Cybersecurity

New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass

53 sec read2 views0 listens

New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass

A new malware framework called TencShell has been identified by researchers at Proofpoint. This sophisticated threat leverages various techniques to evade detection and maintain persistence on compromised systems.

Key Features of TencShell:

Screen Control:
- TencShell can capture screenshots from the victim's screen, allowing attackers to monitor activities remotely.
Browser Artifact Access:
- The malware has the capability to access browser artifacts such as cookies and session tokens, facilitating credential theft and lateral movement.
UAC Bypass:
- TencShell employs techniques to bypass User Account Control (UAC), enabling it to execute commands with elevated privileges without user consent.

Technical Details:

File Hashes:
- MD5: defanged
- SHA1: defanged
- SHA256: defanged
IP Addresses and Domains:
- C&C Server IP: [.]
- Malware Distribution Domain: [.]
Persistence Mechanisms:
- Registry Key: `\Software\Microsoft\Windows\CurrentVersion

Read the full article at Cyber Security News

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network

Summary Chinese state-sponsored hackers have exploited a recently disclosed vulnerability in Microsoft Exchange to breach an energy sector network. The attack involved multiple stages, including the deployment of web shells and malicious DLLs, result...

Ali Nemati

AI & Machine Learning4 days ago24 sec read

The attack surface moved inside the agent. So did Arcjet.

Arcjet introduced Guards, a security tool that enforces policies within AI agents and agentic systems, addressing the limitations of traditional web application firewalls which are ineffective against internal threats. This development is crucial for...

Ali Nemati

Cybersecurity5 days ago24 sec read

New cPanel and WHM Flaws Enable Code Execution, DoS Attacks

cPanel has disclosed three critical vulnerabilities in its web hosting control panel and WP Squared platform, enabling arbitrary file reads, Perl code injection, and denial-of-service attacks. Immediate patching is essential for server administrators...

Ali Nemati

Cybersecurity6 days ago23 sec read

Blackwater Targets Minidoka Memorial Hospital in Ransomware Attack

On May 2, 2026, the ransomware group Blackwater attacked Minidoka Memorial Hospital in the USA, threatening to release sensitive data unless demands are met. This attack highlights the growing risk of ransomware targeting critical infrastructure and ...

Ali Nemati

Cybersecurity6 days ago25 sec read

New ZiChatBot Malware Uses Zulip REST APIs as Command and Control Server

ZiChatBot malware uses Zulip's REST APIs to receive commands, making it harder for security tools to detect. This threat was delivered through malicious Python packages on PyPI that masqueraded as legitimate development libraries, targeting both Wind...

Ali Nemati

New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass

New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass

Key Features of TencShell:

Technical Details:

Related Articles

Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network

The attack surface moved inside the agent. So did Arcjet.

New cPanel and WHM Flaws Enable Code Execution, DoS Attacks

Blackwater Targets Minidoka Memorial Hospital in Ransomware Attack

New ZiChatBot Malware Uses Zulip REST APIs as Command and Control Server