Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)

Wednesday, April 1, 2026 at 08:09 PM UTC·Source: SANS ISC

Updated: Monday, April 6, 2026 at 12:49 AM UTC

Executive Summary

Today, most malware are called âfilelessâ because they try to reduce their footprint on the infected computer filesystem to the bare minimum. But they need to write somethingâ¦ think about persistence. They can use the registry as an alternative storage location.

Analysis

Source Attribution

Originally published by SANS ISC on Apr 1, 2026.

Related Threats

MEDIUMMalware

When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications

Unit 42 research on multi-agent AI systems on Amazon Bedrock reveals new attack surfaces and prompt injection risks. Learn how to secure your AI applications. The post When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications appeared first on Unit 42 .

2d agoUnit 42 (Palo Alto)

LOWMalware

Security lapse lets researchers view React2Shell hackers’ dashboard

An apparent security lapse has allowed researchers to peer into the work of a threat group currently exploiting unpatched servers open to the four-month-old React2Shell vulnerability to steal login credentials, keys, and tokens at scale. Researchers from Cisco Systems’ Talos threat intelligence team who made the discovery said Thursday that the data harvested by an unattributed group they call UAT

CVE-2025-55182

2d agoCSO Online

HIGHMalware

Simplifying MBA obfuscation with CoBRA

<p>Mixed Boolean-Arithmetic (MBA) obfuscation disguises simple operations like <code>x + y</code> behind tangles of arithmetic and bitwise operators. Malware authors and software protectors rely on it because no standard simplification technique covers both domains simultaneously; algebraic simplifiers don’t understand bitwise logic, and Boolean minimizers can’t handle arithmetic.</p> <p>We’

2d agoTrail of Bits