Virus List - H 2023 2021 2020 2019 2018 2017
DATE | NAME | Info | CATEG. | WEB |
21.12.24 | Thousands Download Malicious npm Libraries Impersonating Legitimate Tools | Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up | Virus | |
18.12.24 | Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware | A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate . "An attacker used | Virus | |
28.10.24 | BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers | Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked | Virus | |
27.10.24 | New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection | New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud | Virus | |
27.10.24 | Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies | Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have | Virus | The Hacker News |
27.10.24 | Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor | Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest | ||
27.10.24 | Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign | Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver | ||
26.10.24 | North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware | The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows | Virus | The Hacker News |
26.10.24 | Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack | A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by | Virus | The Hacker News |
26.10.24 | TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns | New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's | Virus | The Hacker News |
26.10.24 | New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT | Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a | Virus | The Hacker News |
26.10.24 | New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists | North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of | Virus | The Hacker News |
15.9.24 | Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates | Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate | Virus | The Hacker News |
28.9.24 | New RomCom malware variant 'SnipBot' spotted in data theft attacks | A new variant of the RomCom malware called SnipBot, has been used in attacks that pivot on the network to steal data from compromised systems. | Virus | |
26.9.24 | Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware | As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest | Virus | The Hacker News |
26.9.24 | Infostealer malware bypasses Chrome’s new cookie-theft defenses | Infostealer malware developers released updates claiming to bypass Google Chrome's recently introduced feature App-Bound Encryption to protect sensitive data such as cookies. | Virus | |
25.9.24 | Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware | Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of | Virus | The Hacker News |
25.9.24 | Necro Android Malware Found in Popular Camera and Browser Apps on Play Store | Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of | Virus | The Hacker News |
24.9.24 | New Octo Android malware version impersonates NordVPN, Google Chrome | A new version of the Octo Android malware, named "Octo2," has been seen spreading across Europe under the guise of NordVPN, Google Chrome, and an app called Europe Enterprise. | Virus | |
24.9.24 | Android malware 'Necro' infects 11 million devices via Google Play | A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks. | Virus | |
24.9.24 | New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities | Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved | Virus | The Hacker News |
23.9.24 | New PondRAT Malware Hidden in Python Packages Targets Software Developers | Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called | Virus | The Hacker News |
23.9.24 | Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware | A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other | Virus | The Hacker News |
22.9.24 | Global infostealer malware operation targets crypto users, gamers | A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named "Marko Polo." | Virus | |
21.9.24 | Clever 'GitHub Scanner' campaign abusing repos to push malware | A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. | Virus | |
19.9.24 | New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails | A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a | Virus | The Hacker News |
15.9.24 | Malware locks browser in kiosk mode to steal Google credentials | A malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. | Virus | |
15.9.24 | New Linux malware Hadooken targets Oracle WebLogic servers | Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named "Hadooken," which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks | Virus | |
15.9.24 | New Vo1d malware infects 1.3 million Android streaming boxes | Threat actors have infected over 1.3 million TV streaming boxes running Android with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices. | Virus | |
13.9.24 | TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud | Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new | Virus | The Hacker News |
12.9.24 | New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram | Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at | Virus | The Hacker News |
12.9.24 | Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide | Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 | Virus | The Hacker News |
9.9.24 | Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT | The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized | Virus | The Hacker News |
9.9.24 | New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys | Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat | Virus | The Hacker News |
8.9.24 | Cisco warns of backdoor admin account in Smart Licensing Utility | Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. | Virus | |
7.9.24 | GitHub comments abused to push password stealing malware masked as fixes | GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. | Virus | |
5.9.24 | Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore | Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco | Virus | The Hacker News |
5.9.24 | New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm | The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber | Virus | The Hacker News |
5.9.24 | Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw | Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has | Virus | The Hacker News |
4.9.24 | Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers | A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to | Virus | The Hacker News |
4.9.24 | Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack | A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader | Virus | The Hacker News |
4.9.24 | Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users | Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This | Virus | The Hacker News |
4.9.24 | Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers' Systems | Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again | Virus | The Hacker News |
1.9.24 | GitHub comments abused to spread Lumma Stealer malware as fake fixes | GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. | Virus | |
1.9.24 | Docker-OSX image used for security research hit by Apple DMCA takedown | The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright. | Virus | |
1.9.24 | New Voldemort malware abuses Google Sheets to store stolen data | A campaign that started on August 5, 2024, is spreading a previously undocumented malware named "Voldemort" to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia. | Virus | |
1.9.24 | Fake Palo Alto GlobalProtect used as lure to backdoor enterprises | Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further. | Virus | |
31.8.24 | Malware exploits 5-year-old zero-day to infect end-of-life IP cameras | The Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which have been discontinued for years and will not receive a patch. | Virus | |
31.8.24 | PoorTry Windows driver evolves into a full-featured EDR wiper | The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for the operation of security solutions and making restoration harder. | Virus | |
31.8.24 | Malware infiltrates Pidgin messenger’s official plugin repository | The Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware commonly used to gain initial access to corporate networks. | Virus | |
30.8.24 | New Malware Masquerades as Palo Alto VPN Targeting Middle East Users | Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that | Virus | The Hacker News |
28.8.24 | macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users | Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ | Virus | The Hacker News |
27.8.24 | Microsoft: Exchange Online mistakenly tags emails as malware | Microsoft is investigating an Exchange Online false positive issue causing emails containing images to be wrongly tagged as malicious and sent to quarantine. | Virus | |
26.8.24 | New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards | Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit | Virus | The Hacker News |
25.8.24 | Stealthy 'sedexp' Linux malware evaded detection for two years | A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework. | Virus | |
24.8.24 | New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules | Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to | Virus | The Hacker News |
24.8.24 | New NGate Android malware uses NFC chip to steal credit card data | A new Android malware named NGate can steal money from payment cards by relaying to an attacker's device the data read by the near-field communication (NFC) chip. | Virus | |
24.8.24 | New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads | Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with | Virus | The Hacker News |
23.8.24 | New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data | Cybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide | Virus | The Hacker News |
23.8.24 | Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide | Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that | Virus | The Hacker News |
22.8.24 | New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining | Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute- | Virus | The Hacker News |
21.8.24 | North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign | A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity | Virus | The Hacker News |
21.8.24 | Styx Stealer Creator's OPSEC Fail Leaks Client List and Profit Details | In what's a case of an operational security (OPSEC) lapse, the operator behind a new information stealer called Styx Stealer leaked | Virus | The Hacker News |
21.8.24 | New macOS Malware TodoSwift Linked to North Korean Hacking Groups | Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with | Virus | The Hacker News |
21.8.24 | Czech Mobile Users Targeted in New Banking Credential Theft Scheme | Mobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application (PWA) in an | Virus | The Hacker News |
21.8.24 | Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America | Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in | Virus | The Hacker News |
20.8.24 | New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia | A new type of malware called UULoader is being used by threat actors to deliver next-stage payloads like Gh0st RAT and Mimikatz . | Virus | The Hacker News |
16.8.24 | Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics | Chinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT. "ValleyRAT is a multi-stage | Virus | The Hacker News |
16.8.24 | New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems | Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed | Virus | The Hacker News |
16.8.24 | Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs | An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser's executables to hijack homepages and steal browsing history. | Virus | |
11.8.24 | New CMoon USB worm targets Russians in data theft attacks | A new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website | Virus | |
11.8.24 | New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions | An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a | Virus | The Hacker News |
9.8.24 | New LianSpy malware hides by blocking Android security feature | A previously undocumented Android malware named 'LianSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. | Virus | |
7.8.24 | New Go-based Backdoor GoGra Targets South Asian Media Organization | An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based | Virus | The Hacker News |
7.8.24 | Chameleon Android Banking Trojan Targets Users Through Fake CRM App | Cybersecurity researchers have lifted the lid on a new technique adopted by threat actors behind the Chameleon Android banking | Virus | The Hacker News |
6.8.24 | New Android Spyware LianSpy Evades Detection Using Yandex Cloud | Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least | Virus | The Hacker News |
5.8.24 | New Android Trojan "BlankBot" Targets Turkish Users' Financial Data | Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to steal | Virus | The Hacker News |
4.8.24 | StackExchange abused to spread malicious PyPi packages as answers | Threat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platform. | Virus | |
4.8.24 | Hackers abuse free TryCloudflare to deliver remote access malware | Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs). | Virus | |
4.8.24 | Google ads push fake Google Authenticator site installing malware | Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware. | Virus | |
4.8.24 | New Android malware wipes your device after draining bank accounts | A new Android malware that researchers call 'BingoMod' can wipe devices after successfully stealing money from the victims' bank accounts using the on-device fraud technique. | Virus | |
3.8.24 | Massive SMS stealer campaign infects Android devices in 113 countries | A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords (OTPs) for over 600 services. | Virus | |
3.8.24 | Google Chrome adds app-bound encryption to block infostealer malware | Google Chrome has added app-bound encryption for better cookie protection on Windows systems and improved defenses against information-stealing malware attacks. | Virus | |
3.8.24 | Android spyware 'Mandrake' hidden in apps on Google Play since 2022 | A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. | Virus | |
2.8.24 | New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication | Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature | Virus | The Hacker News |
2.8.24 | Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware | Cybersecurity companies are warning about an uptick in the abuse of Clouflare's TryCloudflare free service for malware delivery. The | Virus | The Hacker News |
1.8.24 | Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform | In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light | Virus | The Hacker News |
1.8.24 | New Android Banking Trojan BingoMod Steals Money, Wipes Devices | Cybersecurity researchers have uncovered a new Android remote access trojan (RAT) called BingoMod that not only performs | Virus | The Hacker News |
1.8.24 | Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware | Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to | Virus | The Hacker News |
1.8.24 | Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware | Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and | Virus | The Hacker News |
1.8.24 | Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes | A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least | Virus | The Hacker News |
31.7.24 | New Mandrake Spyware Found in Google Play Store Apps After Two Years | A new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for | Virus | The Hacker News |
31.7.24 | Cybercriminals Target Polish Businesses with Agent Tesla and Formbook Malware | Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses (SMBs) in | Virus | The Hacker News |
29.7.24 | 'Stargazer Goblin' Creates 3,000 Fake GitHub Accounts for Malware Spread | A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service | Virus | The Hacker News |
29.7.24 | Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site | The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part | Virus | The Hacker News |
28.7.24 | PKfail Secure Boot bypass lets attackers install UEFI malware | Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. | Virus | |
27.7.24 | French police push PlugX malware self-destruct payload to clean PCs | The French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France. | Virus | |
27.7.24 | Over 3,000 GitHub accounts used by malware distribution service | Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. | Virus | |
27.7.24 | KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack | American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices. | Virus | |
27.7.24 | Hamster Kombat’s 250 million players targeted in malware attacks | Hamster Kombat’s 250 million players targeted in malware attacks | Virus | |
27.7.24 | Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials | Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple | Virus | The Hacker News |
26.7.24 | FrostyGoop malware attack cut off heat in Ukraine during winter | Russian-linked malware was used in a January 2024 cyberattack to cut off the heating of over 600 apartment buildings in Lviv, Ukraine, for two days during sub-zero temperatures. | Virus | |
26.7.24 | Fake CrowdStrike repair manual pushes new infostealer malware | CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. | Virus | |
26.7.24 | New Chrome Feature Scans Password-Protected Files for Malicious Content | Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web | Virus | The Hacker News |
23.7.24 | PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing | A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud | Virus | The Hacker News |
23.7.24 | SocGholish Malware Exploits BOINC Project for Covert Cyberattacks | The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called | Virus | The Hacker News |
22.7.24 | Fake CrowdStrike fixes target companies with malware, data wipers | Threat actors are exploiting the massive business disruption from CrowdStrike's glitchy update on Friday to target companies with data wipers and remote access tools. | Virus | |
21.7.24 | Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware | Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows | Virus | The Hacker News |
20.7.24 | Revolver Rabbit gang registers 500,000 domains for malware campaigns | A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems. | Virus | |
19.7.24 | Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware | A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed | Virus | The Hacker News |
18.7.24 | Alert: HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver | Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily | Virus | |
18.7.24 | New BugSleep malware implant deployed in MuddyWater attacks | The Iranian-backed MuddyWater hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems. | Virus | |
16.7.24 | 'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins | Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a | Virus | |
16.7.24 | Malicious npm Packages Found Using Image Files to Hide Backdoor Code | Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute | Virus | The Hacker News |
15.7.24 | Facebook ads for Windows desktop themes push info-stealing malware | Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. | Virus | |
15.7.24 | 10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit | Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting, | Virus | The Hacker News |
13.7.24 | ViperSoftX malware covertly runs PowerShell using AutoIT scripting | The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection. | Virus | |
13.7.24 | Windows MSHTML zero-day used in malware attacks for over a year | Microsoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features. | Virus | |
13.7.24 | DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign | Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the | Virus | |
12.7.24 | 60 New Malicious Packages Uncovered in NuGet Supply Chain Attack | Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an | ||
11.7.24 | New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign | Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called | Virus | |
10.7.24 | ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks | The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the | Virus | |
9.7.24 | GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel | Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data- | Virus | The Hacker News |
9.7.24 | Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories | Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be | Virus | The Hacker News |
8.7.24 | Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites | An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of | Virus | The Hacker News |
8.7.24 | Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries | Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according to | Virus | The Hacker News |
6.7.24 | Hackers attack HFS servers to drop malware and Monero miners | Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software. | Virus | |
5.7.24 | Infostealer malware logs used to identify child abuse website members | Thousands of pedophiles who download and share child sexual abuse material (CSAM) were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations. | Virus | |
5.7.24 | GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks | The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised | Virus | The Hacker News |
4.7.24 | Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool | Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool | Virus | The Hacker News |
3.7.24 | FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks | The loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using the | Virus | The Hacker News |
3.7.24 | South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware | An unnamed South Korean enterprise resource planning (ERP) vendor's product update server has been found to be compromised | Virus | The Hacker News |
1.7.24 | CapraRAT Spyware Disguised as Popular Apps Threatens Android Users | The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering | Virus | The Hacker News |
1.7.24 | Indian Software Firm's Products Hacked to Spread Data-Stealing Malware | Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to | Virus | The Hacker News |
30.6.24 | New Unfurling Hemlock threat actor floods systems with malware | A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files. | Virus | |
29.6.24 | Snowblind malware abuses Android security feature to bypass security | A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data. | Virus | |
28.6.24 | New Medusa malware variants target Android users in seven countries | The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey. | Virus | |
27.6.24 | New Medusa Android Trojan Targets Banking Users Across 7 Countries | Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target | Virus | The Hacker News |
25.6.24 | New Cyberthreat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks | A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a | Virus | The Hacker News |
25.6.24 | Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts | Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected | Virus | The Hacker News |
25.6.24 | Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices | Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called | Virus | The Hacker News |
23.6.24 | Warning: New Adware Campaign Targets Meta Quest App Seekers | A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new | Virus | The Hacker News |
23.6.24 | Oyster Backdoor Spreading via Trojanized Popular Software Downloads | A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to | Virus | The Hacker News |
20.6.24 | New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration | A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with | Virus | The Hacker News |
20.6.24 | Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations | Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns | Virus | The Hacker News |
19.6.24 | Fake Google Chrome errors trick you into running malicious PowerShell scripts | A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware. | Virus | |
18.6.24 | Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer | Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called | Virus | The Hacker News |
17.6.24 | NiceRAT Malware Targets South Korean Users via Cracked Software | Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which | Virus | The Hacker News |
16.6.24 | New Linux malware is controlled through emojis sent from Discord | A newly discovered Linux malware dubbed 'DISGOMOJI' uses the novel approach of utilizing emojis to execute commands on infected devices in attacks on government agencies in India. | Virus | |
15.6.24 | Phishing emails abuse Windows search protocol to push malicious scripts | A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. | Virus | |
15.6.24 | Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan | Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond | Virus | The Hacker News |
14.6.24 | Warmcookie Windows backdoor pushed via fake job offers | A Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks. | Virus | |
13.6.24 | Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware | The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to | Virus | The Hacker News |
13.6.24 | Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS | Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least | Virus | The Hacker News |
13.6.24 | Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware | The nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, | Virus | The Hacker News |
13.6.24 | Gitloker attacks abuse GitHub notifications to push malicious OAuth apps | Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos. | Virus | |
13.6.24 | Malicious VSCode extensions with millions of installs discovered | A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. | Virus | BleepingComputer |
13.6.24 | New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems | A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors | Virus | The Hacker News |
12.6.24 | China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics | Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new | Virus | The Hacker News |
10.6.24 | Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus | Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks | Virus | The Hacker News |
8.6.24 | LightSpy Spyware's macOS Variant Found with Advanced Surveillance Capabilities | Cybersecurity researchers have disclosed that the LightSpy spyware recently identified as targeting Apple iOS users is in fact a previously | Virus | The Hacker News |
7.6.24 | SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with | Virus | |
5.6.24 | Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine | A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike | Virus | The Hacker News |
5.6.24 | DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks | Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey | Virus | The Hacker News |
5.6.24 | Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users | Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to | Virus | The Hacker News |
3.6.24 | Andariel Hackers Target South Korean Institutes with New Dora RAT Malware | The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its | Virus | The Hacker News |
3.6.24 | Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware | Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and | Virus | The Hacker News |
1.6.24 | Pirated Microsoft Office delivers malware cocktail on systems | Cybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites. | Virus | |
29.5.24 | Brazilian Banks Targeted by New AllaKore RAT Variant Called AllaSenha | Brazilian banking institutions are the target of a new campaign that distributes a custom variant of the Windows-based AllaKore | Virus | The Hacker News |
25.5.24 | Stealers, stealers and more stealers | Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers, and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid (a new stealer), ScarletStealer (another new stealer) and Sys01, which had been updated quite a bit since the previous public analysis. | Virus | Securelist |
25.5.24 | GhostEngine mining attacks kill EDR security using vulnerable drivers | A malicious crypto mining campaign codenamed 'REF4578,' has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner. | Virus | |
24.5.24 | JAVS Courtroom Recording Software Backdoored - Deploys RustDoor Malware | Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV | Virus | The Hacker News |
24.5.24 | Stealthy BLOODALCHEMY Malware Targeting ASEAN Government Networks | Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government | Virus | The Hacker News |
23.5.24 | New BiBi Wiper version also destroys the disk partition table | A new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims. | Virus | |
22.5.24 | Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users | A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google | Virus | The Hacker News |
22.5.24 | SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure | The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to | Virus | The Hacker News |
20.5.24 | Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide | The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 | Virus | The Hacker News |
19.5.24 | Banking malware Grandoreiro returns after police disruption | The banking trojan "Grandoreiro" is spreading in a large-scale phishing campaign in over 60 countries, targeting customer accounts of roughly 1,500 banks. | Virus | |
18.5.24 | PyPi package backdoors Macs using the Sliver pen-testing suite | A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. | Virus | |
18.5.24 | China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT | Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked | Virus | The Hacker News |
14.5.24 | Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo | Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests | Virus | The Hacker News |
10.5.24 | Malicious Android Apps Pose as Google, Instagram, WhatsApp, to Steal Credentials | Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed | ||
8.5.24 | Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version | A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis | Virus | The Hacker News |
5.5.24 | New Cuttlefish malware infects routers to monitor traffic for credentials | A new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information. | Virus | |
5.5.24 | New Latrodectus malware attacks use Microsoft, Cloudflare themes | Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. | Virus | |
4.5.24 | Fake job interviews target developers with new Python backdoor | A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). | Virus | |
4.5.24 | Researchers sinkhole PlugX malware server with 2.5 million unique IPs | Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. | Virus | |
3.5.24 | Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications | Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of | Virus | The Hacker News |
2.5.24 | New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials | A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily | Virus | The Hacker News |
1.5.24 | ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan | The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan | Virus | The Hacker News |
30.4.24 | Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 | Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to | Virus | The Hacker News |
30.4.24 | Bogus npm Packages Used to Trick Software Developers into Installing Malware | An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job | Virus | The Hacker News |
27.4.24 | CoralRaider attacks use CDN cache to push info-stealer malware | A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. | Virus | |
27.4.24 | US imposes visa bans on 13 spyware makers and their families | The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February. | Virus | BleepingComputer |
26.4.24 | North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures | The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new | Virus | The Hacker News |
25.4.24 | eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners | A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors | Virus | The Hacker News |
24.4.24 | Hackers hijack antivirus updates to drop GuptiMiner malware | North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. | Virus | |
24.4.24 | GitLab affected by GitHub-style CDN flaw allowing malware hosting | BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion. | Virus | |
24.4.24 | CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers | A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot , LummaC2 , and | Virus | The Hacker News |
22.4.24 | GitHub comments abused to push malware via Microsoft repo URLs | A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy. | Virus | BleepingComputer |
22.4.24 | New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth | A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs | Virus | The Hacker News |
19.4.24 | Fake cheat lures gamers into spreading infostealer malware | A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too. | Virus | |
19.4.24 | Google ad impersonates Whales Market to push wallet drainer malware | A legitimate-looking Google Search advertisement for the crypto trading platform 'Whales Market' redirects visitors to a wallet-draining phishing site that steals all of your assets. | Virus | |
19.4.24 | Hackers Target Middle East Governments with Evasive "CR4T" Backdoor | Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor | Virus | The Hacker News |
19.4.24 | OfflRouter Malware Evades Detection in Ukraine for Almost a Decade | Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its | Virus | The Hacker News |
18.4.24 | DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware | New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go. | Virus | Securelist |
18.4.24 | SoumniBot: the new Android banker’s unique techniques | The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. | Virus | Securelist |
18.4.24 | Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor | A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a | Virus | The Hacker News |
16.4.24 | TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks | The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range | Virus | The Hacker News |
16.4.24 | Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown | Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a | Virus | The Hacker News |
14.4.24 | Firebird RAT creator and seller arrested in the U.S. and Australia | A joint police operation between the Australian Federal Police (AFP) and the FBI has led to the arrest and charging of two individuals who are believed to be behind the development and distribution of the "Firebird" remote access trojan (RAT), later rebranded as "Hive." | Virus | |
13.4.24 | Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack | Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March | Virus | The Hacker News |
13.4.24 | Malicious Visual Studio projects on GitHub push Keyzetsu malware | Threat actors are abusing GitHub automation features and malicious Visual Studio projects to push a new variant of the "Keyzetsu" clipboard-hijacking malware and steal cryptocurrency payments. | Virus | |
13.4.24 | XZ backdoor story – Initial analysis | a single message on the Openwall OSS-security mailing list marked an important discovery for the information security, open source and Linux communities: the discovery of a malicious backdoor in XZ. XZ is a compression utility integrated into many popular distributions of Linux. | Virus | Securelist |
13.4.24 | Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files | "Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys , new findings from | Virus | The Hacker News |
11.4.24 | Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files | Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that propagates the malware through malicious | Virus | The Hacker News |
9.4.24 | Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing | Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a | Virus | The Hacker News |
8.4.24 | Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox | Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns | Virus | The Hacker News |
7.4.24 | Over 92,000 exposed D-Link NAS devices have a backdoor account | A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models. | Virus | |
7.4.24 | New Latrodectus malware replaces IcedID in network breaches | A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023. | Virus | |
7.4.24 | Visa warns of new JSOutProx malware variant targeting financial orgs | Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers. | Virus | |
6.4.24 | The Biggest Takeaways from Recent Malware Attacks | Recent high-profile malware attacks teach us lessons on limiting malware risks at organizations. Learn more from Blink Ops about what these attacks taught us. | Virus | |
5.4.24 | From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware | Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan . The | Virus | The Hacker News |
5.4.24 | New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA | Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an | Virus | The Hacker News |
4.4.24 | New XZ backdoor scanner detects implant in any Linux binary | Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. | Virus | |
4.4.24 | DinodasRAT malware targets Linux servers in espionage campaign | Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022. | Virus | |
3.4.24 | Mispadu Trojan Targets Europe, Thousands of Credentials Compromised | The banking trojan known as Mispadu has expanded its focus beyond Latin America (LATAM) and Spanish-speaking individuals to | Virus | The Hacker News |
2.4.24 | Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution | The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also | Virus | The Hacker News |
2.4.24 | Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors | The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in | Virus | The Hacker News |
1.4.24 | Detecting Windows-based Malware Through Better Visibility | Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These | Virus | The Hacker News |
31.3.24 | Vultur banking malware for Android poses as McAfee Security app | Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism. | Virus | |
31.3.24 | Activision: Enable 2FA to secure accounts recently stolen by malware | An infostealer malware campaign has reportedly collected millions of logins from users of various gaming websites, including players that use cheats, pay-to-cheat services. | Virus | |
31.3.24 | Red Hat warns of backdoor in XZ tools used by most Linux distros | Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries. | Virus | |
31.3.24 | PyPI suspends new user registration to block malware campaign | The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. | Virus | |
31.3.24 | Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware | Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting | Virus | The Hacker News |
30.3.24 | Google: Spyware vendors behind 50% of zero-days exploited in 2023 | Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients. | Virus | |
30.3.24 | Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros | RedHat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils | Virus | The Hacker News |
29.3.24 | Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries | A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and | Virus | The Hacker News |
27.3.24 | TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service | A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office (SOHO) routers and IoT devices in 88 countries. | Virus | |
27.3.24 | Over 100 US and EU orgs targeted in StrelaStealer malware attacks | A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials. | Virus | BleepingComputer |
23.3.24 | Evasive Sign1 malware campaign infects 39,000 WordPress sites | A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads. | Virus | |
23.3.24 | Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties | The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been | Virus | The Hacker News |
22.3.24 | New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. | Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as | Virus | The Hacker News |
22.3.24 | Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware | The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from | Virus | The Hacker News |
21.3.24 | New AcidPour data wiper targets Linux x86 network devices | A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices. | Virus | |
21.3.24 | Over 800 npm Packages Found with Discrepancies, 18 Exploitable to 'Manifest Confusion' | New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been | Virus | The Hacker News |
21.3.24 | AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials | Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive | Virus | The Hacker News |
20.3.24 | New BunnyLoader Malware Variant Surfaces with Modular Attack Features | Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various | Virus | The Hacker News |
19.3.24 | From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks | Large language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of | Virus | The Hacker News |
19.3.24 | Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices | A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The | Virus | The Hacker News |
19.3.24 | New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics | A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive | Virus | The Hacker News |
18.3.24 | Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites | Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a | Virus | The Hacker News |
17.3.24 | Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer | Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer | Virus | The Hacker News |
16.3.24 | Hackers exploit Windows SmartScreen flaw to drop DarkGate malware | A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. | Virus | |
15.3.24 | Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers | Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and | Virus | The Hacker News |
14.3.24 | Ande Loader Malware Targets Manufacturing Sector in North America | The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like | Virus | The Hacker News |
13.3.24 | PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users | The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest | Virus | The Hacker News |
13.3.24 | Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub | A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java- | Virus | The Hacker News |
12.3.24 | Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites | A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. | Virus | The Hacker News |
12.3.24 | New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics | Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF | Virus | The Hacker News |
11.3.24 | Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT | A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically | Virus | The Hacker News |
10.3.24 | Magnet Goblin hackers use 1-day flaws to drop custom Linux malware | A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. | Virus | |
9.3.24 | Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware | Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. | Virus | |
9.3.24 | New WogRAT malware abuses online notepad service to store malware | A new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code. | Virus | |
9.3.24 | New WogRAT malware abuses online notepad service to store malware | Microsoft has unexpectedly announced they are ending support for the Windows Subsystem for Android next year on March 5th. | Virus | BleepingComputer |
7.3.24 | Android and Windows RATs Distributed Via Online Meeting Lures | Beginning in December 2023, Zscaler’s ThreatLabz discovered a threat actor creating fraudulent Skype, Google Meet, and Zoom websites to spread malware. | Virus | Zscaler |
7.3.24 | Android and Windows RATs Distributed Via Online Meeting Lures | Beginning in December 2023, Zscaler’s ThreatLabz discovered a threat actor creating fraudulent Skype, Google Meet, and Zoom websites to spread malware. | Virus | Zscaler |
7.3.24 | New Python-Based Snake Info Stealer Spreading Through Facebook Messages | Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that's designed to capture credentials and | Virus | The Hacker News |
7.3.24 | Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware | Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a | Virus | The Hacker News |
6.3.24 | Stealthy GTPDOOR Linux malware targets mobile operator networks | Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks. | Virus | |
6.3.24 | U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists | The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa | Virus | The Hacker News |
6.3.24 | Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware | North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called | Virus | |
3.3.24 | CISA warns of Microsoft Streaming bug exploited in malware attacks | CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks. | Virus | |
3.3.24 | New Bifrost malware for Linux mimics VMware domain for evasion | A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware. | Virus | |
2.3.24 | Japan warns of malicious PyPi packages created by North Korean hackers | Japan's Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware. | Virus | |
2.3.24 | Malicious code in Tornado Cash governance proposal puts user funds at risk | Malicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months. | Virus | |
1.3.24 | New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion | Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive | Virus | The Hacker News |
1.3.24 | GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks | Threat hunters have discovered a new Linux malware called GTPDOOR that's designed to be deployed in telecom networks that are adjacent to | Virus | The Hacker News |
1.3.24 | New Backdoor Targeting European Officials Linked to Indian Diplomatic Events | A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic | Virus | The Hacker News |
1.3.24 | Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems | The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of | Virus | The Hacker News |
29.2.24 | New IDAT loader version uses steganography to push Remcos RAT | A hacking group tracked as 'UAC-0184' was observed utilizing steganographic image files to deliver the Remcos remote access trojan (RAT) onto the systems of a Ukrainian entity operating in Finland | Virus | |
29.2.24 | Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware | At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886 , have been attributed to the | Virus | The Hacker News |
28.2.24 | Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub | An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it easily accessible to other actors at | Virus | The Hacker News |
27.2.24 | New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT | Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos | Virus | The Hacker News |
27.2.24 | North Korean Hackers Targeting Developers with Malicious npm Packages | A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings | Virus | The Hacker News |
27.2.24 | Banking Trojans Target Latin America and Europe Through Google Cloud Run | Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver | Virus | The Hacker News |
24.2.24 | Hackers abuse Google Cloud Run in massive banking trojan campaign | Security researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban. | Virus | |
24.2.24 | New SSH-Snake malware steals SSH keys to spread across the network | A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure. | Virus | |
24.2.24 | Dormant PyPI Package Compromised to Spread Nova Sentinel Malware | A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer | Virus | The Hacker News |
23.2.24 | Microsoft Releases PyRIT - A Red Teaming Tool for Generative AI | Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in | Virus | The Hacker News |
22.2.24 | Russian Government Software Backdoored to Deploy Konni RAT Malware | An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote | Virus | The Hacker News |
20.2.24 | New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics | Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a | Virus | The Hacker News |
18.2.24 | Turla hackers backdoor NGOs with new TinyTurla-NG malware | Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data. | Virus | |
18.2.24 | New Qbot malware variant uses fake Adobe installer popup for evasion | The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December. | Virus | |
18.2.24 | Ubuntu 'command-not-found' tool can be abused to spread malware | A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. | Virus | |
18.2.24 | Hackers used new Windows Defender zero-day to drop DarkMe malware | Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT). | Virus | |
17.2.24 | Bumblebee malware attacks are back after 4-month break | The Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns. | Virus | |
17.2.24 | FBI seizes Warzone RAT infrastructure, arrests malware vendor | The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation. | Virus | |
17.2.24 | Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor | Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. | Virus | |
17.2.24 | Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks | A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon | Virus | The Hacker News |
16.2.24 | Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor | The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign | Virus | The Hacker News |
16.2.24 | Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks | A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, | Virus | The Hacker News |
15.2.24 | Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses | The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new | Virus | The Hacker News |
15.2.24 | DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability | A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called | Virus | The Hacker News |
15.2.24 | Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit | The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface ( UEFI ) bootkit | Virus | The Hacker News |
15.2.24 | PikaBot Resurfaces with Streamlined Code and Deceptive Tactics | The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of | Virus | The Hacker News |
12.2.24 | U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators | The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) | Virus | The Hacker News |
10.2.24 | Raspberry Robin malware evolves with early access to Windows exploits | Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. | Virus | BleepingComputer |
9.2.24 | Facebook ads push new Ov3r_Stealer password-stealing malware | A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. | Virus | |
9.2.24 | New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack | Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote . "This malware utilizes the | Virus | The Hacker News |
9.2.24 | Stealthy Zardoor Backdoor Targets Saudi Islamic Charity Organization | An unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop a | Virus | The Hacker News |
8.2.24 | HijackLoader Evolves: Researchers Decode the Latest Evasion Methods | The threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to be | Virus | The Hacker News |
6.2.24 | Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials | Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer | Virus | The Hacker News |
4.2.24 | PurpleFox malware infects thousands of computers in Ukraine | The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. | Virus | |
3.2.24 | Hackers push USB malware payloads via news, media hosting sites | A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. | Virus | |
3.2.24 | DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain | Virus | The Hacker News |
2.2.24 | HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining | Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world | Virus | The Hacker News |
1.2.24 | Ukraine: Hack wiped 2 petabytes of data from Russian research center | The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data. | Virus | |
1.2.24 | Blackwood hackers hijack WPS Office update to install malware | A previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals. | Virus | |
1.2.24 | Russian TrickBot malware dev sentenced to 64 months in prison | Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide. | Virus | |
1.2.24 | Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware | A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust- | Virus | The Hacker News |
31.1.24 | Malicious web redirect scripts stealth up to hide on hacked sites | Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms. | Virus | |
31.1.24 | Brazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top Operatives | A Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil | Virus | The Hacker News |
31.1.24 | New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility | Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure was | Virus | The Hacker News |
29.1.24 | Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines | Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information | Virus | The Hacker News |
27.1.24 | AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks | Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access | Virus | The Hacker News |
26.1.24 | Malicious Ads on Google Target Chinese Users with Fake Messaging Apps | Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising | Virus | The Hacker News |
26.1.24 | SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks | Cybersecurity researchers have shed light on the command-and-control (C2) server workings of a known malware family called SystemBC . "SystemBC can | Virus | The Hacker News |
26.1.24 | LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks | Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks. The findings | Virus | The Hacker News |
25.1.24 | New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits | A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised | Virus | The Hacker News |
23.1.24 | Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub | Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from | Virus | The Hacker News |
23.1.24 | North Korean Hackers Weaponize Research Lures to Deliver RokRAT Backdoor | Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known | Virus | The Hacker News |
22.1.24 | NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers | Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from | Virus | The Hacker News |
20.1.24 | Microsoft: Iranian hackers target researchers with new MediaPl malware | Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. | Virus | |
19.1.24 | Npm Trojan Bypasses UAC, Installs AnyDesk with "Oscompatible" Package | A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The | Virus | The Hacker News |
19.1.24 | New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic | Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the | Virus | The Hacker News |
17.1.24 | Remcos RAT Spreading Through Adult Games in New Attack Wave | The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South | Virus | The Hacker News |
15.1.24 | Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability | Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector . First | Virus | The Hacker News |
12.1.24 | New Balada Injector campaign infects 6,700 WordPress sites | A new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign. | Virus | |
12.1.24 | Threat Actors Increasingly Abusing GitHub for Malicious Purposes | The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads | Virus | The Hacker News |
10.1.24 | Alert: Water Curupira Hackers Actively Distributing PikaBot Loader Malware | A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. "PikaBot's | Virus | The Hacker News |
9.1.24 | Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months | A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains. | Virus | |
9.1.24 | Google: Malware abusing API is standard token theft, not an API issue | Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. | Virus | |
9.1.24 | Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer | Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information | Virus | The Hacker News |
9.1.24 | Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals | Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that's equipped to bypass | Virus | The Hacker News |
6.1.24 | 'everything' blocks devs from removing their own npm packages | Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it impossible for all npm authors to unpublish their packages from the registry. | Virus | |
5.1.24 | New Bandook RAT Variant Resurfaces, Targeting Windows Machines | A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows | Virus | The Hacker News |
5.1.24 | Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners | Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a | Virus | The Hacker News |
5.1.24 | UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT | The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from | Virus | The Hacker News |
3.1.24 | Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset | Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user.. | Virus | |
1.1.24 | New JinxLoader Targeting Users with Formbook and XLoader Malware | A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor.. | Virus | The Hacker News |