Elastic Security Labs researchers show the evolution of the GHOSTPULSE (aka HIJACKLOADER or IDATLOADER) malware. GHOSTPULSE has shifted from using the IDAT chunk of PNG files to embedding its encrypted configuration and payload within the pixel structure. elastic.co/security-labs/…

The #ElasticSecurityLabs team breaks down a recent Chrome update that introduced App-Bound Encryption and how the most common #infostealers have adapted: go.es.io/4hrEZdF

#ElasticSecurityLabs has discovered PUMAKIT, a new #linux #malware with advanced stealth mechanisms. The kernel rootkit is capable of privilege escalation, anti-debugging measures, and more. Get the details here: go.es.io/4g9LIHP

Ready, set, GOSAR is a QUASAR variant written in Go and exposed today by #ElasticSecurityLabs. This article breaks down the emerging malware’s code structure, capabilities, and the way it haunts multiple platforms: go.es.io/3ZQx4zF #Linux #Windows #malware

We're starting 2025 strong. Join us on January 14th for Detection Engineering with the Elastic Global Threat Report, a new webinar from Ruben Groenewoud and w0rk3r focused on leveling your #detectionengineering in the new year. Get the details: go.es.io/4gASJSe

Multi-Platform FINALDRAFT malware targeting government orgs. Outlook drafts for C2. We published a deep dive on the malware and another on the campaign. Great research by the team! elastic.co/security-labs/… elastic.co/security-labs/…

There are several different #keyloggers, but today Asuka Nakajima | 中島明日香 dives into the hotkey-based ones! Recapping her recent NULLCON talk, this article on #ElasticSecurityLabs explores how keyloggers can be abused and the tool she created to #detect them: go.es.io/4ir4aga

Join Cyril F. and #ElasticSecurityLabs in exposing ABYSSWORKER, a malicious driver that silences #EDR tools and is distributed via the MEDUSA #ransomware. Get the deep details: go.es.io/4bFKnr5

We’re exposing a newly discovered #malware family that has made its home on #GitHub. SHELBY targeted a middle east telecom company, uses GH commits for C2, and shares hard-coded tokens for authentication. Read the malware and campaign breakdown: go.es.io/3DXE8Cv

Check out this new #Linux research from RemcoS and Ruben Groenewoud! The article from #ElasticSecurityLabs details the latest updates in OUTLAW, a Linux based #botnet whose most recent version includes brute force and cryptomining capabilities: go.es.io/4iTkh6J

Huh? That’s weird… what is that? It kind of looks like it’s a… new #cybersecurity report? 🤔 We’re excited about this one. Look out for more this week.

You can access our #detectionengineering repos, but how about a closer look? The 2025 State of Detection Engineering at Elastic is a new #report from #ElasticSecurityLabs detailing how we create and assess our prebuilt rules. Check it out: go.es.io/4jnrXhA

Unpacking VMProtect 3 (x64) 🤷‍♂️

This was a fun write-up! I go through open-source obfuscator, Alcatraz and walk through its obfuscation techniques and how to approach de-obfuscation. Hopefully it can help some people!

#ElasticSecurityLabs has uncovered EDDIESTEALER, a novel Rust-based info stealer distributed via fake CAPTCHA campaigns. This malware targets credentials, browser info, & crypto wallets. Read our full analysis here: go.es.io/3St6tnY #Cybersecurity #MalwareAnalysis

This is a great opportunity to highlight the researcher behind this article (and the most recent member of my operation) Jia Yu Chan! Jia Yu worked on our FINALDRAFT, GOSAR, and STEALC research— you’re gonna want to keep an eye on this young gun.

New research from our #ElasticSecurityLabs team: we dive into how infostealers are leveraging a stolen Shellter evasion tool to deploy data-stealing malware. Learn more & get our unpacker: go.es.io/4ldCM72 #malware #rhadamanthys #ghostpulse

New research on NOVABLIGHT, a NodeJS infostealer sold as MaaS! Discover its tactics, from credential theft & cryptowallet compromise to advanced obfuscation & anti-analysis techniques: go.es.io/459JGDA #ElasticSecurityLabs #infostealer