Virus List - 2026 2025 2024 2023 2021 2020 2019 2018 2017
DATE |
NAME |
Info |
CATEG. |
WEB |
| 12.4.26 | New ‘LucidRook’ malware used in targeted attacks on NGOs, universities | A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. | Virus | |
| 12.4.26 | Google Chrome adds infostealer protection against session cookie theft | Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. | Virus | |
| 12.4.26 | New macOS stealer campaign uses Script Editor in ClickFix attack | A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal. | Virus | BleepingComputer |
| 11.4.26 | GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs | Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to | Virus | The Hacker News |
| 11.4.26 | Why Simple Breach Monitoring is No Longer Enough | Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks. | Virus | BleepingComputer |
| 10.4.26 | Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers | Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. | Virus | The Hacker News |
| 10.4.26 | New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy | Cybersecurity researchers have flagged a new variant ofmalware called Chaos that'scapable of hitting misconfigured cloud deployments, marking an | Virus | The Hacker News |
| 5.4.26 | New CrystalRAT malware adds RAT, stealer and prankware features | A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities. | Virus | BleepingComputer |
| 5.4.26 | New EvilTokens service fuels Microsoft device code phishing attacks | A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks | Virus | |
| 5.4.26 | 'NoVoice' Android malware on Google Play infected 2.3 million devices | A new Android malware dubbed NoVoice exploited known vulnerabilities to gain root access and has been distributed through more than 50 apps on Google Play Store, with at least 2.3 million downloads. | Virus | BleepingComputer |
| 4.4.26 | Hackers compromise Axios npm package to drop cross-platform malware | Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. | Virus | |
| 2.4.26 | Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners | A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and | Virus | The Hacker News |
| 1.4.26 | New Infinity Stealer malware grabs macOS data via ClickFix lures | A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. | Virus | BleepingComputer |
| 1.4.26 | Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass | Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, | Virus | The Hacker News |
| 31.3.26 | Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains | Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a | Virus | The Hacker News |
| 31.3.26 | Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account | The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious | Virus | The Hacker News |
| 31.3.26 | DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials | A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as | Virus | The Hacker News |
| 29.3.26 | Backdoored Telnyx PyPI package pushes malware hidden in WAV audio | TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. | Virus | |
| 29.3.26 | Fake VS Code alerts on GitHub spread malware to developers | A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. | Virus | |
| 29.3.26 | Suspected RedLine infostealer malware admin extradited to US | An Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years | Virus | |
| 29.3.26 | New Torg Grabber infostealer malware targets 728 crypto wallets | A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. | Virus | |
| 26.3.26 | VoidStealer malware steals Chrome master key via debugger trick | An information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. | Virus | |
| 25.3.26 | GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data | Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an | Virus | The Hacker News |
| 25.3.26 | TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise | TeamPCP , the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm , pushing two | Virus | The Hacker News |
| 24.3.26 | TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials | Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as | Virus | The Hacker News |
| 24.3.26 | North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware | The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked | Virus | The Hacker News |
| 24.3.26 | Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper | Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack , highlighting the widening | Virus | The Hacker News |
| 21.3.26 | New ‘Perseus’ Android malware checks user notes for secrets | A new Android malware called Perseus is checking user-curated notes to steal sensitive information, like passwords, recovery phrases, or financial data. | Virus | |
| 21.3.26 | GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX | The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. | Virus | |
| 20.3.26 | Stryker attack wiped tens of thousands of devices, no malware needed | Last week's cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. | Virus | BleepingComputer |
| 20.3.26 | Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers | Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called | Virus | The Hacker News |
| 20.3.26 | New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data | Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to | Virus | The Hacker News |
| 17.3.26 | Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware | North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop | Virus | The Hacker News |
| 17.3.26 | GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos | The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of | Virus | The Hacker News |
| 16.3.26 | DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage | Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 | Virus | The Hacker News |
| 15.3.26 | GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers | Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it | Virus | The Hacker News |
| 15.3.26 | FBI seeks victims of Steam games used to spread malware | The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform. | Virus | |
| 15.3.26 | Medtech giant Stryker offline after Iran-linked wiper malware attack | Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. | Virus | BleepingComputer |
| 14.3.26 | New BeatBanker Android malware poses as Starlink app to hijack devices | A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. | Virus | |
| 14.3.26 | New 'Zombie ZIP' technique lets malware slip past security tools | A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. | Virus | |
| 14.3.26 | The New Turing Test: How Threats Use Geometry to Prove 'Humanness' | Malware is evolving to evade sandboxes by pretending to be a real human behind the keyboard. The Picus Red Report 2026 shows 80% of top attacker techniques now focus on evasion and persistence, including geometry-based cursor tests and CPU timing checks. | Virus | |
| 14.3.26 | Dutch govt warns of Signal, WhatsApp account hijacking attacks | Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. | Virus | BleepingComputer |
| 13.3.26 | Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays | Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that's written in Rust, marking a significant departure | Virus | The Hacker News |
| 10.3.26 | KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet | Cybersecurity researchers have discovered a new malware called KadNap that's primarily targeting Asus routers to enlist them into a botnet for proxying | Virus | The Hacker News |
| 10.3.26 | Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials | Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) | Virus | The Hacker News |
| 8.3.26 | Chinese state hackers target telcos with new malware toolkit | Chinese state hackers target telcos with new malware toolkit | Virus | |
| 8.3.26 | Wikipedia hit by self-propagating JavaScript worm that vandalized pages | The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. | Virus | |
| 7.3.26 | Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks | A previously undocumented set of 23 iOS exploits named "Coruna" has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks. | Virus | |
| 7.3.26 | Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT | Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted | Virus | The Hacker News |
| 6.3.26 | Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer | Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way | Virus | The Hacker News |
| 6.3.26 | Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware | A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry | Virus | The Hacker News |
| 5.3.26 | Microsoft: Hackers abuse OAuth error flows to spread malware | Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. | Virus | |
| 4.3.26 | Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux | Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform | Virus | The Hacker News |
| 3.3.26 | Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets | Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional | Virus | The Hacker News |
| 1.3.26 | CISA warns that RESURGE malware can be dormant on Ivanti devices | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. | Virus | |
| 28.2.26 | 1Campaign platform helps malicious Google ads evade detection | A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers. | Virus | |
| 27.2.26 | Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor | Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and | Virus | The Hacker News |
| 27.2.26 | ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks | The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for | Virus | The Hacker News |
| 27.2.26 | Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms | Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a | Virus | The Hacker News |
| 26.2.26 | Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware | A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick | Virus | The Hacker News |
| 26.2.26 | Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware | Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal | Virus | The Hacker News |
| 24.2.26 | Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb | Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke | Virus | The Hacker News |
| 23.2.26 | Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens | Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at | Virus | The Hacker News |
| 22.2.26 | Predator spyware hooks iOS SpringBoard to hide mic, camera activity | Intellexa's Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. | Virus | |
| 22.2.26 | Google blocked over 1.75 million Play Store app submissions in 2025 | Google says that through 2025, it blocked more than 255,000 Android apps from obtaining excessive access to sensitive user data and rejected over 1.75 million apps from being published on Google Play due to policy violations. | Virus | |
| 22.2.26 | How infostealers turn stolen credentials into real identities | Infostealer dumps increasingly tie stolen credentials to real identities, linking usernames, cookies, and behavior across personal and enterprise accounts. Specops explains how analyzing 90,000 dumps shows reuse fuels enterprise risk and how continuous AD scanning disrupts that cycle. | Virus | |
| 22.2.26 | New 'Massiv' Android banking malware poses as an IPTV app | A newly identified Android banking trojan named Massiv has been under active distribution across south Europe, disguised as an IPTV app. | Virus | |
| 20.2.26 | ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware | Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously | Virus | The Hacker News |
| 19.2.26 | Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users | Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover ( DTO ) attacks for | Virus | The Hacker News |
| 19.2.26 | CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware | Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST , likely targeting supporters of Iran's ongoing protests to | Virus | The Hacker News |
| 19.2.26 | Infostealer malware found stealing OpenClaw secrets for first time | With the massive adoption of the OpenClaw agentic AI assistant, information-stealing malware has been spotted stealing files associated with the framework that contain API keys, authentication tokens, and other secrets. | Virus | |
| 19.2.26 | CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups | CTM360 reports 4,000+ malicious Google Groups and 3,500+ Google-hosted URLs used to spread the Lumma Stealer infostealing malware and a trojanized "Ninja Browser." The report details how attackers abuse trusted Google services to steal credentials and maintain persistence across Windows and Linux systems. | Virus | |
| 18.2.26 | Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware | Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to | Virus | The Hacker News |
| 18.2.26 | Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies | Cybersecurity researchers have disclosed that artificial intelligence (AI) assistants that support web browsing or URL fetching capabilities can be | Virus | The Hacker News |
| 18.2.26 | Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates | A new Android backdoor that's embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new | Virus | The Hacker News |
| 17.2.26 | SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer | Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context | Virus | The Hacker News |
| 17.2.26 | Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens | Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw | Virus | The Hacker News |
| 16.2.26 | New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft | Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to | Virus | The Hacker News |
| 15.2.26 | AMOS infostealer targets macOS through a popular AI app | AMOS infostealer is targeting macOS users by abusing popular AI apps and extension marketplaces to harvest credentials. Flare examines how AMOS operates, spreads through AI-driven lures, and feeds the broader stealer-log cybercrime economy. | Virus | |
| 14.2.26 | Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs | A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL . Google | Virus | The Hacker News |
| 13.2.26 | LummaStealer infections surge after CastleLoader malware campaigns | A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malwar | Virus | |
| 13.2.26 | UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors | A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns | Virus | The Hacker News |
| 13.2.26 | Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History | Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite | Virus | The Hacker News |
| 12.2.26 | ZeroDayRAT malware grants full access to Android, iOS devices | A new commercial mobile spyware platform dubbed ZeroDayRAT is being advertised to cybercriminals on Telegram as a tool that provides full remote control over compromised Android and iOS devices. | Virus | |
| 8.2.26 | DKnife Linux toolkit hijacks router traffic to spy, deliver malware | A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaigns. | Virus | |
| 7.2.26 | New GlassWorm attack targets macOS via compromised OpenVSX extensions | A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems. | Virus | |
| 6.2.26 | Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware | Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository | Virus | The Hacker News |
| 5.2.26 | Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign | Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management | Virus | The Hacker News |
| 5.2.26 | Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models | Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve | Virus | The Hacker News |
| 5.2.26 | DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files | Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever | Virus | The Hacker News |
| 4.2.26 | Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers | Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross- | Virus | The Hacker News |
| 3.2.26 | Hugging Face abused to spread thousands of Android malware variants | A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services. | Virus | |
| 3.2.26 | Google disrupts IPIDEA residential proxy networks fueled by malware | IPIDEA, one of the largest residential proxy networks used by threat actors, was disrupted earlier this week by Google Threat Intelligence Group (GTIG) in collaboration with industry partners. | Virus | |
| 3.2.26 | Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor | The Chinese espionage threat group Mustang Panda has updated its CoolClient backdoor to a new variant that can steal login data from browsers and monitor the clipboard. | Virus | |
| 3.2.26 | US charges 31 more suspects linked to ATM malware attacks | A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua. | Virus | |
| 3.2.26 | New malware service guarantees phishing extensions on Chrome web store | A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store. | Virus | |
| 3.2.26 | New ClickFix attacks abuse Windows App-V scripts to push malware | A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware. | Virus | |
| 3.2.26 | Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users | A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, | Virus | The Hacker News |
| 2.2.26 | eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware | The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been | Virus | The Hacker News |
| 2.2.26 | Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm | Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors | Virus | The Hacker News |
| 28.1.26 | Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks | Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to | Virus | The Hacker News |
| 28.1.26 | Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan | Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but | Virus | The Hacker News |
| 25.1.26 | US to deport Venezuelans who emptied bank ATMs using malware | South Carolina federal prosecutors announced that two Venezuelan nationals convicted of stealing hundreds of thousands of dollars from U.S. banks in an ATM jackpotting scheme will be deported after serving their sentences. | Virus | |
| 25.1.26 | New Android malware uses AI to click on hidden browser ads | A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements. | Virus | |
| 25.1.26 | VoidLink cloud malware shows clear signs of being AI-generated | The recently discovered cloud-focused VoidLink malware framework is believed to have been developed by a single person with the help of an artificial intelligence model. | Virus | |
| 25.1.26 | New PDFSider Windows malware deployed on Fortune 100 firm's network | Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems. | Virus | |
| 25.1.26 | Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware | A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. "The | Virus | The Hacker News |
| 22.1.26 | Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts | A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to | Virus | The Hacker News |
| 22.1.26 | VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code | The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with | Virus | The Hacker News |
| 20.1.26 | Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto | Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called | Virus | The Hacker News |
| 19.1.26 |
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures |
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension | Virus | The Hacker News |
| 19.1.26 |
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations |
Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC | Virus | The Hacker News |
| 18.1.26 | StealC hackers hacked as researchers hijack malware control panels | A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware allowed researchers to observe active sessions and gather intelligence on the attackers' hardware. | Virus | |
| 18.1.26 | Gootloader now uses 1,000-part ZIP archives for stealthy delivery | The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives. | Virus | |
| 18.1.26 | New VoidLink malware framework targets Linux cloud servers | A newly discovered advanced cloud-native Linux malware framework named VoidLink focuses on cloud environments, providing attackers with custom loaders, implants, rootkits, and plugins designed for modern infrastructures. | Virus | |
| 17.1.26 | GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection | The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. | Virus | The Hacker News |
| 17.1.26 | LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing | Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as | Virus | The Hacker News |
| 14.1.26 | PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces | The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between | Virus | The Hacker News |
| 14.1.26 | Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool | Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that's capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries , while masquerading as a tool to automate trading on the platform. | Virus | The Hacker News |
| 14.1.26 | New Advanced Linux VoidLink Malware Targets Cloud and container Environments | Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that's specifically designed for long-term, | Virus | The Hacker News |
| 14.1.26 | New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack | Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a | Virus | The Hacker News |
| 8.1.26 | Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages | Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT . The names of the | Virus | The Hacker News |
| 7.1.26 | Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches | A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick | Virus | The Hacker News |
| 7.1.26 | Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat | Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix -style lures to display fixes for fake blue | Virus | The Hacker News |
| 5.1.26 | New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code | Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of harvesting Discord | Virus | The Hacker News |
| 3.1.26 | New GlassWorm malware wave targets Macs with trojanized crypto wallets | A fourth wave of the "GlassWorm" campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. | Virus | |
| 3.1.26 | Chinese state hackers use rootkit to hide ToneShell malware activity | A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. | Virus | |
| 3.1.26 | Zoom Stealer browser extensions harvest corporate meeting intelligence | A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. | Virus | |
| 3.1.26 | Chinese state hackers use rootkit to hide ToneShell malware activity | A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. | Virus | |
| 3.1.26 | Hacker arrested for KMSAuto malware campaign with 2.8 million downloads | A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software. | Virus | |
| 3.1.26 | Fake MAS Windows activation domain used to spread PowerShell malware | A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader' | Virus | BleepingComputer |
| 2.1.26 | Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia | The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan | Virus | The Hacker News |