Resources

QEMU abused to evade detection and enable ransomware delivery

The use of hidden virtual machines (VMs) enables long-term access, credential harvesting, data exfiltration, and PayoutsKing ransomware deployment

Categories: Threat Research

Tags: virtual machine, QEMU, PayoutsKing, GOLD ENCOUNTER, CitrixBleed2

Related resources

22 September 2025

What happens when a cybersecurity company gets phished?

A Sophos employee was phished, but we countered the threat with an end-to-end defense process

7 August 2025

Sophos AI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job

Following on from our preview, here’s Ben Gelman and Sean Bergeron’s research on enhancing command line classification with benign anomalous data

10 October 2025

WhatsApp Worm Targets Brazilian Banking Customers

Counter Threat Unit™ (CTU) researchers are investigating multiple incidents in an ongoing campaign targeting users of the WhatsApp messaging platform. The campaign, which started on September 29, 2025, is focused […]

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

ISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894, (Thu, Apr 16th)

Resources

QEMU abused to evade detection and enable ransomware delivery

Related resources

What happens when a cybersecurity company gets phished?

Sophos AI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job

WhatsApp Worm Targets Brazilian Banking Customers

Links

Enterprise Solutions

SMB Solutions

Contact Us

Follow Us