SANS Stormcast Monday, June 16th, 2025: Katz Stealer in JPG; JavaScript Attacks; Reviving expired Discord Invites for Evil
06:44 Share

Katz Stealer in JPG Xavier found some multistage malware that uses an Excel Spreadsheet and an HTA file to load an image that includes embeded a copy of Katz stealer. https://isc.sans.edu/diary/More+Steganography/32044) https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/) JavaScript obfuscated with JSF*CK is being used on over 200,000 websites to direct victims to malware Expired Discord Invite Links Used for Malware Distribution Expired discord invite links are revived as vanity links to direct victims to malware sites https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/)