Malware Blog- 2026 2025 2024 2023 2022 2021 2020 2019 2018
APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
DATE | NAME | Info | CATEG. | WEB |
| 7.2.2026 | Malicious use of virtual machine infrastructure | Bulletproof hosting providers are abusing the legitimate ISPsystem infrastructure to supply virtual machines to cybercriminals | Malware blog | SOPHOS |
| 7.2.2026 | Inside a Multi-Stage Android Malware Campaign Leveraging RTO-Themed Social Engineering | In recent years, Android malware campaigns in India have increasingly abused the trust associated with government services and official digital platforms. By imitating well-known portals and leveraging social engineering through messaging applications, threat actors exploit user urgency and lack... | Malware blog | Seqrite |
| 7.2.2026 | Fake Installer: Ultimately, ValleyRAT infection | In this Threat Analysis Report, Cybereason explores the fake installer, ValleyRAT | Malware blog | Cybereason |
| 1.2.26 | ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell | Cyble uncovers ShadowHS, a stealthy fileless Linux framework running entirely in memory for covert, adaptive post‑exploitation control. | Malware blog | Cyble |
| 1.2.26 | PureRAT: Attacker Now Using AI to Build Toolset | Vietnam-based cybercrime actor appears to now be using AI to write scripts used in phishing campaigns | Malware blog | SECURITY.COM |
| 1.2.26 | njRAT: A Persistent Commodity Threat in the Modern Landscape | The SonicWall Capture Labs threat research team continues to monitor the activity of the infamous njRAT (also known as Bladabindi), a prolific Remote Access Trojan (RAT) that remains a staple in the toolkit of various threat actors. | Malware blog | SonicWall |
| 1.2.26 | KONNI Adopts AI to Generate PowerShell Backdoors | Check Point Research (CPR) identified an ongoing phishing campaign that we associate with KONNI, a North Korean–linked threat actor active since at least 2014. KONNI is best known for targeting organizations and individuals in South Korea, with a focus on diplomatic channels, international relations, NGOs, academia, and government. | Malware blog | |
| 1.2.26 | DynoWiper update: Technical analysis and attribution | ESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sector | Malware blog | Eset |
| 1.2.26 | Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan | ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation | Malware blog | Eset |
| 1.2.26 | ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 | Malware blog | Eset | |
| 24.1.26 | TamperedChef serves bad ads, with infostealers as the main course | Sophos X-Ops explores a malvertising campaign that leverages Google Ads to distribute an infostealer | Malware blog | SOPHOS |
| 24.1.26 | Inside a Multi-Stage Windows Malware Campaign | FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver ransomware. | Malware blog | FORTINET |
| 24.1.26 | Check Point Research is tracking an active phishing campaign involving KONNI, a North Korea-affiliated threat ... | Malware blog | ||
| 24.1.26 | Check Point Research has identified VoidLink, one of the first known examples of advanced malware ... | Malware blog | ||
| 24.1.26 | Weaponized WinRAR Exploitation and Stealth Deployment of Fileless .NET RAT | EXECUTIVE SUMMARY At CYFIRMA, we continuously monitor emerging threat techniques that abuse trusted software and routine user behavior to achieve stealthy system compromise. | Malware blog | Cyfirma |
| 24.1.26 | VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun | Check Point Research (CPR) believes a new era of AI-generated malware has begun. VoidLink stands as the first evidently documented case of this era, as a truly advanced malware framework authored almost entirely by artificial intelligence, likely under the direction of a single individual. | Malware blog | |
| 17.1.26 | New Remcos Campaign Distributed Through Fake Shipping Document | FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and in-memory execution. | Malware blog | FORTINET |
| 17.1.26 | Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl | FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value. | Malware blog | FORTINET |
| 17.1.26 | deVixor: An Evolving Android Banking RAT with Ransomware Capabilities Targeting Iran | Cyble analyzed deVixor, an advanced Android banking RAT with ransomware features actively targeting Iranian users. | Malware blog | |
| 17.1.26 | SOLYXIMMORTAL : PYTHON MALWARE ANALYSIS | EXECUTIVE SUMMARY SolyxImmortal is a Python-based Windows information-stealing malware that combines credential theft, document harvesting, keystroke logging, screen surveillance, | Malware blog | |
| 17.1.26 | Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response | Threat actors exploited Cloudflare's free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations. | Malware blog | |
| 17.1.26 | Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework | VoidLink is an advanced malware framework made up of custom loaders, implants, rootkits, and modular plugins designed to maintain long-term access to Linux systems. The framework includes multiple cloud-focused capabilities and modules, and is engineered to operate reliably in cloud and container environments over extended periods. | Malware blog | |
| 10.1.26 | Unpacking the packer ‘pkr_mtsi’ | This RL Researcher’s Notebook highlights the packer’s evolution — and offers a YARA rule to detect all versions. | Malware blog | REVERSINGLABS |
| 10.1.26 | Ladvix: Inside a Self-Propagating ELF Malware with IoT Botnet Traits | This week, the SonicWall Capture Labs Threat Research team analyzed a sample of a malicious ELF file infector that shares characteristics of IoT botnet malware. The sample demonstrates self-propagation capabilities, file system scanning, and selective infection mechanisms targeting other ELF binaries. | Malware blog | SonicWall |
| 10.1.26 | VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion | This article details our technical analysis of VVS stealer, also styled VVS $tealer, including its distributors’ use of obfuscation and detection evasion. | Malware blog | Palo Alto |