Virus List - H 2023 2021 2020 2019 2018 2017
DATE | NAME | Info | CATEG. | WEB |
| 24.4.25 | Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools | Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring | Virus | The Hacker News |
| 23.4.25 | Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices | Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the | Virus | The Hacker News |
| 22.4.25 | SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks | A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication ( NFC ) relay attacks, enabling cybercriminals to | Virus | The Hacker News |
| 21.4.25 | New Android malware steals your credit cards for NFC relay attacks | A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. | Virus | BleepingComputer |
| 21.4.25 | Chinese hackers target Russian govt with upgraded RAT malware | Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. | Virus | |
| 20.4.25 | Over 16,000 Fortinet devices compromised with symlink backdoor | Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. | Virus | |
| 20.4.25 | Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems | Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH | Virus | The Hacker News |
| 20.4.25 | New ResolverRAT malware targets pharma and healthcare orgs worldwide | A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. | Virus | |
| 18.4.25 | Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader | A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such | Virus | The Hacker News |
| 18.4.25 | Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT | Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS , with 71.3 percent of the | Virus | The Hacker News |
| 17.4.25 | State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns | Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to | Virus | The Hacker News |
| 17.4.25 | Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers | Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data | Virus | The Hacker News |
| 16.4.25 | New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks | Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting | Virus | The Hacker News |
| 16.4.25 | Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool | The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a | Virus | The Hacker News |
| 15.4.25 | ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading | Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare | Virus | The Hacker News |
| 15.4.25 | Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT | A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously | Virus | The Hacker News |
| 12.4.25 | Police detains Smokeloader malware customers, seizes servers | In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals. | Virus | BleepingComputer |
| 12.4.25 | Fake Microsoft Office add-in tools push malware via SourceForge | Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims' computers to both mine and steal cryptocurrency. | Virus | BleepingComputer |
| 11.4.25 | SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps | Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware | Virus | The Hacker News |
| 9.4.25 | New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner | A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a | Virus | The Hacker News |
| 5.4.25 | North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages | The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more | Virus | The Hacker News |
| 5.4.25 | Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data | Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information. | Virus | The Hacker News |
| 5.4.25 | Counterfeit Android devices found preloaded with Triada malware | A new version of the Triada trojan has been discovered preinstalled on thousands of new Android devices, allowing threat actors to steal data as soon as they are set up. | Virus | BleepingComputer |
| 4.4.25 | Hackers abuse WordPress MU-Plugins to hide malicious code | Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. | Virus | |
| 4.4.25 | New Crocodilus malware steals Android users’ crypto wallet keys | A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. | Virus | |
| 4.4.25 | OPSEC Failure Exposes Coquettte's Malware Campaigns on Bulletproof Hosting Servers | A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting ( BPH ) provider called Proton66 to facilitate their operations. | Virus | |
| 4.4.25 | CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware | The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration | Virus | |
| 3.4.25 | Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices | Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android | Virus | |
| 2.4.25 | New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth | Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new | Virus | |
| 1.4.25 | Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp | The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors | Virus | |
|
31.3.25 |
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine | Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT . "The file names use | Virus | |
|
31.3.25 |
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation | Virus | The Hacker News |
|
30.3.25 |
Infostealer campaign compromises 10 npm packages, targets devs | Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. | Virus | |
|
30.3.25 |
Chinese FamousSparrow hackers deploy upgraded malware in attacks | A China-linked cyberespionage group known as 'FamousSparrow' was observed using a new modular version of its signature backdoor 'SparrowDoor' against a US-based trade organization. | Virus | |
|
29.3.25 |
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials | Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. | Virus | The Hacker News |
|
28.3.25 |
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection | Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary | Virus | The Hacker News |
|
28.3.25 |
New Android malware uses Microsoft’s .NET MAUI to evade detection | New Android malware campaigns use Microsoft's cross-platform framework .NET MAUI while disguising as legitimate services to evade detection. | Virus | |
|
28.3.25 |
PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps | An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise | Virus | The Hacker News |
|
26.3.25 |
Chinese Weaver Ant hackers spied on telco network for 4 years | A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers. | Virus | |
|
26.3.25 |
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment | The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's | Virus | The Hacker News |
|
26.3.25 |
Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks | Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring | Virus | The Hacker News |
|
23.3.25 |
Microsoft Trust Signing service abused to code-sign malware | Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. | Virus | |
|
23.3.25 |
Steam pulls game demo infecting Windows with info-stealing malware | Valve has removed a game titled 'Sniper: Phantom's Resolution' from the Steam store following multiple user reports that indicated its demo installer actually infected their systems with information stealing malware. | Virus | |
|
22.3.25 |
New Arcane infostealer infects YouTube, Discord users via game cheats | A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. | Virus | |
|
22.3.25 |
Malicious Android 'Vapor' apps on Google Play installed 60 million times | Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. | Virus | |
|
21.3.25 |
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users | YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking | Virus | The Hacker News |
|
20.3.25 |
Microsoft: New RAT malware used for crypto theft, reconnaissance | Microsoft has discovered a new remote access trojan (RAT) that employs "sophisticated techniques" to avoid detection, maintain persistence, and extract sensitive data. | Virus | |
|
20.3.25 |
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts | Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. | Virus | BleepingComputer |
|
20.3.25 |
CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages | The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat ). The campaign, detected earlier this month, has been found to target both | Virus | The Hacker News |
|
20.3.25 |
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners | Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577 , refers to an argument injection | Virus | The Hacker News |
|
20.3.25 |
ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers | The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware | Virus | The Hacker News |
|
19.3.25 |
New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code Editors | Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered | Virus | The Hacker News |
|
19.3.25 |
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation | Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic | Virus | The Hacker News |
|
18.3.25 |
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets | Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and | Virus | The Hacker News |
|
16.3.25 |
ClickFix attack delivers infostealers, RATs in fake Booking.com emails | Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. | Virus | BleepingComputer |
|
16.3.25 |
New North Korean Android spyware slips onto Google Play | A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. | Virus | BleepingComputer |
|
15.3.25 | MassJacker malware uses 778,000 wallets to steal cryptocurrency | A newly discovered clipboard hijacking operation dubbed 'MassJacker' uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers. | Virus | BleepingComputer |
| 14.3.25 | New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions | Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, | Virus | The Hacker News |
| 14.3.25 | OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection | A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77 . The activity, condemned | Virus | The Hacker News |
| 9.3.25 | Undocumented "backdoor" found in Bluetooth chip used by a billion devices | The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks. | Virus | BleepingComputer |
| 9.3.25 | Microsoft says malvertising campaign impacted 1 million PCs | Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. | Virus | BleepingComputer |
| 8.3.25 | BadBox malware disrupted on 500K infected Android devices | The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. | Virus | BleepingComputer |
| 8.3.25 | New polyglot malware hits aviation, satellite communication firms | A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. | Virus | BleepingComputer |
| 8.3.25 | This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions | Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that's equipped to steal a victim's | Virus | The Hacker News |
| 7.3.25 | Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access | Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors | Virus | The Hacker News |
| 6.3.25 | Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America | The threat actor known as Dark Caracal has been attributed to a campaign that deployed a remote access trojan called Poco RAT in attacks targeting Spanish- | Virus | The Hacker News |
| 5.3.25 | Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems | Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to | Virus | The Hacker News |
| 1.3.25 | Vo1d malware botnet grows to 1.6 million Android TVs worldwide | A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. | Virus | BleepingComputer |
| 1.3.25 | GrassCall malware campaign drains crypto wallets via fake job interviews | A recent social engineering campaign targeted job seekers in the Web3 space with fake job interviews through a malicious "GrassCall" meeting app that installs information-stealing malware to steal cryptocurrency wallets. | Virus | BleepingComputer |
| 28.2.25 | Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus | The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer | Virus | The Hacker News |
| 27.2.25 | Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware | The threat actor known as Space Pirates has been linked to a malicious campaign targeting Russian information technology (IT) organizations with a previously | Virus | The Hacker News |
| 27.2.25 | New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades | Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting. "The | Virus | The Hacker News |
| 26.2.25 | New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems | Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between | Virus | The Hacker News |
| 26.2.25 | Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads | Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads | Virus | The Hacker News |
| 26.2.25 | LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile | Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to | Virus | The Hacker News |
| 25.2.25 | 2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT | A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware . "To further evade detection, the attackers | Virus | The Hacker News |
| 25.2.25 | GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets | Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source | Virus | The Hacker News |
| 25.2.25 | FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services | Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called | Virus | The Hacker News |
|
24.2.25 | New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer | Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and | Virus | The Hacker News |
| 22.2.25 | Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands | Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for | Virus | The Hacker News |
| 22.2.25 | New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection | A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet | Virus | The Hacker News |
| 22.2.25 | Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives | A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application | Virus | The Hacker News |
| 22.2.25 | Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability | Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead | Virus | The Hacker News |
|
19.1.25 | Malicious PyPi package steals Discord auth tokens from devs | A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. | Virus | BleepingComputer |
|
19.1.25 | WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites | A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. | Virus | BleepingComputer |
|
19.1.25 | Fake LDAPNightmware exploit on GitHub spreads infostealer malware | A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. | Virus | BleepingComputer |
|
16.1.25 | New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits | Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface | Virus | The Hacker News |
|
16.1.25 | Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer | Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate | Virus | The Hacker News |
|
16.1.25 | Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws | Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware | Virus | The Hacker News |
|
14.1.25 | Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware | Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather | Virus | The Hacker News |
|
14.1.25 | Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems | No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired | Virus | The Hacker News |
|
12.1.25 | Docker Desktop blocked on Macs due to false malware alert | Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. | Virus | BleepingComputer |
|
12.1.25 | Banshee stealer evades detection using Apple XProtect encryption algo | A new version of the Banshee info-stealing malware for macOS has been evading detection over the past two months by adopting string encryption from Apple's XProtect. | Virus | BleepingComputer |
|
12.1.25 | Ivanti zero-day attacks infected devices with custom malware | Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called 'Dryhook' and 'Phasejam' that is not currently associated with any threat group. | Virus | BleepingComputer |
|
12.1.25 | Over 4,000 backdoors hijacked by registering expired domains | Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them. | Virus | BleepingComputer |
|
11.1.25 | Malicious Browser Extensions are the Next Frontier for Identity Attacks | A recent campaign targeting browser extensions illustrates that they are the next frontier in identity attacks. Learn more about these attacks from LayerX Security and how to receive a free extension audit. | Virus | BleepingComputer |
|
11.1.25 | Chinese hackers also breached Charter and Windstream networks | More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon. | Virus | BleepingComputer |
|
11.1.25 | Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs | New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. | Virus | BleepingComputer |
|
10.1.25 | RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns | Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX | Virus | The Hacker News |
|
10.1.25 | MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan | Japan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named | Virus | The Hacker News |
|
10.1.25 | Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques | Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows | Virus | The Hacker News |
|
7.1.25 | New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities | Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework. The | Virus | The Hacker News |
|
5.1.25 | Nuclei flaw lets malicious templates bypass signature verification | A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. | Virus | BleepingComputer |
|
5.1.25 | New FireScam Android data-theft malware poses as Telegram Premium app | A new Android malware named 'FireScam' is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia's app market for mobile devices. | Virus | BleepingComputer |
|
4.1.25 | PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps | Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, | Virus | The Hacker News |
|
3.1.25 | Malicious npm packages target Ethereum developers' private keys | Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. | Virus | BleepingComputer |
|
2.1.25 | Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT | Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in | Virus | |
|
30.12.24 | 16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft | A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to | Virus | |
|
28.12.24 | Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia | The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns | Virus | |
|
26.12.24 | Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware | The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian | Virus | |
| 21.12.24 | Thousands Download Malicious npm Libraries Impersonating Legitimate Tools | Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up | Virus | |
| 18.12.24 | Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware | A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate . "An attacker used | Virus | |
|
28.10.24 | BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers | Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked | Virus | |
|
27.10.24 | New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection | New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud | Virus | |
|
27.10.24 | Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies |
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have | Virus | The Hacker News |
|
27.10.24 |
Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor |
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest | ||
|
27.10.24 |
Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign |
Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver | ||
| 26.10.24 | North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware | The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows | Virus | The Hacker News |
| 26.10.24 | Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack | A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by | Virus | The Hacker News |
| 26.10.24 | TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns | New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's | Virus | The Hacker News |
| 26.10.24 | New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT | Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a | Virus | The Hacker News |
| 26.10.24 | New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists | North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of | Virus | The Hacker News |
15.9.24 | Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates | Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate | Virus | The Hacker News |
28.9.24 | New RomCom malware variant 'SnipBot' spotted in data theft attacks | A new variant of the RomCom malware called SnipBot, has been used in attacks that pivot on the network to steal data from compromised systems. | Virus | |
26.9.24 | Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware | As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest | Virus | The Hacker News |
26.9.24 | Infostealer malware bypasses Chrome’s new cookie-theft defenses | Infostealer malware developers released updates claiming to bypass Google Chrome's recently introduced feature App-Bound Encryption to protect sensitive data such as cookies. | Virus | |
25.9.24 | Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware | Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of | Virus | The Hacker News |
25.9.24 | Necro Android Malware Found in Popular Camera and Browser Apps on Play Store | Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of | Virus | The Hacker News |
24.9.24 | New Octo Android malware version impersonates NordVPN, Google Chrome | A new version of the Octo Android malware, named "Octo2," has been seen spreading across Europe under the guise of NordVPN, Google Chrome, and an app called Europe Enterprise. | Virus | |
24.9.24 | Android malware 'Necro' infects 11 million devices via Google Play | A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks. | Virus | |
24.9.24 | New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities | Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved | Virus | The Hacker News |
23.9.24 | New PondRAT Malware Hidden in Python Packages Targets Software Developers | Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called | Virus | The Hacker News |
23.9.24 | Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware | A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other | Virus | The Hacker News |
22.9.24 | Global infostealer malware operation targets crypto users, gamers | A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named "Marko Polo." | Virus | |
21.9.24 | Clever 'GitHub Scanner' campaign abusing repos to push malware | A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. | Virus | |
19.9.24 | New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails | A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a | Virus | The Hacker News |
15.9.24 | Malware locks browser in kiosk mode to steal Google credentials | A malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. | Virus | |
15.9.24 | New Linux malware Hadooken targets Oracle WebLogic servers | Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named "Hadooken," which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks | Virus | |
15.9.24 | New Vo1d malware infects 1.3 million Android streaming boxes | Threat actors have infected over 1.3 million TV streaming boxes running Android with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices. | Virus | |
13.9.24 | TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud | Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new | Virus | The Hacker News |
12.9.24 | New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram | Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at | Virus | The Hacker News |
12.9.24 | Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide | Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 | Virus | The Hacker News |
9.9.24 | Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT | The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized | Virus | The Hacker News |
9.9.24 | New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys | Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat | Virus | The Hacker News |
8.9.24 | Cisco warns of backdoor admin account in Smart Licensing Utility | Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. | Virus | |
7.9.24 | GitHub comments abused to push password stealing malware masked as fixes | GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. | Virus | |
5.9.24 | Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore | Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco | Virus | The Hacker News |
5.9.24 | New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm | The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber | Virus | The Hacker News |
5.9.24 | Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw | Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has | Virus | The Hacker News |
4.9.24 | Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers | A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to | Virus | The Hacker News |
4.9.24 | Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack | A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader | Virus | The Hacker News |
4.9.24 | Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users | Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This | Virus | The Hacker News |
4.9.24 | Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers' Systems | Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again | Virus | The Hacker News |
1.9.24 | GitHub comments abused to spread Lumma Stealer malware as fake fixes | GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. | Virus | |
1.9.24 | Docker-OSX image used for security research hit by Apple DMCA takedown | The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright. | Virus | |
1.9.24 | New Voldemort malware abuses Google Sheets to store stolen data | A campaign that started on August 5, 2024, is spreading a previously undocumented malware named "Voldemort" to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia. | Virus | |
1.9.24 | Fake Palo Alto GlobalProtect used as lure to backdoor enterprises | Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further. | Virus | |
31.8.24 | Malware exploits 5-year-old zero-day to infect end-of-life IP cameras | The Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which have been discontinued for years and will not receive a patch. | Virus | |
31.8.24 | PoorTry Windows driver evolves into a full-featured EDR wiper | The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for the operation of security solutions and making restoration harder. | Virus | |
31.8.24 | Malware infiltrates Pidgin messenger’s official plugin repository | The Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware commonly used to gain initial access to corporate networks. | Virus | |
30.8.24 | New Malware Masquerades as Palo Alto VPN Targeting Middle East Users | Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that | Virus | The Hacker News |
28.8.24 | macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users | Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ | Virus | The Hacker News |
27.8.24 | Microsoft: Exchange Online mistakenly tags emails as malware | Microsoft is investigating an Exchange Online false positive issue causing emails containing images to be wrongly tagged as malicious and sent to quarantine. | Virus | |
26.8.24 | New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards | Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit | Virus | The Hacker News |
25.8.24 | Stealthy 'sedexp' Linux malware evaded detection for two years | A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework. | Virus | |
24.8.24 | New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules | Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to | Virus | The Hacker News |
24.8.24 | New NGate Android malware uses NFC chip to steal credit card data | A new Android malware named NGate can steal money from payment cards by relaying to an attacker's device the data read by the near-field communication (NFC) chip. | Virus | |
24.8.24 | New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads | Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with | Virus | The Hacker News |
23.8.24 | New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data | Cybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide | Virus | The Hacker News |
23.8.24 | Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide | Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that | Virus | The Hacker News |
22.8.24 | New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining | Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute- | Virus | The Hacker News |
21.8.24 | North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign | A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity | Virus | The Hacker News |
21.8.24 | Styx Stealer Creator's OPSEC Fail Leaks Client List and Profit Details | In what's a case of an operational security (OPSEC) lapse, the operator behind a new information stealer called Styx Stealer leaked | Virus | The Hacker News |
21.8.24 | New macOS Malware TodoSwift Linked to North Korean Hacking Groups | Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with | Virus | The Hacker News |
21.8.24 | Czech Mobile Users Targeted in New Banking Credential Theft Scheme | Mobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application (PWA) in an | Virus | The Hacker News |
21.8.24 | Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America | Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in | Virus | The Hacker News |
20.8.24 | New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia | A new type of malware called UULoader is being used by threat actors to deliver next-stage payloads like Gh0st RAT and Mimikatz . | Virus | The Hacker News |
16.8.24 | Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics | Chinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT. "ValleyRAT is a multi-stage | Virus | The Hacker News |
16.8.24 | New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems | Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed | Virus | The Hacker News |
16.8.24 | Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs | An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser's executables to hijack homepages and steal browsing history. | Virus | |
11.8.24 | New CMoon USB worm targets Russians in data theft attacks | A new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website | Virus | |
11.8.24 | New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions | An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a | Virus | The Hacker News |
9.8.24 | New LianSpy malware hides by blocking Android security feature | A previously undocumented Android malware named 'LianSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. | Virus | |
7.8.24 | New Go-based Backdoor GoGra Targets South Asian Media Organization | An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based | Virus | The Hacker News |
7.8.24 | Chameleon Android Banking Trojan Targets Users Through Fake CRM App | Cybersecurity researchers have lifted the lid on a new technique adopted by threat actors behind the Chameleon Android banking | Virus | The Hacker News |
6.8.24 | New Android Spyware LianSpy Evades Detection Using Yandex Cloud | Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least | Virus | The Hacker News |
5.8.24 | New Android Trojan "BlankBot" Targets Turkish Users' Financial Data | Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to steal | Virus | The Hacker News |
4.8.24 | StackExchange abused to spread malicious PyPi packages as answers | Threat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platform. | Virus | |
4.8.24 | Hackers abuse free TryCloudflare to deliver remote access malware | Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs). | Virus | |
4.8.24 | Google ads push fake Google Authenticator site installing malware | Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware. | Virus | |
4.8.24 | New Android malware wipes your device after draining bank accounts | A new Android malware that researchers call 'BingoMod' can wipe devices after successfully stealing money from the victims' bank accounts using the on-device fraud technique. | Virus | |
3.8.24 | Massive SMS stealer campaign infects Android devices in 113 countries | A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords (OTPs) for over 600 services. | Virus | |
3.8.24 | Google Chrome adds app-bound encryption to block infostealer malware | Google Chrome has added app-bound encryption for better cookie protection on Windows systems and improved defenses against information-stealing malware attacks. | Virus | |
3.8.24 | Android spyware 'Mandrake' hidden in apps on Google Play since 2022 | A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. | Virus | |
2.8.24 | New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication | Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature | Virus | The Hacker News |
2.8.24 | Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware | Cybersecurity companies are warning about an uptick in the abuse of Clouflare's TryCloudflare free service for malware delivery. The | Virus | The Hacker News |
1.8.24 | Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform | In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light | Virus | The Hacker News |
1.8.24 | New Android Banking Trojan BingoMod Steals Money, Wipes Devices | Cybersecurity researchers have uncovered a new Android remote access trojan (RAT) called BingoMod that not only performs | Virus | The Hacker News |
1.8.24 | Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware | Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to | Virus | The Hacker News |
1.8.24 | Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware | Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and | Virus | The Hacker News |
1.8.24 | Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes | A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least | Virus | The Hacker News |
31.7.24 | New Mandrake Spyware Found in Google Play Store Apps After Two Years | A new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for | Virus | The Hacker News |
31.7.24 | Cybercriminals Target Polish Businesses with Agent Tesla and Formbook Malware | Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses (SMBs) in | Virus | The Hacker News |
29.7.24 | 'Stargazer Goblin' Creates 3,000 Fake GitHub Accounts for Malware Spread | A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service | Virus | The Hacker News |
29.7.24 | Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site | The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part | Virus | The Hacker News |
28.7.24 | PKfail Secure Boot bypass lets attackers install UEFI malware | Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. | Virus | |
27.7.24 | French police push PlugX malware self-destruct payload to clean PCs | The French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France. | Virus | |
27.7.24 | Over 3,000 GitHub accounts used by malware distribution service | Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. | Virus | |
27.7.24 | KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack | American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices. | Virus | |
27.7.24 | Hamster Kombat’s 250 million players targeted in malware attacks | Hamster Kombat’s 250 million players targeted in malware attacks | Virus | |
27.7.24 | Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials | Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple | Virus | The Hacker News |
26.7.24 | FrostyGoop malware attack cut off heat in Ukraine during winter | Russian-linked malware was used in a January 2024 cyberattack to cut off the heating of over 600 apartment buildings in Lviv, Ukraine, for two days during sub-zero temperatures. | Virus | |
26.7.24 | Fake CrowdStrike repair manual pushes new infostealer malware | CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. | Virus | |
26.7.24 | New Chrome Feature Scans Password-Protected Files for Malicious Content | Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web | Virus | The Hacker News |
23.7.24 | PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing | A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud | Virus | The Hacker News |
23.7.24 | SocGholish Malware Exploits BOINC Project for Covert Cyberattacks | The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called | Virus | The Hacker News |
22.7.24 | Fake CrowdStrike fixes target companies with malware, data wipers | Threat actors are exploiting the massive business disruption from CrowdStrike's glitchy update on Friday to target companies with data wipers and remote access tools. | Virus | |
21.7.24 | Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware | Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows | Virus | The Hacker News |
20.7.24 | Revolver Rabbit gang registers 500,000 domains for malware campaigns | A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems. | Virus | |
19.7.24 | Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware | A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed | Virus | The Hacker News |
18.7.24 | Alert: HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver | Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily | Virus | |
18.7.24 | New BugSleep malware implant deployed in MuddyWater attacks | The Iranian-backed MuddyWater hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems. | Virus | |
16.7.24 | 'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins | Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a | Virus | |
16.7.24 | Malicious npm Packages Found Using Image Files to Hide Backdoor Code | Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute | Virus | The Hacker News |
15.7.24 | Facebook ads for Windows desktop themes push info-stealing malware | Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. | Virus | |
15.7.24 | 10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit | Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting, | Virus | The Hacker News |
13.7.24 | ViperSoftX malware covertly runs PowerShell using AutoIT scripting | The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection. | Virus | |
13.7.24 | Windows MSHTML zero-day used in malware attacks for over a year | Microsoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features. | Virus | |
13.7.24 | DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign | Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the | Virus | |
12.7.24 | 60 New Malicious Packages Uncovered in NuGet Supply Chain Attack | Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an | ||
11.7.24 | New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign | Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called | Virus | |
10.7.24 | ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks | The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the | Virus | |
9.7.24 | GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel | Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data- | Virus | The Hacker News |
9.7.24 | Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories | Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be | Virus | The Hacker News |
8.7.24 | Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites | An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of | Virus | The Hacker News |
8.7.24 | Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries | Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according to | Virus | The Hacker News |
6.7.24 | Hackers attack HFS servers to drop malware and Monero miners | Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software. | Virus | |
5.7.24 | Infostealer malware logs used to identify child abuse website members | Thousands of pedophiles who download and share child sexual abuse material (CSAM) were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations. | Virus | |
5.7.24 | GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks | The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised | Virus | The Hacker News |
4.7.24 | Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool | Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool | Virus | The Hacker News |
3.7.24 | FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks | The loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using the | Virus | The Hacker News |
3.7.24 | South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware | An unnamed South Korean enterprise resource planning (ERP) vendor's product update server has been found to be compromised | Virus | The Hacker News |
1.7.24 | CapraRAT Spyware Disguised as Popular Apps Threatens Android Users | The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering | Virus | The Hacker News |
1.7.24 | Indian Software Firm's Products Hacked to Spread Data-Stealing Malware | Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to | Virus | The Hacker News |
30.6.24 | New Unfurling Hemlock threat actor floods systems with malware | A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files. | Virus | |
29.6.24 | Snowblind malware abuses Android security feature to bypass security | A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data. | Virus | |
| 28.6.24 | New Medusa malware variants target Android users in seven countries | The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey. | Virus | |
| 27.6.24 | New Medusa Android Trojan Targets Banking Users Across 7 Countries | Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target | Virus | The Hacker News |
| 25.6.24 | New Cyberthreat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks | A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a | Virus | The Hacker News |
| 25.6.24 | Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts | Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected | Virus | The Hacker News |
| 25.6.24 | Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices | Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called | Virus | The Hacker News |
| 23.6.24 | Warning: New Adware Campaign Targets Meta Quest App Seekers | A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new | Virus | The Hacker News |
| 23.6.24 | Oyster Backdoor Spreading via Trojanized Popular Software Downloads | A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to | Virus | The Hacker News |
| 20.6.24 | New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration | A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with | Virus | The Hacker News |
| 20.6.24 | Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations | Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns | Virus | The Hacker News |
| 19.6.24 | Fake Google Chrome errors trick you into running malicious PowerShell scripts | A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware. | Virus | |
| 18.6.24 | Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer | Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called | Virus | The Hacker News |
| 17.6.24 | NiceRAT Malware Targets South Korean Users via Cracked Software | Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which | Virus | The Hacker News |
| 16.6.24 | New Linux malware is controlled through emojis sent from Discord | A newly discovered Linux malware dubbed 'DISGOMOJI' uses the novel approach of utilizing emojis to execute commands on infected devices in attacks on government agencies in India. | Virus | |
| 15.6.24 | Phishing emails abuse Windows search protocol to push malicious scripts | A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. | Virus | |
| 15.6.24 | Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan | Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond | Virus | The Hacker News |
| 14.6.24 | Warmcookie Windows backdoor pushed via fake job offers | A Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks. | Virus | |
| 13.6.24 | Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware | The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to | Virus | The Hacker News |
| 13.6.24 | Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS | Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least | Virus | The Hacker News |
| 13.6.24 | Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware | The nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, | Virus | The Hacker News |
| 13.6.24 | Gitloker attacks abuse GitHub notifications to push malicious OAuth apps | Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos. | Virus | |
| 13.6.24 | Malicious VSCode extensions with millions of installs discovered | A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. | Virus | BleepingComputer |
| 13.6.24 | New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems | A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors | Virus | The Hacker News |
| 12.6.24 | China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics | Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new | Virus | The Hacker News |
| 10.6.24 | Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus | Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks | Virus | The Hacker News |
| 8.6.24 | LightSpy Spyware's macOS Variant Found with Advanced Surveillance Capabilities | Cybersecurity researchers have disclosed that the LightSpy spyware recently identified as targeting Apple iOS users is in fact a previously | Virus | The Hacker News |
7.6.24 | SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with | Virus | |
5.6.24 | Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine | A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike | Virus | The Hacker News |
5.6.24 | DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks | Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey | Virus | The Hacker News |
5.6.24 | Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users | Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to | Virus | The Hacker News |
| 3.6.24 | Andariel Hackers Target South Korean Institutes with New Dora RAT Malware | The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its | Virus | The Hacker News |
3.6.24 | Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware | Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and | Virus | The Hacker News |
1.6.24 | Pirated Microsoft Office delivers malware cocktail on systems | Cybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites. | Virus | |
29.5.24 | Brazilian Banks Targeted by New AllaKore RAT Variant Called AllaSenha | Brazilian banking institutions are the target of a new campaign that distributes a custom variant of the Windows-based AllaKore | Virus | The Hacker News |
25.5.24 | Stealers, stealers and more stealers | Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers, and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid (a new stealer), ScarletStealer (another new stealer) and Sys01, which had been updated quite a bit since the previous public analysis. | Virus | Securelist |
25.5.24 | GhostEngine mining attacks kill EDR security using vulnerable drivers | A malicious crypto mining campaign codenamed 'REF4578,' has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner. | Virus | |
24.5.24 | JAVS Courtroom Recording Software Backdoored - Deploys RustDoor Malware | Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV | Virus | The Hacker News |
24.5.24 | Stealthy BLOODALCHEMY Malware Targeting ASEAN Government Networks | Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government | Virus | The Hacker News |
23.5.24 | New BiBi Wiper version also destroys the disk partition table | A new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims. | Virus | |
22.5.24 | Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users | A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google | Virus | The Hacker News |
22.5.24 | SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure | The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to | Virus | The Hacker News |
20.5.24 | Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide | The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 | Virus | The Hacker News |
19.5.24 | Banking malware Grandoreiro returns after police disruption | The banking trojan "Grandoreiro" is spreading in a large-scale phishing campaign in over 60 countries, targeting customer accounts of roughly 1,500 banks. | Virus | |
18.5.24 | PyPi package backdoors Macs using the Sliver pen-testing suite | A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. | Virus | |
18.5.24 | China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT | Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked | Virus | The Hacker News |
14.5.24 | Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo | Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests | Virus | The Hacker News |
10.5.24 | Malicious Android Apps Pose as Google, Instagram, WhatsApp, to Steal Credentials | Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed | ||
| 8.5.24 | Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version | A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis | Virus | The Hacker News |
| 5.5.24 | New Cuttlefish malware infects routers to monitor traffic for credentials | A new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information. | Virus | |
| 5.5.24 | New Latrodectus malware attacks use Microsoft, Cloudflare themes | Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. | Virus | |
| 4.5.24 | Fake job interviews target developers with new Python backdoor | A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). | Virus | |
| 4.5.24 | Researchers sinkhole PlugX malware server with 2.5 million unique IPs | Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. | Virus | |
| 3.5.24 | Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications | Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of | Virus | The Hacker News |
| 2.5.24 | New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials | A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily | Virus | The Hacker News |
| 1.5.24 | ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan | The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan | Virus | The Hacker News |
| 30.4.24 | Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 | Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to | Virus | The Hacker News |
| 30.4.24 | Bogus npm Packages Used to Trick Software Developers into Installing Malware | An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job | Virus | The Hacker News |
| 27.4.24 | CoralRaider attacks use CDN cache to push info-stealer malware | A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. | Virus | |
| 27.4.24 | US imposes visa bans on 13 spyware makers and their families | The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February. | Virus | BleepingComputer |
| 26.4.24 | North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures | The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new | Virus | The Hacker News |
| 25.4.24 | eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners | A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors | Virus | The Hacker News |
| 24.4.24 | Hackers hijack antivirus updates to drop GuptiMiner malware | North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. | Virus | |
| 24.4.24 | GitLab affected by GitHub-style CDN flaw allowing malware hosting | BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion. | Virus | |
| 24.4.24 | CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers | A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot , LummaC2 , and | Virus | The Hacker News |
| 22.4.24 | GitHub comments abused to push malware via Microsoft repo URLs | A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy. | Virus | BleepingComputer |
| 22.4.24 | New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth | A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs | Virus | The Hacker News |
| 19.4.24 | Fake cheat lures gamers into spreading infostealer malware | A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too. | Virus | |
| 19.4.24 | Google ad impersonates Whales Market to push wallet drainer malware | A legitimate-looking Google Search advertisement for the crypto trading platform 'Whales Market' redirects visitors to a wallet-draining phishing site that steals all of your assets. | Virus | |
| 19.4.24 | Hackers Target Middle East Governments with Evasive "CR4T" Backdoor | Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor | Virus | The Hacker News |
| 19.4.24 | OfflRouter Malware Evades Detection in Ukraine for Almost a Decade | Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its | Virus | The Hacker News |
| 18.4.24 | DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware | New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go. | Virus | Securelist |
| 18.4.24 | SoumniBot: the new Android banker’s unique techniques | The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. | Virus | Securelist |
| 18.4.24 | Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor | A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a | Virus | The Hacker News |
| 16.4.24 | TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks | The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range | Virus | The Hacker News |
| 16.4.24 | Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown | Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a | Virus | The Hacker News |
| 14.4.24 | Firebird RAT creator and seller arrested in the U.S. and Australia | A joint police operation between the Australian Federal Police (AFP) and the FBI has led to the arrest and charging of two individuals who are believed to be behind the development and distribution of the "Firebird" remote access trojan (RAT), later rebranded as "Hive." | Virus | |
| 13.4.24 | Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack | Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March | Virus | The Hacker News |
| 13.4.24 | Malicious Visual Studio projects on GitHub push Keyzetsu malware | Threat actors are abusing GitHub automation features and malicious Visual Studio projects to push a new variant of the "Keyzetsu" clipboard-hijacking malware and steal cryptocurrency payments. | Virus | |
| 13.4.24 | XZ backdoor story – Initial analysis | a single message on the Openwall OSS-security mailing list marked an important discovery for the information security, open source and Linux communities: the discovery of a malicious backdoor in XZ. XZ is a compression utility integrated into many popular distributions of Linux. | Virus | Securelist |
| 13.4.24 | Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files | "Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys , new findings from | Virus | The Hacker News |
| 11.4.24 | Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files | Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that propagates the malware through malicious | Virus | The Hacker News |
| 9.4.24 | Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing | Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a | Virus | The Hacker News |
| 8.4.24 | Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox | Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns | Virus | The Hacker News |
| 7.4.24 | Over 92,000 exposed D-Link NAS devices have a backdoor account | A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models. | Virus | |
| 7.4.24 | New Latrodectus malware replaces IcedID in network breaches | A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023. | Virus | |
| 7.4.24 | Visa warns of new JSOutProx malware variant targeting financial orgs | Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers. | Virus | |
| 6.4.24 | The Biggest Takeaways from Recent Malware Attacks | Recent high-profile malware attacks teach us lessons on limiting malware risks at organizations. Learn more from Blink Ops about what these attacks taught us. | Virus | |
| 5.4.24 | From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware | Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan . The | Virus | The Hacker News |
| 5.4.24 | New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA | Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an | Virus | The Hacker News |
| 4.4.24 | New XZ backdoor scanner detects implant in any Linux binary | Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. | Virus | |
| 4.4.24 | DinodasRAT malware targets Linux servers in espionage campaign | Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022. | Virus | |
| 3.4.24 | Mispadu Trojan Targets Europe, Thousands of Credentials Compromised | The banking trojan known as Mispadu has expanded its focus beyond Latin America (LATAM) and Spanish-speaking individuals to | Virus | The Hacker News |
| 2.4.24 | Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution | The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also | Virus | The Hacker News |
| 2.4.24 | Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors | The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in | Virus | The Hacker News |
| 1.4.24 | Detecting Windows-based Malware Through Better Visibility | Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These | Virus | The Hacker News |
| 31.3.24 | Vultur banking malware for Android poses as McAfee Security app | Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism. | Virus | |
| 31.3.24 | Activision: Enable 2FA to secure accounts recently stolen by malware | An infostealer malware campaign has reportedly collected millions of logins from users of various gaming websites, including players that use cheats, pay-to-cheat services. | Virus | |
| 31.3.24 | Red Hat warns of backdoor in XZ tools used by most Linux distros | Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries. | Virus | |
| 31.3.24 | PyPI suspends new user registration to block malware campaign | The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. | Virus | |
| 31.3.24 | Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware | Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting | Virus | The Hacker News |
| 30.3.24 | Google: Spyware vendors behind 50% of zero-days exploited in 2023 | Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients. | Virus | |
| 30.3.24 | Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros | RedHat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils | Virus | The Hacker News |
| 29.3.24 | Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries | A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and | Virus | The Hacker News |
| 27.3.24 | TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service | A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office (SOHO) routers and IoT devices in 88 countries. | Virus | |
| 27.3.24 | Over 100 US and EU orgs targeted in StrelaStealer malware attacks | A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials. | Virus | BleepingComputer |
| 23.3.24 | Evasive Sign1 malware campaign infects 39,000 WordPress sites | A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads. | Virus | |
| 23.3.24 | Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties | The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been | Virus | The Hacker News |
| 22.3.24 | New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. | Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as | Virus | The Hacker News |
| 22.3.24 | Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware | The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from | Virus | The Hacker News |
| 21.3.24 | New AcidPour data wiper targets Linux x86 network devices | A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices. | Virus | |
| 21.3.24 | Over 800 npm Packages Found with Discrepancies, 18 Exploitable to 'Manifest Confusion' | New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been | Virus | The Hacker News |
| 21.3.24 | AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials | Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive | Virus | The Hacker News |
| 20.3.24 | New BunnyLoader Malware Variant Surfaces with Modular Attack Features | Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various | Virus | The Hacker News |
| 19.3.24 | From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks | Large language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of | Virus | The Hacker News |
| 19.3.24 | Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices | A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The | Virus | The Hacker News |
| 19.3.24 | New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics | A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive | Virus | The Hacker News |
| 18.3.24 | Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites | Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a | Virus | The Hacker News |
| 17.3.24 | Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer | Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer | Virus | The Hacker News |
| 16.3.24 | Hackers exploit Windows SmartScreen flaw to drop DarkGate malware | A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. | Virus | |
| 15.3.24 | Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers | Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and | Virus | The Hacker News |
| 14.3.24 | Ande Loader Malware Targets Manufacturing Sector in North America | The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like | Virus | The Hacker News |
| 13.3.24 | PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users | The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest | Virus | The Hacker News |
| 13.3.24 | Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub | A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java- | Virus | The Hacker News |
| 12.3.24 | Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites | A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. | Virus | The Hacker News |
| 12.3.24 | New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics | Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF | Virus | The Hacker News |
| 11.3.24 | Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT | A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically | Virus | The Hacker News |
| 10.3.24 | Magnet Goblin hackers use 1-day flaws to drop custom Linux malware | A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. | Virus | |
| 9.3.24 | Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware | Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. | Virus | |
| 9.3.24 | New WogRAT malware abuses online notepad service to store malware | A new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code. | Virus | |
| 9.3.24 | New WogRAT malware abuses online notepad service to store malware | Microsoft has unexpectedly announced they are ending support for the Windows Subsystem for Android next year on March 5th. | Virus | BleepingComputer |
| 7.3.24 | Android and Windows RATs Distributed Via Online Meeting Lures | Beginning in December 2023, Zscaler’s ThreatLabz discovered a threat actor creating fraudulent Skype, Google Meet, and Zoom websites to spread malware. | Virus | Zscaler |
| 7.3.24 | Android and Windows RATs Distributed Via Online Meeting Lures | Beginning in December 2023, Zscaler’s ThreatLabz discovered a threat actor creating fraudulent Skype, Google Meet, and Zoom websites to spread malware. | Virus | Zscaler |
| 7.3.24 | New Python-Based Snake Info Stealer Spreading Through Facebook Messages | Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that's designed to capture credentials and | Virus | The Hacker News |
| 7.3.24 | Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware | Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a | Virus | The Hacker News |
| 6.3.24 | Stealthy GTPDOOR Linux malware targets mobile operator networks | Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks. | Virus | |
| 6.3.24 | U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists | The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa | Virus | The Hacker News |
| 6.3.24 | Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware | North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called | Virus | |
| 3.3.24 | CISA warns of Microsoft Streaming bug exploited in malware attacks | CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks. | Virus | |
| 3.3.24 | New Bifrost malware for Linux mimics VMware domain for evasion | A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware. | Virus | |
| 2.3.24 | Japan warns of malicious PyPi packages created by North Korean hackers | Japan's Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware. | Virus | |
| 2.3.24 | Malicious code in Tornado Cash governance proposal puts user funds at risk | Malicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months. | Virus | |
| 1.3.24 | New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion | Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive | Virus | The Hacker News |
| 1.3.24 | GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks | Threat hunters have discovered a new Linux malware called GTPDOOR that's designed to be deployed in telecom networks that are adjacent to | Virus | The Hacker News |
| 1.3.24 | New Backdoor Targeting European Officials Linked to Indian Diplomatic Events | A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic | Virus | The Hacker News |
| 1.3.24 | Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems | The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of | Virus | The Hacker News |
| 29.2.24 | New IDAT loader version uses steganography to push Remcos RAT | A hacking group tracked as 'UAC-0184' was observed utilizing steganographic image files to deliver the Remcos remote access trojan (RAT) onto the systems of a Ukrainian entity operating in Finland | Virus | |
| 29.2.24 | Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware | At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886 , have been attributed to the | Virus | The Hacker News |
| 28.2.24 | Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub | An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it easily accessible to other actors at | Virus | The Hacker News |
| 27.2.24 | New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT | Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos | Virus | The Hacker News |
| 27.2.24 | North Korean Hackers Targeting Developers with Malicious npm Packages | A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings | Virus | The Hacker News |
| 27.2.24 | Banking Trojans Target Latin America and Europe Through Google Cloud Run | Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver | Virus | The Hacker News |
| 24.2.24 | Hackers abuse Google Cloud Run in massive banking trojan campaign | Security researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban. | Virus | |
| 24.2.24 | New SSH-Snake malware steals SSH keys to spread across the network | A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure. | Virus | |
| 24.2.24 | Dormant PyPI Package Compromised to Spread Nova Sentinel Malware | A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer | Virus | The Hacker News |
| 23.2.24 | Microsoft Releases PyRIT - A Red Teaming Tool for Generative AI | Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in | Virus | The Hacker News |
| 22.2.24 | Russian Government Software Backdoored to Deploy Konni RAT Malware | An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote | Virus | The Hacker News |
| 20.2.24 | New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics | Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a | Virus | The Hacker News |
| 18.2.24 | Turla hackers backdoor NGOs with new TinyTurla-NG malware | Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data. | Virus | |
| 18.2.24 | New Qbot malware variant uses fake Adobe installer popup for evasion | The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December. | Virus | |
| 18.2.24 | Ubuntu 'command-not-found' tool can be abused to spread malware | A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. | Virus | |
| 18.2.24 | Hackers used new Windows Defender zero-day to drop DarkMe malware | Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT). | Virus | |
| 17.2.24 | Bumblebee malware attacks are back after 4-month break | The Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns. | Virus | |
| 17.2.24 | FBI seizes Warzone RAT infrastructure, arrests malware vendor | The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation. | Virus | |
| 17.2.24 | Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor | Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. | Virus | |
| 17.2.24 | Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks | A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon | Virus | The Hacker News |
| 16.2.24 | Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor | The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign | Virus | The Hacker News |
| 16.2.24 | Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks | A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, | Virus | The Hacker News |
| 15.2.24 | Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses | The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new | Virus | The Hacker News |
| 15.2.24 | DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability | A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called | Virus | The Hacker News |
| 15.2.24 | Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit | The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface ( UEFI ) bootkit | Virus | The Hacker News |
| 15.2.24 | PikaBot Resurfaces with Streamlined Code and Deceptive Tactics | The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of | Virus | The Hacker News |
| 12.2.24 | U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators | The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) | Virus | The Hacker News |
| 10.2.24 | Raspberry Robin malware evolves with early access to Windows exploits | Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. | Virus | BleepingComputer |
| 9.2.24 | Facebook ads push new Ov3r_Stealer password-stealing malware | A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. | Virus | |
| 9.2.24 | New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack | Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote . "This malware utilizes the | Virus | The Hacker News |
| 9.2.24 | Stealthy Zardoor Backdoor Targets Saudi Islamic Charity Organization | An unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop a | Virus | The Hacker News |
| 8.2.24 | HijackLoader Evolves: Researchers Decode the Latest Evasion Methods | The threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to be | Virus | The Hacker News |
| 6.2.24 | Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials | Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer | Virus | The Hacker News |
| 4.2.24 | PurpleFox malware infects thousands of computers in Ukraine | The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. | Virus | |
3.2.24 | Hackers push USB malware payloads via news, media hosting sites | A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. | Virus | |
3.2.24 | DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain | Virus | The Hacker News |
2.2.24 | HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining | Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world | Virus | The Hacker News |
| 1.2.24 | Ukraine: Hack wiped 2 petabytes of data from Russian research center | The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data. | Virus | |
1.2.24 | Blackwood hackers hijack WPS Office update to install malware | A previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals. | Virus | |
1.2.24 | Russian TrickBot malware dev sentenced to 64 months in prison | Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide. | Virus | |
| 1.2.24 | Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware | A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust- | Virus | The Hacker News |
31.1.24 | Malicious web redirect scripts stealth up to hide on hacked sites | Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms. | Virus | |
31.1.24 | Brazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top Operatives | A Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil | Virus | The Hacker News |
31.1.24 | New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility | Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure was | Virus | The Hacker News |
29.1.24 | Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines | Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information | Virus | The Hacker News |
27.1.24 | AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks | Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access | Virus | The Hacker News |
26.1.24 | Malicious Ads on Google Target Chinese Users with Fake Messaging Apps | Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising | Virus | The Hacker News |
26.1.24 | SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks | Cybersecurity researchers have shed light on the command-and-control (C2) server workings of a known malware family called SystemBC . "SystemBC can | Virus | The Hacker News |
26.1.24 | LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks | Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks. The findings | Virus | The Hacker News |
25.1.24 | New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits | A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised | Virus | The Hacker News |
23.1.24 | Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub | Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from | Virus | The Hacker News |
23.1.24 | North Korean Hackers Weaponize Research Lures to Deliver RokRAT Backdoor | Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known | Virus | The Hacker News |
22.1.24 | NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers | Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from | Virus | The Hacker News |
20.1.24 | Microsoft: Iranian hackers target researchers with new MediaPl malware | Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. | Virus | |
19.1.24 | Npm Trojan Bypasses UAC, Installs AnyDesk with "Oscompatible" Package | A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The | Virus | The Hacker News |
19.1.24 | New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic | Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the | Virus | The Hacker News |
17.1.24 | Remcos RAT Spreading Through Adult Games in New Attack Wave | The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South | Virus | The Hacker News |
15.1.24 | Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability | Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector . First | Virus | The Hacker News |
12.1.24 | New Balada Injector campaign infects 6,700 WordPress sites | A new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign. | Virus | |
12.1.24 | Threat Actors Increasingly Abusing GitHub for Malicious Purposes | The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads | Virus | The Hacker News |
10.1.24 | Alert: Water Curupira Hackers Actively Distributing PikaBot Loader Malware | A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. "PikaBot's | Virus | The Hacker News |
9.1.24 | Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months | A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains. | Virus | |
9.1.24 | Google: Malware abusing API is standard token theft, not an API issue | Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. | Virus | |
9.1.24 | Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer | Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information | Virus | The Hacker News |
9.1.24 | Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals | Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that's equipped to bypass | Virus | The Hacker News |
6.1.24 | 'everything' blocks devs from removing their own npm packages | Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it impossible for all npm authors to unpublish their packages from the registry. | Virus | |
5.1.24 | New Bandook RAT Variant Resurfaces, Targeting Windows Machines | A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows | Virus | The Hacker News |
5.1.24 | Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners | Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a | Virus | The Hacker News |
5.1.24 | UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT | The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from | Virus | The Hacker News |
3.1.24 | Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset | Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user.. | Virus | |
1.1.24 | New JinxLoader Targeting Users with Formbook and XLoader Malware | A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor.. | Virus | The Hacker News |