🦠 Ransomware & Malware

Red Ladon Poisons Australian News Sites with ScanBox Keyloggers

Click that 'Sick Leave' email from Australian Morning News. Boom—your keystrokes are ScanBox's. China's Red Ladon just dusted off a 10-year-old trick for fresh espionage.

Sarah Chen 📅 Apr 03, 2026 ⏱️ 3 min read 👁️ 0 views

Compromised fake Australian news site loading ScanBox JavaScript keylogger

⚡ Key Takeaways

Red Ladon uses ScanBox in watering holes mimicking Aussie news to keylog without disk malware.
WebRTC/STUN enables NAT traversal, turning browsers into stealth C2 channels.
Ties to China's MSS signal South China Sea cyber-escalation; expect broader use.

🧠 What's your take on this?

Cast your vote and see what Threat Digest readers think

Written by

Sarah Chen

AI research editor covering LLMs, benchmarks, and the race between frontier labs. Previously at MIT CSAIL.

#APT TA423 #Red Ladon #ScanBox keylogger #watering hole attacks

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Threatpost

Red Ladon Poisons Australian News Sites with ScanBox Keyloggers

⚡ Key Takeaways

The 60-Second TL;DR

🧠 What's your take on this?

Community Consensus

Sarah Chen

Worth sharing?

⚡ Key Takeaways

The 60-Second TL;DR

🧠 What's your take on this?

Community Consensus

Sarah Chen

Share this article

Worth sharing?

Related Stories

0ktapus Phishing Snags 10,000 Credentials Across 130 Companies—Your MFA Is the Weak Link

Claude Code's 50-Command Cap: The Bypass That Unlocks Your Dev Machine

REF1695's ISO Trick: $9K Crypto Haul from Fake Installers and RATs

FBI, CISA Blast: Russian Phishers Hijacking Signal and WhatsApp Accounts Worldwide

Stay in the loop