Trigona ransomware adopts custom tool to steal data and evade detection
Trigona ransomware now uses a custom command-line tool to steal data faster and evade detection, replacing tools like Rclone and MegaSync. Symantec researchers report that recent Trigona ransomware attacks used a custom-built data exfiltration tool instead of common utilities like Rclone or MegaSync. This shift, seen in March 2026 incidents, gives attackers more control and […]
Symantec researchers report that recent Trigona ransomware attacks used a custom-built data exfiltration tool instead of common utilities like Rclone or MegaSync. This shift, seen in March 2026 incidents, gives attackers more control and helps them evade detection, as standard tools are often flagged by security systems. Researchers believe this move shows a growing investment in proprietary malware to stay stealthy.
“The attacks, which occurred in March 2026, mark a significant shift in tactics for Trigona affiliates. The motivation for moving away from publicly available tools remains unknown.” reads the report published by Symantec. “Many publicly available tools are now so well known that they may be flagged by security solutions.”
Related breach coverage
- CVE-2026-3854 GitHub flaw enables remote code execution2026-04-28
Critical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability affects GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise […]
- GitHub fixes RCE flaw that gave access to millions of private repos2026-04-29
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. [...]
- Internet censorship index reveals Russia’s lead and widespread content blocking2026-04-29
Global study shows targeted internet censorship worldwide, with Russia leading; VPNs, news, and adult content are most frequently blocked categories. The Global Internet Censorship Index 2026 offers a clear view of how governments around the world control online access. Researchers tested 74 popular websites across 53 countries using residential proxies to simulate real users. After […]
- New Android spyware Morpheus linked to Italian surveillance firm2026-04-28
Osservatorio Nessuno uncovered Morpheus spyware spreading via fake Android apps to steal data, highlighting rising covert surveillance tools. The non-partisan, non-religious, nonprofit organization Osservatorio Nessuno exposed a new spyware called Morpheus, distributed through fake Android apps posing as updates. Once installed, it can steal extensive data from the infected devices. The report shows strong demand […]