Threats Tagged 'calendaromatic'
View all threats tagged with 'calendaromatic'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'calendaromatic'
Click on any threat for detailed analysis and mitigation recommendations
Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor 0 A financially-motivated cybercrime cluster designated CL-CRI-1089 has launched Operation FlutterBridge, deploying FlutterShell backdoor malware targeting macOS systems through malvertising. Built with the Flutter framework, FlutterShell masquerades as legitimate applications including podcast players and PDF viewers, delivering adware with full backdoor capabilities such as shell command execution and file system manipulation. The malware uses a WebView-based architecture with JavaScript-to-native bridge, allowing attackers to dynamically modify behavior without recompiling. Distribution occurs through hundreds of Google-verified advertisements controlled by shell companies including AdsParkPro LTD and Advantage Web Marketing LLC. The campaign primarily targets Anglophone and Western European markets. All samples were signed with valid Apple Developer IDs and successfully passed notarization, achieving zero detections on VirusTotal initially. The malware hijacks Google Chrome browsers, redirecting traffic ... Join the discussion | AlienVault OTX General | 06/02/2026, 14:33:49 UTC Added: 06/03/2026, 09:33:37 UTC |
Potentially Unwanted Applications (PUAs) weaponized for covert deliveryCVE-2025-0411 0 A malware distribution campaign leveraging digitally signed binaries, deceptive packaging, and browser hijackers has been uncovered. The campaign centers around two malicious applications, ImageLooker.exe and Calendaromatic.exe, delivered via self-extracting 7-Zip archives. These artifacts align with the TamperedChef malware campaign, which uses trojanized productivity tools for initial access and data exfiltration. The malware employs NeutralinoJS framework, Unicode homoglyphs, and multiple digital signers to bypass detection. The campaign exploits user behavior through SEO poisoning and malvertising, masquerading as legitimate software. This sophisticated approach highlights the evolving tactics of threat actors in weaponizing PUAs and abusing digital code signing to evade security measures. Join the discussion | AlienVault OTX General | 09/29/2025, 08:02:55 UTC Added: 09/29/2025, 08:50:43 UTC |
Showing 1 to 2 of 2 results