Threats Tagged 'malware-as-a-service'
View all threats tagged with 'malware-as-a-service'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'malware-as-a-service'
Click on any threat for detailed analysis and mitigation recommendations
StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them 0 Infostealers remain among the most pervasive cybercrime threats, silently harvesting passwords, cookies, and session tokens that enable enterprise breaches. StealC is a malware-as-a-service infostealer written in C++ that collects credentials from browsers, cryptocurrency wallets, messaging applications, email clients, and gaming platforms while functioning as a secondary loader. Amadey operates as a modular backdoor loader active since 2018, delivering downstream payloads including StealC, Lumma Stealer, and ransomware through various backdoor commands. Both operate on commodity rental models where stolen credentials flow through underground markets to access brokers who resell enterprise access. On June 24, 2026, Microsoft's Digital Crimes Unit coordinated with Europol to disrupt over 200 malicious command-and-control domains supporting these operations, using AI-assisted analysis tools including Microsoft Copilot for binary analysis and configuration extraction. Join the discussion | AlienVault OTX General | 06/24/2026, 13:40:01 UTC Added: 06/24/2026, 17:54:44 UTC |
Inside OnyxC2: The New Stealer Targeting 210 Apps 0 OnyxC2 emerged in early 2026 as a malware-as-a-service stealer sold on cybercrime networks for $250 monthly. The platform includes a web panel, payload builder, and tiered pricing structure with refund guarantees. Written in C++ with assembly for direct syscalls, it targets approximately 210 applications across nine categories: 45 browsers, 109 extensions including 2FA tools, 5 password managers, 17 cryptocurrency wallets, 11 FTP clients, 5 email clients, and VPN/messaging applications. The stealer achieves 99% detection evasion through mutated builds and delivers via DLL sideloading using signed binaries. Higher tiers unlock remote access capabilities including HVNC, LSASS dumping, reverse SOCKS5 proxy, keylogging, and reverse shell. Distribution occurs through fake installers delivered as password-protected archives, with C2 communication over Cloudflare-fronted HTTPS to akmuniverstall.top. Join the discussion | AlienVault OTX General | 06/15/2026, 14:58:17 UTC Added: 06/15/2026, 17:30:16 UTC |
A stealthy RAT burrowing deep into Android devices 0 BTMOB is an Android remote access trojan that evolved from SpySolr malware and poses significant threats beyond traditional banking trojans. The malware combines phishing-led delivery with an APK builder interface that enables rapid payload generation without coding skills. Distributed through fake app stores impersonating streaming services, cryptocurrency platforms, and government agencies, BTMOB abuses Android Accessibility Services to gain elevated permissions. Marketed as malware-as-a-service with a reported $5,000 lifetime license, it provides adversaries with capabilities to exfiltrate sensitive data, capture screenshots, record device activity, and establish remote control. The tool's customizable phishing lures have been adapted for specific regions, including campaigns impersonating Argentine tax authorities, making it a rapidly evolving threat with global reach. Join the discussion | AlienVault OTX General | 05/31/2026, 23:32:45 UTC Added: 06/01/2026, 08:48:35 UTC |
Showing 1 to 3 of 3 results