Virus List 2025 - 2026 2025 2024 2023 2021 2020 2019 2018 2017
DATE |
NAME |
Info |
CATEG. |
WEB |
| 31.12.25 | WebRAT malware spread via fake vulnerability exploits on GitHub | The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. | Virus | |
| 31.12.25 | Malicious extensions in Chrome Web store steal user credentials | Two Chrome extensions in the Web Store named 'Phantom Shuttle' are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. | Virus | |
| 31.12.25 | New MacSync malware dropper evades macOS Gatekeeper checks | The latest variant of the MacSync information stealer targeting macOS systems is delivered through a digitally signed, notarized Swift application. | Virus | |
| 31.12.25 | Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry | Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last | Virus | The Hacker News |
| 31.12.25 | Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware | The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT | Virus | The Hacker News |
| 31.12.25 | Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor | The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed | Virus | The Hacker News |
| 25.12.25 | New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper | Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that's delivered by means of a digitally signed, notarized Swift application | Virus | The Hacker News |
| 23.12.25 | Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale | Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile | Virus | The Hacker News |
| 21.12.25 | France arrests Latvian for installing malware on Italian ferry | French authorities arrested two crew members of an Italian passenger ferry suspected of infecting the ship with malware that could have enabled them to remotely control the vessel. | Virus | |
| 20.12.25 | Cellik Android malware builds malicious versions from Google Play apps | A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed it in any app available on the Google Play Store. | Virus | |
| 20.12.25 | New SantaStealer malware steals data from browsers, crypto wallets | A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. | Virus | |
| 20.12.25 | Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware | Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and | Virus | The Hacker News |
| 18.12.25 | Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App | The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on | Virus | The Hacker News |
| 17.12.25 | China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware | The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia | Virus | The Hacker News |
| 17.12.25 | GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads | A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate | Virus | The Hacker News |
| 15.12.25 | Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector | Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer | Virus | The Hacker News |
| 14.12.25 | Fake ‘One Battle After Another’ torrent hides malware in subtitles | A fake torrent for Leonardo DiCaprio's 'One Battle After Another' hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware. | Virus | |
| 14.12.25 | Notepad++ fixes flaw that let attackers push malicious update files | Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of legitimate update packages. | Virus | |
| 14.12.25 | Malicious VSCode Marketplace extensions hid trojan in fake PNG file | A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders. | Virus | |
| 14.12.25 | Google ads for shared ChatGPT, Grok guides push macOS infostealer malware | A new AMOS infostealer campaign is abusing Google search ads to lure users into Grok and ChatGPT conversations that appear to offer "helpful" instructions but ultimately lead to installing the AMOS info-stealing malware on macOS. | Virus | BleepingComputer |
| 14.12.25 | New DroidLock malware locks Android devices and demands a ransom | A new Android malware called DroidLock has emerged with capabilities to lock screens for ransom payments, erase data, access text messages, call logs, contacts, and audio data. | Virus | |
| 13.12.25 | North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks | A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. | Virus | |
| 13.12.25 | Malicious VSCode extensions on Microsoft's registry drop infostealers | Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing malware that can take screenshots, steal credentials, and hijack browser sessions. | Virus | |
| 12.12.25 | NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems | Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) | Virus | The Hacker News |
| 12.12.25 | WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor | An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020 . Palo Alto Networks Unit 42 is tracking the activity cluster under the name Ashen Lepus . | Virus | The Hacker News |
| 12.12.25 | React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors | React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency | Virus | The Hacker News |
| 10.12.25 | North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware | Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical React2Shell security flaw in React Server Components (RSC) to deliver a | Virus | The Hacker News |
| 10.12.25 | Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure | Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader , strengthening the previous assessment that the tool is offered to other | Virus | The Hacker News |
| 9.12.25 | Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data | Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer | Virus | The Hacker News |
| 9.12.25 | Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT | Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a | Virus | The Hacker News |
| 8.12.25 | Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features | Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher , as another upgraded version of ClayRat has been | Virus | The Hacker News |
| 7.12.25 | Predator spyware uses new infection vector for zero-click attacks | The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed "Aladdin" that compromised specific targets when simply viewing a malicious advertisement. | Virus | |
| 7.12.25 | CISA warns of Chinese "BrickStorm" malware attacks on VMware servers | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. | Virus | |
|
6.12.25 |
Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets | The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories. | Virus | |
|
6.12.25 |
Glassworm malware returns in third wave of malicious VS Code packages | The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. | Virus | |
|
6.12.25 |
SmartTube YouTube app for Android TV breached to push malicious update | The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users. | Virus | |
| 5.12.25 | Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery | A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the | Virus | The Hacker News |
| 5.12.25 | CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored | Virus | The Hacker News |
| 5.12.25 | Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China | The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine | Virus | The Hacker News |
| 4.12.25 | Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud | The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and | Virus | The Hacker News |
| 3.12.25 | Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems | Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to | Virus | The Hacker News |
| 3.12.25 | GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools | The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating | Virus | The Hacker News |
| 2.12.25 | ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware | A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions | Virus | The Hacker News |
| 2.12.25 | New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control | A new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a "full spectrum" of features to facilitate on-device fraud (ODF), screen | Virus | The Hacker News |
| 29.11.25 | Malicious Blender model files deliver StealC infostealing malware | A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. | Virus | |
| 29.11.25 | Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub | Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. | Virus | |
| 28.11.25 | Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan | The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. | Virus | The Hacker News |
| 26.11.25 | RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware | The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. | Virus | The Hacker News |
| 25.11.25 | JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers | Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious | Virus | The Hacker News |
| 25.11.25 | Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware | Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2 . "This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader," Morphisec researcher Shmuel Uzan said in a report shared with The Hacker News. | Virus | The Hacker News |
| 24.11.25 | ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access | A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad. "The attacker | Virus | The Hacker News |
| 23.11.25 | Multi-threat Android malware Sturnus steals Signal, WhatsApp messages | A new Android banking trojan named Sturnus can capture communication from end-to-end encrypted messaging platforms like Signal, WhatsApp, and Telegram, as well as take complete control of the device. | Virus | |
| 20.11.25 | Malicious NPM packages abuse Adspect redirects to evade security | Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate researchers from potential victims and lead them to malicious locations. | Virus | |
| 20.11.25 | RondoDox botnet malware now hacks servers using XWiki flaw | The RondoDox botnet malware is now exploiting a critical remote code execution (RCE) flaw in XWiki Platform tracked as CVE-2025-24893. | Virus | |
| 20.11.25 | New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices | Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. "A | Virus | The Hacker News |
| 20.11.25 | TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign | Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed | Virus | The Hacker News |
| 19.11.25 | Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices | Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based | Virus | The Hacker News |
| 19.11.25 | EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates | The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary- | Virus | The Hacker News |
| 18.11.25 | Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks | Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at | Virus | The Hacker News |
| 18.11.25 | New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT | Cybersecurity researchers have discovered malware campaigns using the now-prevalent ClickFix social engineering tactic to deploy Amatera Stealer and NetSupport RAT . The | Virus | The Hacker News |
| 16.11.25 | Decades-old ‘Finger’ protocol abused in ClickFix malware attacks | The decades-old "finger" command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. | Virus | |
| 16.11.25 | Google backpedals on new Android developer registration rules | Google is backpedaling on its decision to introduce new identity verification rules for all developers, stating that it will also introduce accounts for limited app distribution and will allow users to install apps from unverified devs. | Virus | |
| 16.11.25 | Popular Android-based photo frames download malware on boot | Uhale Android-based digital picture frames come with multiple critical security vulnerabilities and some of them download and execute malware at boot time. | Virus | |
| 16.11.25 | DanaBot malware is back to infecting Windows after 6-month break | The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement's Operation Endgame disrupted its activity in May. | Virus | |
| 16.11.25 | RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet | The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code | Virus | The Hacker News |
| 15.11.25 | Rhadamanthys infostealer disrupted as cybercriminals lose server access | The Rhadamanthys infostealer operation has been disrupted, with numerous "customers" of the malware-as-a-service reporting that they no longer have access to their servers. | Virus | |
| 13.11.25 | Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown | Malware families like Rhadamanthys Stealer , Venom RAT , and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust. | Virus | The Hacker News |
| 12.11.25 | WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks | Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via | Virus | The Hacker News |
| 12.11.25 | GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites | The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said | Virus | The Hacker News |
| 11.11.25 | Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories | Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " @actions/artifact " package with the | Virus | The Hacker News |
| 11.11.25 | Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers | Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that's sold on Russian-speaking Telegram channels under a | Virus | The Hacker News |
| 10.11.25 | Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware | Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their | Virus | The Hacker News |
| 10.11.25 | GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs | Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the | Virus | The Hacker News |
| 9.11.25 | GlassWorm malware returns on OpenVSX with 3 new VSCode extensions | The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over 10,000 times. | Virus | |
| 9.11.25 | ClickFix malware attacks evolve with multi-OS support, video tutorials | ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure targets into taking risky actions, and automatic detection of the operating system to provide the correct commands. | Virus | |
| 9.11.25 | Sandworm hackers use data wipers to disrupt Ukraine's grain sector | Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine's education, government, and the grain sector, the country's main revenue source. | Virus | |
| 9.11.25 | Gootloader malware is back with new tricks after 7-month break | The Gootloader malware loader operation has returned after a 7-month absence and is once again performing SEO poisoning to promote fake websites that distribute the malware. | Virus | |
| 9.11.25 | Malicious Android apps on Google Play downloaded 42 million times | Hundreds of malicious Android apps on Google Play were downloaded more than 40 million times between June 2024 and May 2025, notes a report from cloud security company Zscaler. | Virus | |
| 8.11.25 | Russian hackers abuse Hyper-V to hide malware in Linux VMs | The Russian hacker group Curly COMrades is abusing Microsoft Hyper-V in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine to run malware. | Virus | |
| 8.11.25 | Fake Solidity VSCode extension on Open VSX backdoors developers | A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker. | Virus | |
| 8.11.25 | Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks | Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. | Virus | |
| 7.11.25 | Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation | A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. | Virus | The Hacker News |
| 7.11.25 | Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine | A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The | Virus | The Hacker News |
| 6.11.25 | Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly | Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini | Virus | The Hacker News |
| 4.11.25 | Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel | Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) | Virus | The Hacker News |
| 3.11.25 | Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data | Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised | Virus | The Hacker News |
| 3.11.25 | New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea | The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack | Virus | The Hacker News |
| 3.11.25 | Open VSX rotates access tokens used in supply-chain malware attack | The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted supply-chain attack. | Virus | |
| 3.11.25 | Australia warns of BadCandy infections on unpatched Cisco devices | The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell. | Virus | |
| 3.11.25 | Alleged Meduza Stealer malware admins arrested after hacking Russian org | The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. | Virus | |
| 3.11.25 | Massive surge of NFC relay malware steals Europeans’ credit cards | Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people's payment card information in the past few months. | Virus | |
| 2.11.25 | Malicious NPM packages fetch infostealer for Windows, Linux, macOS | Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. | Virus | |
| 1.11.25 | New Atroposia malware comes with a local vulnerability scanner | A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. | Virus | |
| 1.11.25 | New Herodotus Android malware fakes human typing to avoid detection | A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software. | Virus | |
| 1.11.25 | Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack | A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it's | Virus | The Hacker News |
| 30.10.25 | PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs | Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal | Virus | The Hacker News |
| 29.10.25 | 10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux | Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems. | Virus | The Hacker News |
| 29.10.25 | New Android Trojan 'Herodotus' Outsmarts Anti-Fraud Systems by Typing Like a Human | Cybersecurity researchers have disclosed details of a new Android banking trojan called Herodotus that has been observed in active campaigns targeting Italy and Brazil to conduct | Virus | The Hacker News |
| 29.10.25 | Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains | Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire . According to | Virus | The Hacker News |
| 27.10.25 | Hackers steal Discord accounts with RedTiger-based infostealer | Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. | Virus | |
| 26.10.25 | Vidar Stealer 2.0 adds multi-threaded data theft, better evasion | The operators of Vidar Stealer, one of the most successful malware-as-a-service (MaaS) operations of the past decade, have released a new major version to reflect massive improvements in the malware. | Virus | |
| 25.10.25 | Russian hackers evolve malware pushed in "I am not a robot" captchas | The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks. | Virus | |
| 25.10.25 | Self-spreading GlassWorm malware hits OpenVSX, VS Code registries | A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm that has been installed an estimated 35,800 times. | Virus | |
| 25.10.25 | 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation | A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust | Virus | The Hacker News |
| 25.10.25 | Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack | Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension | Virus | |
| 22.10.25 | PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign | Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge . PolarEdge was first documented by Sekoia in February 2025, attributing it to a | Virus | The Hacker News |
| 21.10.25 | Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers | A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased | Virus | The Hacker News |
| 20.10.25 | New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs | Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware | Virus | |
| 20.10.25 | Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT | The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with | Virus | |
| 19.10.25 | Google ads for fake Homebrew, LogMeIn sites push infostealers | A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey. | Virus | |
| 19.10.25 | Malicious crypto-stealing VSCode extensions resurface on OpenVSX | A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and plant backdoors. | Virus | |
| 18.10.25 | New Android spyware ClayRat imitates WhatsApp, TikTok, YouTube | A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. | Virus | |
| 17.10.25 | North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts | A threat actor with ties to the Democratic People's Republic of Korea (aka North Korea) has been observed leveraging the EtherHiding technique to distribute malware and enable | Virus | |
| 17.10.25 | LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets | An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro , according | Virus | The Hacker News |
| 16.10.25 | Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year | Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per | Virus | |
| 16.10.25 | npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels | Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to | Virus | |
| 16.10.25 | Researchers Expose TA585's MonsterV2 Malware Capabilities and Attack Chain | Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via | Virus | |
|
13.10.25 |
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns | Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the | Virus | |
|
13.10.25 |
New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs | Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary | Virus | |
|
12.10.25 |
From infostealer to full RAT: dissecting the PureRAT attack chain | Researchers map a campaign that escalated from a Python infostealer to a full PureRAT backdoor — loaders, evasions, and TLS-pinned C2. Join Huntress Labs' Tradecraft Tuesday for deep technical walkthroughs and live IOC guidance on the latest cybersecurity topics. | Virus | |
|
11.10.25 |
XWorm malware resurfaces with ransomware module, over 35 plugins | New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project last year. | Virus | |
|
11.10.25 |
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers | Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute | Virus | |
|
10.10.25 |
New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps | A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like | Virus | |
|
8.10.25 |
BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers | A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals | Virus | |
|
8.10.25 |
XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities | Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. | Virus | |
|
5.10.25 |
Android spyware campaigns impersonate Signal and ToTok messengers | Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok messaging apps to steal sensitive data. | Virus | |
|
5.10.25 |
Android malware uses VNC to give attackers hands-on access | A new Android banking and remote access trojan (RAT) dubbed Klopatra disguised as an IPTV and VPN app has infected more than 3,000 devices across Europe. | Virus | |
|
5.10.25 |
F-Droid project threatened by Google's new dev registration rules | F-Droid is warning that the project could reach an end due to Google's new requirements for all Android developers to verify their identity. | Virus | |
| 4.10.25 | Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer | A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That's according to findings from Infoblox, which | Virus | The Hacker News |
| 4.10.25 | Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads | The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been | Virus | The Hacker News |
| 3.10.25 | Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL | Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging app WhatsApp. The campaign, codenamed SORVEPOTEL by Trend | Virus | The Hacker News |
| 3.10.25 | New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT | A threat actor that's known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and | Virus | The Hacker News |
| 3.10.25 | Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware | The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. "Over the past | Virus | The Hacker News |
| 3.10.25 | Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown | Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also | Virus | The Hacker News |
| 3.10.25 | Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro | Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab | Virus | The Hacker News |
| 3.10.25 | New Android Banking Trojan "Klopatra" Uses Hidden VNC to Control Infected Smartphones | A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud | Virus | The Hacker News |
| 3.10.25 | Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT. The activity, observed in | Virus | The Hacker News |
| 3.10.25 | New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events | Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover ( DTO ) attacks and perform fraudulent | Virus | The Hacker News |
| 28.9.25 | Fake Microsoft Teams installers push Oyster malware via malvertising | Hackers have been spotted using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect Windows devices with the Oyster backdoor, providing initial access to corporate networks. | Virus | |
| 27.9.25 | SonicWall releases SMA100 firmware update to wipe rootkit malware | SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. | Virus | |
| 27.9.25 | NPM package caught using QR Code to fetch cookie-stealing malware | Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this innovative steganographic technique to harvest sensitive data, such as user credentials, from a compromised machine. | Virus | |
| 27.9.25 | LastPass: Fake password managers infect Mac users with malware | LastPass is warning users of a campaign that targets macOS users with malicious software impersonating popular products delivered through fraudulent GitHub repositories. | Virus | |
| 27.9.25 | China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks | Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware | Virus | The Hacker News |
| 27.9.25 | Researchers Expose Phishing Threats Distributing CountLoader and PureRAT | A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader , which is then used to drop Amatera Stealer and PureMiner . | Virus | The Hacker News |
| 26.9.25 | New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module | Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks. "This new variant of XCSSET | Virus | The Hacker News |
| 26.9.25 | Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network | The threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to | Virus | The Hacker News |
| 24.9.25 | New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus | Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share "significant" source code overlaps with IcedID and Latrodectus . | Virus | The Hacker News |
| 23.9.25 | BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells | Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in | Virus | The Hacker News |
| 21.9.25 | SystemBC malware turns infected VPS systems into proxy highway | The operators of the SystemBC proxy botnet are hunting for vulnerable commercial virtual private servers (VPS) and maintain an average of 1,500 bots every day that provide a highway for malicious traffic. | Virus | |
| 20.9.25 | From ClickFix to MetaStealer: Dissecting Evolving Threat Actor Techniques | ClickFix isn't just back—it's mutating. New variants use fake CAPTCHAs, File Explorer tricks & MSI lures to drop MetaStealer. Stay ahead with Huntress' Tradecraft Tuesday threat briefings. | Virus | |
| 20.9.25 | Google nukes 224 Android malware apps behind massive ad fraud campaign | A massive Android ad fraud operation dubbed "SlopAds" was disrupted after 224 malicious applications on Google Play were used to generate 2.3 billion ad requests per day. | Virus | |
| 20.9.25 | New FileFix attack uses steganography to drop StealC malware | A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing the StealC infostealer malware. | Virus | |
| 20.9.25 | LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer | LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs | Virus | The Hacker News |
| 18.9.25 | CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader | Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like | Virus | The Hacker News |
| 18.9.25 | SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers | Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on | Virus | The Hacker News |
| 16.9.25 | New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site | Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the StealC information | Virus | The Hacker News |
| 15.9.25 | HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks | Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. "The | Virus | The Hacker News |
| 14.9.25 | Apple warns customers targeted in recent spyware attacks | Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR). | Virus | |
| 11.9.25 | AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto | Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management | Virus | The Hacker News |
| 10.9.25 | CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems | Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access | Virus | The Hacker News |
| 9.9.25 | RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities | A new Android malware called RatOn has evolved from a basic tool capable of conducting Near Field Communication ( NFC ) relay attacks to a sophisticated | Virus | The Hacker News |
| 9.9.25 | From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks | Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called | Virus | The Hacker News |
| 9.9.25 | GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms | Cybersecurity researchers have detailed a new sophisticated malware campaign that leverages paid ads on search engines like Google to deliver malware to | Virus | The Hacker News |
| 7.9.25 | Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide | Bitdefender Labs warns that cybercriminals are doubling down on spreading malware through Meta’s advertising system. | Virus | BITDEFENDER |
| 6.9.25 | Brokewell Android malware delivered through fake TradingView ads | Cybercriminals are abusing Meta's advertising platforms with fake offers of a free TradingView Premium app that spreads the Brokewell malware for Android. | Virus | |
| 6.9.25 | TamperedChef infostealer delivered through fraudulent PDF Editor | Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef. | Virus | |
| 5.9.25 | TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations | The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as | Virus | The Hacker News |
| 5.9.25 | GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module | Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 | Virus | The Hacker News |
| 4.9.25 | Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control | Cybersecurity researchers have disclosed a stealthy new backdoor called MystRodX that comes with a variety of features to capture sensitive data from compromised | Virus | The Hacker News |
| 2.9.25 | Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets | Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency | Virus | The Hacker News |
| 2.9.25 | Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans | Cybersecurity researchers are calling attention to a new shift in the Android malware landscape where dropper apps, which are typically used to deliver banking | Virus | The Hacker News |
| 30.8.25 | Malicious Android apps with 19M installs removed from Google Play | Seventy-seven malicious Android apps containing different types of malware were found on Google Play after being downloaded more than 19 million times. | Virus | |
| 30.8.25 | New Android malware poses as antivirus from Russian intelligence agency | A new Android malware posing as an antivirus tool software created by Russia's Federal Security Services agency (FSB) is being used to target executives of Russian businesses. | Virus | |
| 30.8.25 | Fake Mac fixes trick users into installing new Shamos infostealer | A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. | Virus | |
| 27.8.25 | Blind Eagle's Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra | Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. | Virus | The Hacker News |
| 27.8.25 | MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers | Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that's targeting supply chain-critical manufacturing companies with an in- | Virus | The Hacker News |
| 26.8.25 | Google to Verify All Android Developers in 4 Countries to Block Malicious Apps | Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the | Virus | The Hacker News |
| 24.8.25 | Fake Mac fixes trick users into installing new Shamos infostealer | A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. | Virus | |
| 23.8.25 | XenoRAT malware campaign hits multiple embassies in South Korea | A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. | Virus | |
| 23.8.25 | ERMAC Android malware source code leak exposes banking trojan infrastructure | The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator's infrastructure. | Virus | |
| 22.8.25 | Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection | Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell . The "Linux- | Virus | The Hacker News |
| 22.8.25 | Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages | Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. | Virus | The Hacker News |
| 21.8.25 | Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger | Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of | Virus | The Hacker News |
| 20.8.25 | Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems | Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper | Virus | The Hacker News |
| 19.8.25 | New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code | Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT | Virus | The Hacker News |
| 19.8.25 | PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks | The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain | Virus | The Hacker News |
| 19.8.25 | Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures | The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in | Virus | The Hacker News |
| 19.8.25 | Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks | Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. | Virus | The Hacker News |
| 17.8.25 | ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure | Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators' | Virus | The Hacker News |
| 14.8.25 | Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon's Reach to Linux and macOS | Japan's CERT coordination center (JPCERT/CC) on Thursday revealed it observed incidents that involved the use of a command-and-control (C2) framework called | Virus | The Hacker News |
| 14.8.25 | New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits | Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay attacks for facilitating | Virus | The Hacker News |
| 14.8.25 | New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks | Cybersecurity researchers have discovered a new malvertising campaign that's designed to infect victims with a multi-stage malware framework called PS1Bot . | Virus | The Hacker News |
| 12.8.25 | SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others | The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and | Virus | The Hacker News |
| 12.8.25 | Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes | Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute | Virus | The Hacker News |
| 08.08.25 | Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes | Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute | Virus | The Hacker News |
| 08.08.25 | SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others | The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and | Virus | The Hacker News |
| 06.08.25 | ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections | A combination of propagation methods, narrative sophistication, and evasion techniques enabled the social engineering tactic known as ClickFix to take off the | Virus | The Hacker News |
| 05.08.25 | PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads | Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily | Virus | The Hacker News |
| 05.08.25 | New 'Plague' PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft | Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. "The implant is built | Virus | The Hacker News |
| 03.08.25 | New 'Plague' PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft | Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. "The implant is built | Virus | The Hacker News |
| 03.08.25 | CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign | Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over | Virus | The Hacker News |
| 25.7.25 | Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor | Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data | Virus | The Hacker News |
| 25.7.25 | Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks | Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver | Virus | The Hacker News |
| 25.7.25 | Lumma infostealer malware returns after law enforcement disruption | The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. | Virus | |
| 25.7.25 | Coyote malware abuses Windows accessibility framework for data theft | A new variant of the banking trojan 'Coyote' has begun abusing a Windows accessibility feature, Microsoft's UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. | Virus | |
| 25.7.25 | CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing | Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various | Virus | The Hacker News |
| 24.7.25 | Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access | Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent | Virus | The Hacker News |
| 24.7.25 | New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials | The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to | Virus | The Hacker News |
| 24.7.25 | Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages | Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply | Virus | The Hacker News |
| 23.7.25 | Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate | Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as part of a long-running campaign. The | Virus | The Hacker News |
| 20.7.25 | Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack | Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project | Virus | The Hacker News |
| 20.7.25 | Arch Linux pulls AUR packages that installed Chaos RAT malware | Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. | Virus | |
| 20.7.25 | Microsoft Teams voice calls abused to push Matanbuchus malware | The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. | Virus | |
| 20.7.25 | SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware | A threat actor has been deploying a previously unseen malware called OVERSTEP that modifies the boot process of fully-patched but no longer supported SonicWall Secure Mobile Access appliances. | Virus | |
| 18.7.25 | North Korean XORIndex malware hidden in 67 malicious npm packages | North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. | Virus | BleepingComputer |
| 18.7.25 | Android malware Konfety uses malformed APKs to evade detection | A new variant of the Konfety Android malware emerged with a malformed ZIP structure along with other obfuscation methods that allow it to evade analysis and detection. | Virus | |
| 18.7.25 | Interlock ransomware adopts new FileFix attack to push malware | Hackers have adopted the new technique called 'FileFix' in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems. | Virus | |
| 17.7.25 | Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor | Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances | Virus | Cloud.google |
| 17.7.25 | Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms | Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and | Virus | The Hacker News |
| 17.7.25 | UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit | A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a | Virus | The Hacker News |
| 17.7.25 | New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code | Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to | Virus | The Hacker News |
| 16.7.25 | State-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian Governments | Governmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented | Virus | The Hacker News |
| 16.7.25 | AsyncRAT's Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe | Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT , which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. | Virus | The Hacker News |
| 15.7.25 | New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries | Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread | Virus | The Hacker News |
| 13.7.25 | WordPress Gravity Forms developer hacked to push backdoored plugins | The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers from the official website were infected with a backdoor. | Virus | |
| 13.7.25 | Treasury sanctions North Korean over IT worker malware scheme | The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea's hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime. | Virus | BleepingComputer |
| 11.7.25 | New Android TapTrap attack fools users with invisible UI trick | A novel tapjacking technique can exploit user interface animations to bypass Android's permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device. | Virus | BleepingComputer |
| 11.7.25 | Android malware Anatsa infiltrates Google Play to target US banks | The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads. | Virus | |
| 11.7.25 | Malicious Chrome extensions with 1.7M installs found on Web Store | Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. | Virus | |
| 11.7.25 | Atomic macOS infostealer adds backdoor for persistent attacks | Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems. | Virus | |
| 11.7.25 | 'Batavia' Windows spyware campaign targets dozens of Russian orgs | A previously undocumented spyware called 'Batavia' has been targeting large industrial enterprises in Russia in a phishing email campaign that uses contract-related lures. | Virus | |
| 11.7.25 | Hackers abuse leaked Shellter red team tool to deploy infostealers | Shellter Project, the vendor of a commercial AV/EDR evasion loader for penetration testing, confirmed that hackers used its Shellter Elite product in attacks after a customer leaked a copy of the software. | Virus | |
| 10.7.25 | New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App | Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions | Virus | The Hacker News |
| 9.7.25 | Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware | In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming | Virus | The Hacker News |
| 9.7.25 | Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play | Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using | Virus | The Hacker News |
| 8.7.25 | Malicious Pull Request Infects 6,000+ Developers via Vulnerable Ethcode VS Code Extension | Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a | Virus | The Hacker News |
| 8.7.25 | Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms | Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, | Virus | The Hacker News |
| 8.7.25 | SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools | Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization ( SEO ) poisoning techniques to deliver a known | Virus | The Hacker News |
| 8.7.25 | TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors | A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan (RAT) | Virus | The Hacker News |
| 5.7.25 | NimDoor crypto-theft macOS malware revives itself when killed | NimDoor crypto-theft macOS malware revives itself when killed | Virus | BleepingComputer |
| 5.7.25 | New FileFix attack runs JScript while bypassing Windows MoTW alerts | A new FileFix attack allows executing malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows by exploiting how browsers handle saved HTML webpages. | Virus | |
| 4.7.25 | Google Ordered to Pay $314M for Misusing Android Users' Cellular Data Without Permission | Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when they | Virus | The Hacker News |
| 4.7.25 | Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams | A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps | Virus | The Hacker News |
| 3.7.25 | North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign | Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming | Virus | The Hacker News |
| 1.7.25 | Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks | The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66 . Trustwave SpiderLabs, | Virus | The Hacker News |
| 29.6.25 | Hackers turn ScreenConnect into malware using Authenticode stuffing | Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client's Authenticode signature. | Virus | |
| 28.6.25 | GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool | The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent | Virus | The Hacker News |
| 28.6.25 | New wave of ‘fake interviews’ use 35 npm packages to spread malware | New wave of ‘fake interviews’ use 35 npm packages to spread malware | Virus | |
| 27.6.25 | PUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific Attack | A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear- | Virus | The Hacker News |
| 27.6.25 | Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit | A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the | Virus | The Hacker News |
| 27.6.25 | OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors | Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke | Virus | The Hacker News |
| 26.6.25 | Malware on Google Play, Apple App Store stole your photos—and crypto | A new mobile crypto-stealing malware called SparkKitty was found in apps on Google Play and the Apple App Store, targeting Android and iOS devices. | Virus | |
| 24.6.25 | XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks | Cybersecurity researchers have uncovered a Go-based malware called XDigo that has been used in attacks targeting Eastern European governmental entities in | Virus | The Hacker News |
| 23.6.25 | Godfather Android malware now uses virtualization to hijack banking apps | A new version of the Android malware "Godfather" creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps. | Virus | |
| 22.6.25 | 'Stargazers' use fake Minecraft mods to steal player passwords | A large-scale malware campaign specifically targets Minecraft players with malicious mods and cheats that infect Windows devices with infostealers that steal credentials, authentication tokens, and cryptocurrency wallets. | Virus | BleepingComputer |
| 20.6.25 | 200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers | Cybersecurity researchers have uncovered a new campaign in which the threat actors have published more than 67 GitHub repositories that claim to offer Python- | Virus | The Hacker News |
| 20.6.25 | New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft | Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique | Virus | The Hacker News |
| 20.6.25 | New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains | A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails. | Virus | The Hacker News |
| 20.6.25 | 1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub | A new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs a distribution-as-service (DaaS) offering called | Virus | The Hacker News |
| 18.6.25 | Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign | Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage | Virus | The Hacker News |
| 15.6.25 | Graphite spyware used in Apple iOS zero-click attacks on journalists | Forensic investigation has confirmed the use of Paragon's Graphite spyware platform in zero-click attacks that targeted Apple iOS devices of at least two journalists in Europe. | Virus | BleepingComputer |
| 14.6.25 | DanaBot malware operators exposed via C2 bug added in 2022 | A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action | Virus | BleepingComputer |
| 14.6.25 | Malware found in NPM packages with 1 million weekly downloads | A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). | Virus | |
| 14.6.25 | Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets | A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. | Virus | The Hacker News |
| 14.6.25 | Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month | Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript | Virus | The Hacker News |
| 13.6.25 | WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network | The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that | Virus | The Hacker News |
| 11.6.25 | Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users | Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that's being propagated via fraudulent | Virus | The Hacker News |
| 10.6.25 | New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally | Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, | Virus | The Hacker News |
| 8.6.25 | Malicious Browser Extensions Infect 722 Users Across Latin America Since Early 2025 | Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data. | Virus | The Hacker News |
| 8.6.25 | Malicious npm packages posing as utilities delete project directories | Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. | Virus | |
| 8.6.25 | New PathWiper data wiper malware hits critical infrastructure in Ukraine | A new data wiper malware named 'PathWiper' is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country | Virus | BleepingComputer |
| 8.6.25 | FBI: BADBOX 2.0 Android malware infects millions of consumer devices | The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. | Virus | BleepingComputer |
| 8.6.25 | How to build a robust Windows service to block malware and ransomware | Designing a security-focused Windows Service? Learn more from ThreatLocker about the core components for real-time monitoring, threat detection, and system hardening to defend against malware and ransomware. | Virus | BleepingComputer |
| 8.6.25 | US offers $10M for tips on state hackers tied to RedLine malware | The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected creator, Russian national Maxim Alexandrovich Rudometov. | Virus | |
| 7.6.25 | Hacker targets other hackers and gamers with backdoored GitHub code | A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub that contain hidden backdoors to give the threat actor remote access to infected devices. | Virus | BleepingComputer |
| 7.6.25 | New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users | Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information | Virus | The Hacker News |
| 6.6.25 | Malicious RubyGems pose as Fastlane to steal Telegram API data | Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. | Virus | BleepingComputer |
| 6.6.25 | Android malware Crocodilus adds fake contacts to spoof trusted callers | The latest version of the 'Crocodilus' Android malware has introduced a new mechanism that adds a fake contact on the infected device's contact list to deceive victims. | Virus | BleepingComputer |
| 6.6.25 | New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack | A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. | Virus | The Hacker News |
| 4.6.25 | Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads | Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux | Virus | The Hacker News |
| 4.6.25 | Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks | Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase | Virus | The Hacker News |
| 4.6.25 | Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack | Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their | Virus | The Hacker News |
| 3.6.25 | Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets | A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South | Virus | The Hacker News |
| 30.5.24 | EDDIESTEALER Malware Uses ClickFix CAPTCHA to Steal Browser Data Across All Platforms | A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated | Virus | The Hacker News |
| 29.5.24 | New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers | Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings | Virus | The Hacker News |
| 28.5.24 | From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign | Stealer malware no longer just steals passwords. In 2025, it steals live sessions—and attackers are moving faster and more efficiently than ever. While many | Virus | The Hacker News |
| 28.5.24 | New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency | Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet. The attacks, | Virus | The Hacker News |
| 28.5.24 | Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets | Cybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into | Virus | The Hacker News |
| 27.5.24 | Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto | As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS | Virus | The Hacker News |
| 27.5.24 | Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware | Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to | Virus | The Hacker News |
| 25.5.24 | Bumblebee malware distributed via Zenmap, WinMRT SEO poisoning | The Bumblebee SEO poisoning campaign uncovered earlier this week abusing the RVTools brand is using more typosquatting domains mimicking other popular open-source projects. | Virus | BleepingComputer |
| 25.5.24 | Dozens of malicious packages on NPM collect host and network data | 60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. | Virus | BleepingComputer |
| 24.5.24 | Lumma infostealer malware operation disrupted, 2,300 domains seized | Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains, part of its infrastructure backbone worldwide. | Virus | |
| 24.5.24 | Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs | A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. | Virus | |
| 24.5.24 | SK Telecom says malware breach lasted 3 years, impacted 27 million numbers | SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers. | Virus | |
| 24.5.24 | Hazy Hawk gang exploits DNS misconfigs to hijack trusted domains | A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS). | Virus | |
| 24.5.24 | Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique | The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. | Virus | The Hacker News |
| 23.5.24 | Trojanized RVTools push Bumblebee malware in SEO poisoning campaign | The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack that distributed a trojanized installer to drop the Bumblebee malware loader on users' machines. | Virus | BleepingComputer |
| 23.5.24 | CrowdStrike Collaborates with U.S. Department of Justice on DanaBot Takedown | Sixteen defendants were federally charged in connection with the DanaBot malware scheme that infected computers worldwide | Virus | CROWDSTRIKE |
| 23.5.24 | Inside DanaBot’s Infrastructure: In Support of Operation Endgame II | DanaBot first emerged in 2018 as a banking trojan but has since evolved into a versatile and persistent threat. While it initially focused on financial credential theft, it is now used for a range of purposes including information stealing and establishing access for follow-on activity such as ransomware. | Virus | Lumen |
| 21.5.24 | PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms | Russian organizations have become the target of a phishing campaign that distributes malware called PureRAT, according to new findings from Kaspersky. | Virus | The Hacker News |
| 20.5.24 | Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization | Threat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi | Virus | The Hacker News |
| 20.5.24 | Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse | Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that's targeting publicly accessible Redis servers. The malicious activity | Virus | The Hacker News |
| 20.5.24 | RVTools Official Site Hacked to Deliver Bumblebee Malware via Trojanized Installer | The official site for RVTools has been hacked to serve a compromised installer for the popular VMware environment reporting utility. "Robware.net and RVTools.com | Virus | The Hacker News |
| 18.5.24 | Printer maker Procolored offered malware-laced drivers for months | For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer. | Virus | BleepingComputer |
| 18.5.24 | Malicious NPM package uses Unicode steganography to evade detection | A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location. | Virus | |
| 16.5.24 | Hackers now testing ClickFix attacks against Linux targets | A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible. | Virus | BleepingComputer |
| 16.5.24 | iClicker site hack targeted students with malware via fake CAPTCHA | The website of iClicker, a popular student engagement platform, was compromised in a ClickFix attack that used a fake CAPTCHA prompt to trick students and instructors into installing malware on their devices. | Virus | BleepingComputer |
| 16.5.24 | Malicious PyPi package hides RAT malware, targets Discord devs since 2022 | A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. | Virus | |
| 16.5.24 | Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks | Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called | Virus | The Hacker News |
| 15.5.24 | Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper | Cybersecurity researchers have discovered a malicious package named "os-info-checker-es6" that disguises itself as an operating system information utility to | Virus | The Hacker News |
| 14.5.24 | Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails | Cybersecurity researchers have discovered a new phishing campaign that's being used to distribute malware called Horabot targeting Windows users in Latin | Virus | |
| 14.5.24 | Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads | Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the | Virus | |
| 11.5.24 | Google links new LostKeys data theft malware to Russian cyberspies | Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations. | Virus | BleepingComputer |
| 9.5.24 | Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials | Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial | Virus | The Hacker News |
| 9.5.24 | Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials | Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial | Virus | The Hacker News |
| 8.5.24 | MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware | The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed | Virus | The Hacker News |
| 8.5.24 | Linux wiper malware hidden in malicious Go modules on GitHub | A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. | Virus | |
| 8.5.24 | StealC malware enhanced with stealth upgrades and data theft tools | The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements. | Virus | BleepingComputer |
| 8.5.24 | Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware | The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using | Virus | The Hacker News |
| 7.5.24 | Winning the Fight Against Spyware Merchant NSO | Six years ago, we detected and stopped an attack by the notorious spyware developer NSO against WhatsApp and its users, and today, our court case has made history as the first victory against illegal spyware that threatens the safety and privacy of everyone. | Virus | FB.com |
| 7.5.24 | Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times | Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless | Virus | The Hacker News |
| 6.5.24 | Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data | The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued | Virus | The Hacker News |
| 4.5.24 | Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack | Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux | Virus | The Hacker News |
| 3.5.24 | Malicious PyPI packages abuse Gmail, websockets to hijack systems | Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command execution. | Virus | BleepingComputer |
| 3.5.24 | WordPress plugin disguised as a security tool injects backdoor | A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. | Virus | BleepingComputer |
| 2.5.24 | MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks | The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver. "MintsLoader operates through a | Virus | The Hacker News |
| 1.5.24 | DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics | Russian companies have been targeted as part of a large-scale phishing campaign that's designed to deliver a known malware called DarkWatchman . Targets of the | Virus | The Hacker News |
| 28.4.25 | Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool | In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware | Virus | The Hacker News |
| 26.4.25 | Linux 'io_uring' security blindspot allows stealthy rootkit attacks | A significant security gap in Linux runtime security caused by the 'io_uring' interface allows rootkits to operate undetected on systems while bypassing advanced Enterprise security software. | Virus | |
| 25.4.25 | DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks | Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti | Virus | The Hacker News |
| 24.4.25 | Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools | Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring | Virus | The Hacker News |
| 23.4.25 | Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices | Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the | Virus | The Hacker News |
| 22.4.25 | SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks | A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication ( NFC ) relay attacks, enabling cybercriminals to | Virus | The Hacker News |
| 21.4.25 | New Android malware steals your credit cards for NFC relay attacks | A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. | Virus | BleepingComputer |
| 21.4.25 | Chinese hackers target Russian govt with upgraded RAT malware | Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. | Virus | |
| 20.4.25 | Over 16,000 Fortinet devices compromised with symlink backdoor | Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. | Virus | |
| 20.4.25 | Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems | Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH | Virus | The Hacker News |
| 20.4.25 | New ResolverRAT malware targets pharma and healthcare orgs worldwide | A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. | Virus | |
| 18.4.25 | Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader | A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such | Virus | The Hacker News |
| 18.4.25 | Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT | Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS , with 71.3 percent of the | Virus | The Hacker News |
| 17.4.25 | State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns | Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to | Virus | The Hacker News |
| 17.4.25 | Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers | Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data | Virus | The Hacker News |
| 16.4.25 | New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks | Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting | Virus | The Hacker News |
| 16.4.25 | Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool | The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a | Virus | The Hacker News |
| 15.4.25 | ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading | Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare | Virus | The Hacker News |
| 15.4.25 | Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT | A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously | Virus | The Hacker News |
| 12.4.25 | Police detains Smokeloader malware customers, seizes servers | In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals. | Virus | BleepingComputer |
| 12.4.25 | Fake Microsoft Office add-in tools push malware via SourceForge | Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims' computers to both mine and steal cryptocurrency. | Virus | BleepingComputer |
| 11.4.25 | SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps | Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware | Virus | The Hacker News |
| 9.4.25 | New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner | A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a | Virus | The Hacker News |
| 5.4.25 | North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages | The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more | Virus | The Hacker News |
| 5.4.25 | Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data | Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information. | Virus | The Hacker News |
| 5.4.25 | Counterfeit Android devices found preloaded with Triada malware | A new version of the Triada trojan has been discovered preinstalled on thousands of new Android devices, allowing threat actors to steal data as soon as they are set up. | Virus | BleepingComputer |
| 4.4.25 | Hackers abuse WordPress MU-Plugins to hide malicious code | Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. | Virus | |
| 4.4.25 | New Crocodilus malware steals Android users’ crypto wallet keys | A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. | Virus | |
| 4.4.25 | OPSEC Failure Exposes Coquettte's Malware Campaigns on Bulletproof Hosting Servers | A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting ( BPH ) provider called Proton66 to facilitate their operations. | Virus | |
| 4.4.25 | CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware | The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration | Virus | |
| 3.4.25 | Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices | Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android | Virus | |
| 2.4.25 | New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth | Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new | Virus | |
| 1.4.25 | Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp | The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors | Virus | |
|
31.3.25 |
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine | Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT . "The file names use | Virus | |
|
31.3.25 |
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation | Virus | The Hacker News |
|
30.3.25 |
Infostealer campaign compromises 10 npm packages, targets devs | Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. | Virus | |
|
30.3.25 |
Chinese FamousSparrow hackers deploy upgraded malware in attacks | A China-linked cyberespionage group known as 'FamousSparrow' was observed using a new modular version of its signature backdoor 'SparrowDoor' against a US-based trade organization. | Virus | |
|
29.3.25 |
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials | Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. | Virus | The Hacker News |
|
28.3.25 |
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection | Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary | Virus | The Hacker News |
|
28.3.25 |
New Android malware uses Microsoft’s .NET MAUI to evade detection | New Android malware campaigns use Microsoft's cross-platform framework .NET MAUI while disguising as legitimate services to evade detection. | Virus | |
|
28.3.25 |
PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps | An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise | Virus | The Hacker News |
|
26.3.25 |
Chinese Weaver Ant hackers spied on telco network for 4 years | A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers. | Virus | |
|
26.3.25 |
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment | The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's | Virus | The Hacker News |
|
26.3.25 |
Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks | Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring | Virus | The Hacker News |
|
23.3.25 |
Microsoft Trust Signing service abused to code-sign malware | Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. | Virus | |
|
23.3.25 |
Steam pulls game demo infecting Windows with info-stealing malware | Valve has removed a game titled 'Sniper: Phantom's Resolution' from the Steam store following multiple user reports that indicated its demo installer actually infected their systems with information stealing malware. | Virus | |
|
22.3.25 |
New Arcane infostealer infects YouTube, Discord users via game cheats | A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. | Virus | |
|
22.3.25 |
Malicious Android 'Vapor' apps on Google Play installed 60 million times | Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. | Virus | |
|
21.3.25 |
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users | YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking | Virus | The Hacker News |
|
20.3.25 |
Microsoft: New RAT malware used for crypto theft, reconnaissance | Microsoft has discovered a new remote access trojan (RAT) that employs "sophisticated techniques" to avoid detection, maintain persistence, and extract sensitive data. | Virus | |
|
20.3.25 |
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts | Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. | Virus | BleepingComputer |
|
20.3.25 |
CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages | The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat ). The campaign, detected earlier this month, has been found to target both | Virus | The Hacker News |
|
20.3.25 |
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners | Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577 , refers to an argument injection | Virus | The Hacker News |
|
20.3.25 |
ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers | The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware | Virus | The Hacker News |
|
19.3.25 |
New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code Editors | Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered | Virus | The Hacker News |
|
19.3.25 |
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation | Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic | Virus | The Hacker News |
|
18.3.25 |
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets | Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and | Virus | The Hacker News |
|
16.3.25 |
ClickFix attack delivers infostealers, RATs in fake Booking.com emails | Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. | Virus | BleepingComputer |
|
16.3.25 |
New North Korean Android spyware slips onto Google Play | A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. | Virus | BleepingComputer |
|
15.3.25 |
MassJacker malware uses 778,000 wallets to steal cryptocurrency | A newly discovered clipboard hijacking operation dubbed 'MassJacker' uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers. | Virus | BleepingComputer |
| 14.3.25 | New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions | Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, | Virus | The Hacker News |
| 14.3.25 | OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection | A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77 . The activity, condemned | Virus | The Hacker News |
| 9.3.25 | Undocumented "backdoor" found in Bluetooth chip used by a billion devices | The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks. | Virus | BleepingComputer |
| 9.3.25 | Microsoft says malvertising campaign impacted 1 million PCs | Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. | Virus | BleepingComputer |
| 8.3.25 | BadBox malware disrupted on 500K infected Android devices | The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. | Virus | BleepingComputer |
| 8.3.25 | New polyglot malware hits aviation, satellite communication firms | A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. | Virus | BleepingComputer |
| 8.3.25 | This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions | Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that's equipped to steal a victim's | Virus | The Hacker News |
| 7.3.25 | Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access | Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors | Virus | The Hacker News |
| 6.3.25 | Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America | The threat actor known as Dark Caracal has been attributed to a campaign that deployed a remote access trojan called Poco RAT in attacks targeting Spanish- | Virus | The Hacker News |
| 5.3.25 | Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems | Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to | Virus | The Hacker News |
| 1.3.25 | Vo1d malware botnet grows to 1.6 million Android TVs worldwide | A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. | Virus | BleepingComputer |
| 1.3.25 | GrassCall malware campaign drains crypto wallets via fake job interviews | A recent social engineering campaign targeted job seekers in the Web3 space with fake job interviews through a malicious "GrassCall" meeting app that installs information-stealing malware to steal cryptocurrency wallets. | Virus | BleepingComputer |
| 28.2.25 | Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus | The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer | Virus | The Hacker News |
| 27.2.25 | Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware | The threat actor known as Space Pirates has been linked to a malicious campaign targeting Russian information technology (IT) organizations with a previously | Virus | The Hacker News |
| 27.2.25 | New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades | Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting. "The | Virus | The Hacker News |
| 26.2.25 | New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems | Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between | Virus | The Hacker News |
| 26.2.25 | Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads | Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads | Virus | The Hacker News |
| 26.2.25 | LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile | Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to | Virus | The Hacker News |
| 25.2.25 | 2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT | A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware . "To further evade detection, the attackers | Virus | The Hacker News |
| 25.2.25 | GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets | Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source | Virus | The Hacker News |
| 25.2.25 | FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services | Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called | Virus | The Hacker News |
|
24.2.25 | New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer | Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and | Virus | The Hacker News |
| 22.2.25 | Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands | Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for | Virus | The Hacker News |
| 22.2.25 | New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection | A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet | Virus | The Hacker News |
| 22.2.25 | Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives | A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application | Virus | The Hacker News |
| 22.2.25 | Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability | Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead | Virus | The Hacker News |
|
19.1.25 | Malicious PyPi package steals Discord auth tokens from devs | A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. | Virus | BleepingComputer |
|
19.1.25 | WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites | A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. | Virus | BleepingComputer |
|
19.1.25 | Fake LDAPNightmware exploit on GitHub spreads infostealer malware | A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. | Virus | BleepingComputer |
|
16.1.25 | New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits | Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface | Virus | The Hacker News |
|
16.1.25 | Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer | Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate | Virus | The Hacker News |
|
16.1.25 | Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws | Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware | Virus | The Hacker News |
|
14.1.25 | Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware | Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather | Virus | The Hacker News |
|
14.1.25 | Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems | No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired | Virus | The Hacker News |
|
12.1.25 | Docker Desktop blocked on Macs due to false malware alert | Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. | Virus | BleepingComputer |
|
12.1.25 | Banshee stealer evades detection using Apple XProtect encryption algo | A new version of the Banshee info-stealing malware for macOS has been evading detection over the past two months by adopting string encryption from Apple's XProtect. | Virus | BleepingComputer |
|
12.1.25 | Ivanti zero-day attacks infected devices with custom malware | Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called 'Dryhook' and 'Phasejam' that is not currently associated with any threat group. | Virus | BleepingComputer |
|
12.1.25 | Over 4,000 backdoors hijacked by registering expired domains | Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them. | Virus | BleepingComputer |
|
11.1.25 | Malicious Browser Extensions are the Next Frontier for Identity Attacks | A recent campaign targeting browser extensions illustrates that they are the next frontier in identity attacks. Learn more about these attacks from LayerX Security and how to receive a free extension audit. | Virus | BleepingComputer |
|
11.1.25 | Chinese hackers also breached Charter and Windstream networks | More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon. | Virus | BleepingComputer |
|
11.1.25 | Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs | New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. | Virus | BleepingComputer |
|
10.1.25 | RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns | Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX | Virus | The Hacker News |
|
10.1.25 | MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan | Japan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named | Virus | The Hacker News |
|
10.1.25 | Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques | Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows | Virus | The Hacker News |
|
7.1.25 | New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities | Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework. The | Virus | The Hacker News |
|
5.1.25 | Nuclei flaw lets malicious templates bypass signature verification | A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. | Virus | BleepingComputer |
|
5.1.25 | New FireScam Android data-theft malware poses as Telegram Premium app | A new Android malware named 'FireScam' is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia's app market for mobile devices. | Virus | BleepingComputer |
|
4.1.25 | PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps | Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, | Virus | The Hacker News |
|
3.1.25 | Malicious npm packages target Ethereum developers' private keys | Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. | Virus | BleepingComputer |
|
2.1.25 | Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT | Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in | Virus | |