Pierre Le Bourhis

The Sharp Taste of Mimo'lette: Analyzing Mimo’s Latest Campaign targeting Craft CMS Analysis of the CVE-2025-32432 compromise chain by Mimo: exploitation, loader, crypto miner, proxyware, and detection opportunities.

Sekoia has identified Mimo, a threat actor that exploits a recently patched Craft CMS zero-day to deploy its own loader, cryptominers, and residential proxyware on hacked websites

The operators appear to be based in the Middle East

blog.sekoia.io/the-sharp-ta...

#ClearFake variant is now spreading #Rhadamanthys Stealer via #Emmenhtal Loader.

cc @plebourhis.bsky.social @sekoia.io

1. ClearFake framework is injected on compromised WordPress and relies on EtherHiding

2. The #ClickFix lure uses a fake Cloudflare Turnstile with unusual web traffic

⬇️

Image of disassembly showing a new macOS backdoor using the deprecated CLI tool 'SetFile'.

This #macOS backdoor uses /usr/bin/SetFile to hide itself in the Finder. SetFile was deprecated in Xcode 6 (that's 2014 to humans)...not sure why it makes sense to declare smth 'deprecated' then leave it in the OS for 10+ years. 🤷‍♂️ #apple #malware
SHA1: 609088c54b99432aab212f35cfe74030b52f0320

Happy YARA Christmas! Discover daily YARA usage at Sekoia.io TDR. Learn how YARA rules identify threats and aid in investigations and DFIR engagements.

Happy Yara Xmas ! ⤵️

blog.sekoia.io/happy-yara-c...

Proud to share an insightful article on ransomware-driven data exfiltration techniques, written by my colleagues at Sekoia.io! 👏🔐