows more complete remote control over compromised Macs than before.
Ivanti Vulnerabilities Enable Attacks
- Attackers targeting Ivanti Cloud Service Appliance exploit multiple zero-day vulnerabilities.
- Post-exploitation, they deploy PHP shells to move laterally and maintain access.