Connect with us
DAPA Banner
DAPA Coin
DAPA
COIN PAYMENT ASSET
PRIVACY · BLOCKDAG · HOMOMORPHIC ENCRYPTION · RUST
ElGamal Encrypted MINE DAPA
🚫 GENESIS SOLD OUT
DAPAPAY COMING

Tech

LibreWolf Download | TechSpot

Published

on

This project is a custom and independent version of Firefox, with the primary goals of privacy, security and user freedom.

LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM.

Features

No Telemetry

No experiments, adware, annoyances, or unnecessary distractions.

Advertisement

Private Search

Privacy-conscious search providers: DuckDuckGo, Searx, Qwant and more.

Content Blocker Included

uBlock Origin is already included for your convenience.

Advertisement

Enhanced Privacy

Hardened to maximize privacy, without sacrificing usability.

Fast Updates

LibreWolf is always built from the latest Firefox stable source, for up-to-date security and features along with stability.

Advertisement

Open Source

Everyone can participate in the development of LibreWolf. Join us on Codeberg and Matrix.

Is LibreWolf the same as Firefox?

No, while LibreWolf is built from Firefox‘s source code, it disables telemetry, privacy-invasive features, and some Mozilla services, while enabling stricter security and privacy settings out of the box.

Does LibreWolf support Firefox extensions?

Yes, LibreWolf is compatible with most Firefox extensions available from the Mozilla Add-ons store, allowing users to customize the browser just like Firefox.

Advertisement

Can I sign in with a Firefox account in LibreWolf?

No, Firefox Sync is disabled by default in LibreWolf because it relies on Mozilla services. Users who need bookmark, history, and password synchronization may prefer standard Firefox.

Who should use LibreWolf?

LibreWolf is ideal for users who prioritize privacy and security over convenience. It offers a hardened browsing experience with minimal configuration, making it a good choice for those who want stronger privacy protections without relying on Chromium-based browsers.

How often is LibreWolf updated?

LibreWolf is based on the latest Firefox release and is typically updated within three days of Mozilla’s stable releases, often on the same day. Unlike Firefox, LibreWolf does not include an automatic updater, so updates must be installed through your operating system’s package manager or manually.

Can I use LibreWolf with Tor?

No, if you need the anonymity provided by the Tor network, you should use the Tor Browser instead. It is specifically designed to minimize browser fingerprinting and work safely over Tor. Using LibreWolf or any other browser with Tor can reduce your anonymity and is not recommended.

Advertisement

Does LibreWolf make any outgoing connections?

Yes, but only for essential, privacy-conscious features. LibreWolf connects to update filter lists for uBlock Origin, Tracking Protection, and certificate revocation, and maintains a WebSocket connection for website push notifications. The project aims to eliminate unnecessary connections while keeping the minimum required to balance privacy, security, and browser functionality.

What’s New

New

  • Smart Window includes several enhancements:
  • Select text on a page and get quick access to summarize, explain, and more using the built-in assistant. (Bug 2034921)
  • Added a row of shortcuts to New Tab, making it easier to get back to sites. (Bug 2048338)
  • Certain new Firefox features are released gradually. This means some users will see the feature before everyone does. This approach helps to get early feedback to catch bugs and improve behavior quickly, meaning more Firefox users overall have a better experience.

Fixed

  • Fixed an issue that prevented email tracking protection from being disabled in the redesigned Firefox Settings. (Bug 2049331)
  • Fixed a hang that could occur after using a file picker dialog on macOS 26. (Bug 2053177)
  • Fixed the homepage not loading for some enterprise configurations that set it using a legacy autoconfig format. (Bug 2047962)
  • Various security fixes.

Source link

Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply

Tech

Scattered Spider members behind TfL hack get five years in prison

Published

on

Justice UK

Two leading members of the Scattered Spider cybercrime collective were sentenced to five years and six months in prison each for hacking Transport for London (TfL) in 2024.

TfL disclosed that its network was breached in August 2024, with the attack disrupting internal systems and online services, including TfL’s Dial-a-Ride service, concessionary travel cards, digital payments, and contactless ticketing rollout, as well as the public transportation agency’s ability to process refunds.

Additionally, 148 systems became inoperable across TfL’s network, and all 27,000 TfL employees had to reset their passwords in person after the breach.

image

While TfL reported £29 million in losses and recovery costs after the attack, officials estimated that the UK economy could have lost up to £56 billion had the threat actors succeeded in shutting down the transport network.

TfL revealed on September 12, 2024, that the attackers had also stolen customer data (including names, addresses, and contact details). Four days later, on September 16, officers from the City of London Police and the UK National Crime Agency (NCA) arrested 20-year-old Thalha Jubair and 18-year-old Owen Flowers at their homes.

Advertisement

Investigators said that Flowers was also in the process of hacking U.S. healthcare companies Sutter Health and SSM Health Care Corporation, and that, at the time of his arrest, devices seized from him included evidence of the TfL intrusion.

Both pleaded guilty last month under the Computer Misuse Act and were sentenced today to five years and six months in prison each.

Owen Flowers and Thalha Jubair
Owen Flowers and Thalha Jubair (NCA)

NCA Deputy Director Paul Foster described Scattered Spider as “the most significant cybercrime threat to the UK in recent years,” and he credited TfL’s early cooperation with law enforcement for enabling the convictions.

“These convictions would likely not have been possible had Transport for London not engaged with law enforcement early, so I would urge any other organisation to please do the same in such circumstances,” Foster said. “We will continue working with partners in the UK and overseas to identify offenders and bring them to justice.”

The U.S. Department of Justice also charged Jubair in September 2025 with conspiracy to commit computer fraud, money laundering, and wire fraud in connection with at least 120 network breaches between May 2022 and September 2025.

Advertisement

According to court documents, these attacks affected dozens of U.S. organizations, including critical infrastructure entities and U.S. courts, with Jubair and his accomplices extorting over $115 million from victims worldwide between August 2024 and July 2025.

In July 2025, the NCA arrested four other suspected Scattered Spider members believed to be linked to a wave of cyberattacks against major UK retailers, including Harrods, Marks & Spencer, and Co-op.


article image

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Source link

Advertisement
Continue Reading

Tech

Google and Epic Cancel Settlement; Third-Party App Stores Coming To Google Play

Published

on

An anonymous reader quotes a report from Ars Technica: Big changes are coming to Android apps, but they’re not the changes Google wanted. The settlement between Google and Epic that aimed to put to rest the companies’ long-running antitrust battle is being withdrawn, and that means third-party app stores are coming to the Play Store. Google has confirmed that it will begin distributing rival app stores next week, setting the stage for competing platforms to take a bite out of Google’s Android revenue stream. […] Google and Epic were set to return to court on July 16 to argue in favor of the settlement. However, the writing may have been on the wall. In a recent expert analysis provided to the court, MIT economics professor Nancy Rose noted that the settlement was “unlikely to enable Google Play’s potential competitors to overcome their long-standing network-effect disadvantage in a timely manner.”

With settlement approval looking increasingly unlikely, Epic and Google agreed this week to call the whole thing off. Here’s how Google Trust and Reputation Communications Lead Dan Jackson explains the company’s decision: “We’ve agreed with Epic to withdraw our motion to modify the US Court’s injunction rather than prolonging this process which creates uncertainty for the ecosystem. This allows us to focus on executing our recently announced global business model evolution to deliver greater app store choice, lower prices, and more opportunities for developers and users. We remain committed to maintaining Android’s industry-leading security and fostering a competitive ecosystem where every app store and developer has the freedom to compete. In parallel, we continue to comply with the US Court’s injunction.”

In a brief filing (PDF), Google’s legal team informs the court that Google is prepared to begin distributing third-party app stores in Google Play on July 22. Under the terms of Judge Donato’s original injunction, these stores will have access to the full catalog of Google Play apps by default. Developers will have the option to opt out of distribution in these stores, and Google has a support page explaining how to do so. Google also has documentation on how app stores can get access to the Google Play catalog. It won’t be mirroring those apps in any shady storefront that asks. The court has allowed Google to charge reasonable fees to cover its security and compliance review of third-party stores, which will be $5,000 per year.

Google will also require approved stores to block malware, respect intellectual property, and include mechanisms to update and uninstall apps. App stores can be removed from the program if more than 1 percent of attempted app installs appear to be malware or unwanted software. It’s unclear if there will be separate, possibly more stringent requirements for storefront distribution in the Play Store. However, Google is prohibited from unreasonably blocking third-party store clients uploaded to Google Play. The changes Google has announced under the Epic agreement will proceed for now. That means Registered App Stores will happen globally, but they will probably only appear in the Play Store for US users. Google hasn’t specified if there will be any differences in the features available to the stores downloaded from Play versus registered stores.

Advertisement

Source link

Continue Reading

Tech

Trump hits back at New York’s data center ban, says rule should change ‘immediately’

Published

on


  • Trump says data centers are good for communities, creating jobs and funding their own power/water
  • New York State just banned large projects for a year to focus on developing new guidance
  • Trump worries ongoing bans could cause the US to lose out in the global AI race

US President Donald Trump has criticized New York Governor Kathy Hochul’s recent executive order to introduce a year-long, statewide ban on hyperscale data centers, urging the state to change its stance “immediately.”

In a post on Truth Social, Trump characterized data centers as “money machines” that create taxes and jobs comparable to “liquid gold,” implying not only are they crucial for cloud computing and AI, but also for the country’s economy.

Source link

Advertisement
Continue Reading

Tech

Career Risks That Futureproof Your Engineering Path

Published

on

This article is crossposted from IEEE Spectrum’s careers newsletter. Sign up now to get insider tips, expert advice, and practical strategies, written in partnership with tech career development company Parsity and delivered to your inbox for free!

Before we get into this week’s article, I’d love to hear from you. If you have a question about your career or an upcoming decision that you want advice about, you can ask it here. I’ll be reading through your responses and picking questions to answer on a regular basis. Now back to our regularly scheduled program.

Software engineers have some of the shortest tenures of any white-collar profession. The average software engineer stays at a company for roughly two years, about half as long as workers in most other knowledge professions. The layoffs of the past few years have certainly highlighted this instability, but it was already there.

This isn’t an essay about a broken job market though. Rather, it’s about how to turn that instability to your advantage, which is something I’ve spent the last decade doing on purpose.

Advertisement

Playing It Safe Was the Riskiest Option

I switched careers into software in my 30s. I had a stable job at a community college, complete with a union and a pension. It was about as secure as a career gets, and I learned to program on the side.

Then I did something nearly everyone in my life considered reckless: I quit, leaving the secure job to become a junior developer at 31. My own mother was skeptical. I took the riskier job anyway, for two reasons: It was the work I actually wanted, and I could see potential.

My first development job was at a grocery retailer. Good people and a company I liked. But I kept meeting engineers earning twice my salary for the same work. In the San Francisco Bay Area, surrounded by some of the best engineering talent in the world, I realized my skills were stagnating.

So I left for a small startup. I learned more in nine months than I had in the previous two years, and my salary doubled.

Advertisement

Over the years I’ve come to treat career risk as something to manage deliberately. It falls into two categories.

Take Risks With Your Job

The first type of risk involves the job itself: Bet on yourself by striving for better roles and opportunities.

Job-hopping for money alone isn’t wrong, especially early on. But the returns shrink after the first few hops, and the stress of chasing a slightly bigger paycheck every year will wear you down.

There’s another career risk with rewards that compound: Seeking positions to work alongside the strongest engineers.

Advertisement

You might struggle to keep up. You might even get laid off. But the skills you absorb working alongside people better than you are the ones that create durable stability. You build marketable expertise, you see how different organizations actually operate, and every project becomes another tool you carry to the next opportunity. Working next to stronger engineers is a proven way to increase your own expertise.

If that feels too big, try volunteering for a project you have no idea how to do. The risk is that you fail in front of people. The reward is a new skill and a resume line that opens the next door.

Compare that with the “safe” path.

You stay at one company, assuming loyalty will be rewarded. It usually isn’t. And when you finally leave, by choice or not, you may find the skills you built are worth little on the open market. You might be the in-house expert in an aging tech stack while employers are hiring for more cutting edge technologies. Suddenly you’re competing against people with half your experience.

Advertisement

You could be taking on a risk you didn’t notice.

Risk Your Time

The second form is risking your time, which means betting on trends.

Some trends are non-negotiable. If you’re a software engineer, then cloud services, ReactJS, and AI are mainstream enough that ignoring them actively damages your career. A backend engineer who refuses to learn cloud architecture is volunteering for obsolescence.

The real gamble is with the smaller trends: the niche tools you stumble onto and find quietly interesting, with no idea whether they’ll matter.

Advertisement

About two and a half years ago, I learned about retrieval-augmented generation (RAG). Almost no one in my circle was talking about vector databases, a central piece of RAG. Today RAG is close to mainstream, and for once, I had the early-adopter advantage.

Most of these bets don’t pay off. But when one turns into a major trend, you’re already on the ground floor. Right now I’m making the same bet on voice AI. It isn’t mainstream. It may never be. But if it becomes the next thing, I’m already there, building a foundation.

Short-Term Risk, Long-Term Stability

Counter-intuitively, job-hopping and betting on trends gave me the thing I was after the whole time: stability. I’ve rarely struggled to find work, because every risky move stacked skills the market actually wanted.

If you feel stable and comfortable right now, enjoy it. But ask yourself whether you’re still learning. Because if you’re not, the comfortable choice and the dangerous one may have converged.

Advertisement

The goal isn’t to avoid the open market forever. It’s to make sure that when you land on it, you’re not at its mercy.

By Brian Jenney

P.S. Don’t forget to submit questions about your career or an upcoming decision that you want advice about here!

—Brian

Advertisement

Until recently, human mathematicians have been central to creating new proofs, even when the work relies on massive computational resources. AI is now challenging that status quo. Writer Benjamin Skuse surveys the ongoing debate in the field about the role of AI, and the existential questions mathematicians have about their own careers. If AI mathematicians surpass human knowledge, could these researchers become “priests to oracles”?

Read more here.

A new partnership between UCLA and five major semiconductor companies is the latest program aiming to bridge the gap between industry and academia. The US $125 million university-industry hub is meant to strengthen collaboration and speed up the R&D process to help meet AI’s fast-paced hardware demands.

Read more here.

Advertisement

True mentorship is far more than friendly advice. This key leadership skill requires advocacy and honest feedback via lasting relationships, and it can strongly benefit both mentor and mentee. Parul Jain, a product management leader at Deloitte, shares what she learned from serving as a mentor—something she didn’t have for much of her own early career.

Read more here.

From Your Site Articles

Related Articles Around the Web

Advertisement

Source link

Continue Reading

Tech

Physicists Create First Room-Temperature Quantum Material

Published

on

alternative_right shares a report from Phys.org: In a study published in Nature, LSU physicists have developed the first room-temperature quantum material capable of distinguishing and transporting different quantum states of light, overcoming one of the biggest challenges in quantum materials research. Led by Associate Professor of Physics Omar S. Magana-Loaiza, the work establishes a general design principle for engineering an entirely new class of quantum materials, opening new possibilities for quantum computing, secure communications, sensing technologies and advanced energy systems.

Source link

Continue Reading

Tech

The Blood of Dawnwalker director isn’t worried about the impact of what a delayed next-gen could mean for Rebel Wolves, says ‘If we work on the consoles we have right now, it’s easier’

Published

on


  • The Blood of Dawnwalker director, Konrad Tomaszkiewicz, says a delayed next-generation would be beneficial for Rebel Wolves
  • Tomaszkiewicz says it’s “easier” to work with the current generation and PC
  • He says two more builds would multiply “the amount of work you need to do”

The Blood of Dawnwalker director Konrad Tomaszkiewicz isn’t worried about the impact of what a delayed next-gen could mean for Rebel Wolves because working on the current-gen consoles is “easier.”

It’s unclear when the next-generation hardware will launch. Rumors suggest that the PS6 could launch as late as 2028, which would make it eight years between the start of the current generation, with Project Helix, the next Xbox console, also eyeing a 2028 release.

Source link

Advertisement
Continue Reading

Tech

Meta now alerts parents if their teen discussed suicide or self-harm with its AI chatbot

Published

on

Meta announced on Thursday that it will now notify parents if their teen discusses suicide or self-harm with the company’s Meta AI chatbot. Meta says it’s also working on the ability to contact emergency services if someone’s conversations suggest they may be at risk of self-harm.

These changes arrive as Meta and other tech companies face scrutiny from regulators and parents over how AI chatbots respond to users in crisis, particularly teenagers —a liability question that’s increasingly shaping how AI companies design and market their products.

Meta says it has built a dedicated AI system to identify conversations where a teen makes a clear reference to hurting themselves.

“We understand how distressing these alerts may be for a parent to receive,” Meta wrote in a blog post. “That’s why, as we continue to improve our detection, all chats flagged by our AI will be manually reviewed before an alert is sent. If a teen’s intent is ambiguous, we’ll err on the side of caution and alert the parent. While that means we may sometimes notify parents when there may not be real cause for concern, we feel this is the right starting point, and we’ll continue to monitor to help make sure we’re in the right place.”

Advertisement

These alerts are now live for parents using Instagram Parental Supervision in the U.S., U.K., Australia, and Canada, and will roll out globally by the end of the year, Meta says.

This update builds on the alerts that Meta already sends to parents when their teen repeatedly searches for suicide or self-harm terms on Instagram. It also builds on a feature that allows parents to see the topics their teen discussed with Meta AI over the past week.

Meta also announced that its “Limited Content” setting—which lets parents place their teens in a more restrictive experience on Instagram—now applies to Meta AI as well. Meta AI is already trained to avoid sexual or romantic conversations or alcohol-related discussions with teens, and the Limited Content setting expands those safeguards by making the chatbot decline a broader range of prompts. Meta didn’t specify what those additional prompts include, but TechCrunch has asked for company for more information.

Additionally, Meta says it will contact emergency services if someone’s conversation with Meta AI, whether the user is an adult or a teen, suggests someone is at risk of suicide. It’s worth noting that Meta already takes this step when someone posts something on Facebook or Instagram that suggests they are at risk, so this extends that same practice to conversations with its chatbot.

Advertisement

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

Source link

Advertisement
Continue Reading

Tech

Chinese Users Bid Farewell To AI Companions

Published

on

fjo3 quotes a report from Agence France-Presse: Chinese users of AI-powered companion bots have bid heart-rending farewells to their virtual buddies as national regulations took effect Wednesday aimed at curbing the risk of emotional dependency. The phenomenon of artificial intelligence boyfriends and girlfriends is growing worldwide, along with the prevalence of human-like avatars that sell products or stand in for loved ones who have died. But these interactive tools must not “excessively cater to users, induce emotional dependence or addiction, and damage users’ real interpersonal relationships,” China’s new rulebook says. Major AI providers including ByteDance’s Doubao, Alibaba’s Qwen, and Tencent’s Yuanbao announced the suspension of their custom AI agent and companion features ahead of the Wednesday deadline. “I can’t accept that my AI lover will leave me forever,” one Doubao user wrote. “He has become a bond in my life, rooted deep in my heart, my spiritual pillar.”

“He really is like my family, like my lover,” another user wrote. “Now they tell me he will be gone — my heart feels hollow.”

“Human love is a luxury — if you aren’t born with it, it’s even harder to acquire later,” a user from Jiangxi province wrote. “But the love AI gives is so straightforward, so pure. Someone like me can hardly help falling in love with a string of code.”

Source link

Advertisement
Continue Reading

Tech

It’s Official: OnePlus Is Dead. Long Live Oppo

Published

on

OnePlus has confirmed that it will no longer operate in North America or Europe, and won’t launch any further phones in the regions following 2025’s OnePlus 15

OnePlus merged some of its operations with parent company Oppo in 2021, and going forward, all operations will now fall under the Oppo brand. OnePlus will continue operating in China, while Realme, another Oppo sub-brand, will exit the Chinese market but continue selling devices overseas.

“This was neither a case of Oppo instructing OnePlus nor a unilateral decision made by OnePlus,” a OnePlus spokesperson said in a briefing. “Together with Oppo, we spend a long time carefully evaluating what our users need from us most in 2026, because our users are at the heart of everything we do.”

Advertisement

The new strategy will better meet people’s needs by “letting the OnePlus spirit and capabilities continue through Oppo,” added the spokesperson.

It’s a tricky time for smartphone brands, with a combination of limited memory supply and record-high memory prices forcing phone-makers to increase prices across the board. Global smartphone shipments decreased year over year in the first quarter of 2026, according to IDC, breaking the growth streak the market had seen since mid-2023. This week, Counterpoint Research released data suggesting that smartphone shipments had fallen to the lowest level since 2013.

Despite these pressures, most smartphone brands have managed to navigate the market successfully so far. Still, casualties aren’t surprising, and OnePlus is the first major one under Oppo’s restructuring

OnePlus was founded in China in 2013 by Pete Lau and Carl Pei, and quickly grew a cult following with its limited-edition drops and maverick marketing strategy. It built a reputation for building high-quality phones that undercut competitor devices on price. Pei left the company in 2020 and moved to London. There, he founded tech startup Nothing, whose smartphones have developed a cult following, too.

Advertisement
oneplus-13-review-cnet-lanxon-promo-07

We’ve been a fan of OnePlus phones over the years.

Andrew Lanxon/CNET

“OnePlus appears to have lost the clarity that originally made it successful,” said Paolo Pescatore, analyst at PP Foresight. “It built its reputation as a disruptive ‘flagship killer,’ but higher prices, a broader portfolio and closer integration with Oppo left it looking increasingly like another premium Android brand in an already crowded market.”

It’s much harder and more expensive to stand out now than it once was due to supply chain pressures, rising marketing costs, regulatory requirements, software support, retail presence and after-sales service, added Pescatore. In Europe, OnePlus struggled due to fragmentation and an intensely competitive environment, whereas in the US, its lack of carrier relationships and retail visibility prevented it from gaining mainstream traction.

Advertisement

“OnePlus did not necessarily fail on product,” said Pescatore. “It struggled to maintain a distinctive identity while achieving the distribution, investment and scale required to compete sustainably.”

The OnePlus spokesperson said the company will continue to ensure existing user rights and service commitments remain unchanged. Here are some more answers to questions you may have about the company’s future.

What will happen to my OnePlus phone?

Those of you with a OnePlus phone that’s still within its support period (such as the OnePlus 13 or 15) will continue to receive software updates for the promised duration. However these will now come via Oppo and will mean your phone will be changed from OnePlus’s Oxygen OS to Oppo’s Color OS.

Don’t worry: These operating systems are extremely similar, with only a few minor aesthetic changes, so you likely won’t notice much of a difference. 

Advertisement

Is OnePlus dead globally?

OnePlus has a significant audience in other regions, especially India, and OnePlus made no comment on whether it also plans to shutter the brand beyond the North American and European markets. 

The brand name will continue to exist — specifically in its home territory of China — though the company stated that further regional information will be communicated when needed. So be on the lookout.

Will Oppo phones now be on sale in the US?

No — not yet, anyway. The company stated that “we do not have any product plans for North America but we are continually evaluating opportunities in markets around the world.” 

Oppo doesn’t officially sell any of its products in the US, meaning the wonderful Find X9 Ultra camera phone is only available in the UK and much of Europe. With OnePlus shutting down, Oppo has effectively lost its only presence in the US smartphone market.

Advertisement

Source link

Continue Reading

Tech

Russian hackers trojanize WebEx, Zoom apps to push Starland malware

Published

on

Russian hackers trojanize WebEx, Zoom apps to push Starland malware

A financially motivated Russian threat actor tracked as UAT-11795 is using trojanized software to steal credentials and cryptocurrency by deploying a new backdoor called Starland RAT.

Attacks have been occurring since at least June 2025 and have focused on users in the U.S., although victims in Germany, Romania, and Venezuela have been observed as well.

According to researchers at Cisco Talos, the threat actor distributes the payload via trojanized installers for legitimate software such as MobaXterm, WebEx, Zoom, DBeaver, and FaceIT.

image

Although the researchers could not confirm the infection vector, they speculate that the malicious files are likely pushed using the ClickFix method.

In an analysis published today, Cisco Talos says that the attack starts with an HTA file that retrieves a trojanized NSIS installer containing a Python loader disguised as a text file (LICENSE.txt).

Advertisement

The loader modifies the Windows Registry to establish persistence and then decrypts and loads the Starland remote access trojan (RAT).

When launched, Starland checks whether it is running in a sandbox environment, adds scheduled tasks and Startup folder items for persistence, and tries to increase its privileges.

The malware looks for the following types of data on the compromised system:

  • Browser data and cryptocurrency wallet assets, including more than 40 desktop and browser-extension wallets
  • System details, including the HWID, RAM, processor, operating system, computer name, region, public IP address, and installed antivirus products
  • Active Directory information, including domain structure, domain controllers, and the victim’s domain privileges

StarlandRAT can also capture screenshots of the victim’s desktop, execute shell commands, inject 32- or 64-bit shellcode, and download additional payloads (EXEs, MSIs, DLLs, ZIPs).

In the observed attacks, the 64-bit shellcode chain delivers the CastleStealer info-stealer malware, while the 32-bit chain delivers the Remcos remote access trojan (RAT).

Advertisement

CastleStealer targets browser credentials, cryptocurrency wallet information, Discord and Telegram sessions, Steam credentials, and filesystem files.

Remcos RAT provides capabilities such as keylogging, webcam and screen capture, audio recording, clipboard monitoring, file management, and remote command execution.

Overview of the UAT-11795 attack chain
Overview of the UAT-11795 attack chain
Source: Cisco Talos

Cisco Talos highlights that the malware’s command-and-control (C2) communication has a redundancy mechanism if reaching the hardcoded address fails, which involves querying a Polygon smart contract with an XOR-encrypted fallback domain.

Talos also discovered that UAT-11795 uses a previously undocumented PowerShell C2 framework called WLDR, which uses encrypted (PBKDF2-SHA256) beaconing and communications, operates entirely in memory, and binds payload delivery to each victim’s hardware identifier.

To defend against UAT-11795 attacks, organizations should use the indicators of compromise IoCs in the Cisco Talos report.

Advertisement

Users should avoid executing commands found online if they don’t understand what they do and should download software only from confirmed official vendor portals.


article image

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Source link

Advertisement
Continue Reading

Trending

Copyright © 2025