Virus List -  H  2023  2021  2020  2019  2018  2017

DATE

NAME

Info

CATEG.

WEB

21.12.24Thousands Download Malicious npm Libraries Impersonating Legitimate ToolsThreat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked upVirus

The Hacker News

18.12.24Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate MalwareA new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate . "An attacker usedVirus

The Hacker News

28.10.24

BeaverTail Malware Resurfaces in Malicious npm Packages Targeting DevelopersThree malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linkedVirus

The Hacker News

27.10.24

New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade DetectionNew variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraudVirus

The Hacker News

27.10.24

Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies

Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have

VirusThe Hacker News

27.10.24

Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest

Virus

The Hacker News

27.10.24

Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver

Virus

The Hacker News

26.10.24North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT MalwareThe North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in WindowsVirusThe Hacker News
26.10.24Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing AttackA new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) byVirusThe Hacker News
26.10.24TrickMo Banking Trojan Can Now Capture Android PINs and Unlock PatternsNew variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device'sVirusThe Hacker News
26.10.24New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RATCybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver aVirusThe Hacker News
26.10.24New Linux Variant of FASTCash Malware Targets Payment Switches in ATM HeistsNorth Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part ofVirusThe Hacker News

15.9.24

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing CertificatesCybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimateVirusThe Hacker News

28.9.24

New RomCom malware variant 'SnipBot' spotted in data theft attacksA new variant of the RomCom malware called SnipBot, has been used in attacks that pivot on the network to steal data from compromised systems.Virus

BleepingComputer

26.9.24

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and SpywareAs many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvestVirusThe Hacker News

26.9.24

Infostealer malware bypasses Chrome’s new cookie-theft defensesInfostealer malware developers released updates claiming to bypass Google Chrome's recently introduced feature App-Bound Encryption to protect sensitive data such as cookies.Virus

BleepingComputer

25.9.24

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport MalwareTransportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety ofVirusThe Hacker News

25.9.24

Necro Android Malware Found in Popular Camera and Browser Apps on Play StoreAltered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version ofVirusThe Hacker News

24.9.24

New Octo Android malware version impersonates NordVPN, Google ChromeA new version of the Octo Android malware, named "Octo2," has been seen spreading across Europe under the guise of NordVPN, Google Chrome, and an app called Europe Enterprise.Virus

BleepingComputer

24.9.24

Android malware 'Necro' infects 11 million devices via Google PlayA new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks.Virus

BleepingComputer

24.9.24

New Octo2 Android Banking Trojan Emerges with Device Takeover CapabilitiesCybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improvedVirusThe Hacker News

23.9.24

New PondRAT Malware Hidden in Python Packages Targets Software DevelopersThreat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware calledVirusThe Hacker News

23.9.24

Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR MalwareA suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly otherVirusThe Hacker News

22.9.24

Global infostealer malware operation targets crypto users, gamersA massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named "Marko Polo."Virus

BleepingComputer

21.9.24

Clever 'GitHub Scanner' campaign abusing repos to push malwareA clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from it.Virus

BleepingComputer

19.9.24

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing EmailsA previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by aVirusThe Hacker News

15.9.24

Malware locks browser in kiosk mode to steal Google credentialsA malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.Virus

BleepingComputer

15.9.24

New Linux malware Hadooken targets Oracle WebLogic serversHackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named "Hadooken," which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacksVirus

BleepingComputer

15.9.24

New Vo1d malware infects 1.3 million Android streaming boxesThreat actors have infected over 1.3 million TV streaming boxes running Android with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices.Virus

BleepingComputer

13.9.24

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking FraudCybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with newVirusThe Hacker News

12.9.24

New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via TelegramBank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since atVirusThe Hacker News

12.9.24

Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes WorldwideNearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197VirusThe Hacker News

9.9.24

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RATThe Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customizedVirusThe Hacker News

9.9.24

New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery KeysAndroid device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threatVirusThe Hacker News

8.9.24

Cisco warns of backdoor admin account in Smart Licensing UtilityCisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges.Virus

BleepingComputer

7.9.24

GitHub comments abused to push password stealing malware masked as fixesGitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments.Virus

BleepingComputer

5.9.24

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCoreThreat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from CiscoVirusThe Hacker News

5.9.24

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading FirmThe Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyberVirusThe Hacker News

5.9.24

Android Users Urged to Install Latest Security Updates to Fix Actively Exploited FlawGoogle has released its monthly security updates for the Android operating system to address a known security flaw that it said hasVirusThe Hacker News

4.9.24

Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to DevelopersA new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt toVirusThe Hacker News

4.9.24

Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware AttackA new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoaderVirusThe Hacker News

4.9.24

Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android UsersMobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "ThisVirusThe Hacker News

4.9.24

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers' SystemsRoblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once againVirusThe Hacker News

1.9.24

GitHub comments abused to spread Lumma Stealer malware as fake fixesGitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments.Virus

BleepingComputer

1.9.24

Docker-OSX image used for security research hit by Apple DMCA takedownThe popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright.Virus

BleepingComputer

1.9.24

New Voldemort malware abuses Google Sheets to store stolen dataA campaign that started on August 5, 2024, is spreading a previously undocumented malware named "Voldemort" to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia.Virus

BleepingComputer

1.9.24

Fake Palo Alto GlobalProtect used as lure to backdoor enterprisesThreat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further.Virus

BleepingComputer

31.8.24

Malware exploits 5-year-old zero-day to infect end-of-life IP camerasThe Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which have been discontinued for years and will not receive a patch.Virus

BleepingComputer

31.8.24

PoorTry Windows driver evolves into a full-featured EDR wiperThe malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for the operation of security solutions and making restoration harder.Virus

BleepingComputer

31.8.24

Malware infiltrates Pidgin messenger’s official plugin repositoryThe Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware commonly used to gain initial access to corporate networks.Virus

BleepingComputer

30.8.24

New Malware Masquerades as Palo Alto VPN Targeting Middle East UsersCybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware thatVirusThe Hacker News

28.8.24

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App UsersUsers of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZVirusThe Hacker News

27.8.24

Microsoft: Exchange Online mistakenly tags emails as malwareMicrosoft is investigating an Exchange Online false positive issue causing emails containing images to be wrongly tagged as malicious and sent to quarantine.Virus

BleepingComputer

26.8.24

New Android Malware NGate Steals NFC Data to Clone Contactless Payment CardsCybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical creditVirusThe Hacker News

25.8.24

Stealthy 'sedexp' Linux malware evaded detection for two yearsA stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework.Virus

BleepingComputer

24.8.24

New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev RulesCybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique toVirusThe Hacker News

24.8.24

New NGate Android malware uses NFC chip to steal credit card dataA new Android malware named NGate can steal money from payment cards by relaying to an attacker's device the data read by the near-field communication (NFC) chip.Virus

BleepingComputer

24.8.24

New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie DownloadsCybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware withVirusThe Hacker News

23.8.24

New macOS Malware "Cthulhu Stealer" Targets Apple Users' DataCybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wideVirusThe Hacker News

23.8.24

Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices WorldwideCybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards thatVirusThe Hacker News

22.8.24

New Malware PG_MEM Targets PostgreSQL Databases for Crypto MiningCybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute-VirusThe Hacker News

21.8.24

North Korean Hackers Deploy New MoonPeak Trojan in Cyber CampaignA new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activityVirusThe Hacker News

21.8.24

Styx Stealer Creator's OPSEC Fail Leaks Client List and Profit DetailsIn what's a case of an operational security (OPSEC) lapse, the operator behind a new information stealer called Styx Stealer leakedVirusThe Hacker News

21.8.24

New macOS Malware TodoSwift Linked to North Korean Hacking GroupsCybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities withVirusThe Hacker News

21.8.24

Czech Mobile Users Targeted in New Banking Credential Theft SchemeMobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application (PWA) in anVirusThe Hacker News

21.8.24

Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin AmericaCybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals inVirusThe Hacker News

20.8.24

New UULoader Malware Distributes Gh0st RAT and Mimikatz in East AsiaA new type of malware called UULoader is being used by threat actors to deliver next-stage payloads like Gh0st RAT and Mimikatz .VirusThe Hacker News

16.8.24

Multi-Stage ValleyRAT Targets Chinese Users with Advanced TacticsChinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT. "ValleyRAT is a multi-stageVirusThe Hacker News

16.8.24

New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS SystemsCybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. DubbedVirusThe Hacker News

16.8.24

Malware force-installs Chrome extensions on 300,000 browsers, patches DLLsAn ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser's executables to hijack homepages and steal browsing history.Virus

BleepingComputer

11.8.24

New CMoon USB worm targets Russians in data theft attacksA new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company websiteVirus

BleepingComputer

11.8.24

New Malware Hits 300,000 Users with Rogue Chrome and Edge ExtensionsAn ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via aVirusThe Hacker News

9.8.24

New LianSpy malware hides by blocking Android security featureA previously undocumented Android malware named 'LianSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection.Virus

BleepingComputer

7.8.24

New Go-based Backdoor GoGra Targets South Asian Media OrganizationAn unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-basedVirusThe Hacker News

7.8.24

Chameleon Android Banking Trojan Targets Users Through Fake CRM AppCybersecurity researchers have lifted the lid on a new technique adopted by threat actors behind the Chameleon Android bankingVirusThe Hacker News

6.8.24

New Android Spyware LianSpy Evades Detection Using Yandex CloudUsers in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at leastVirusThe Hacker News

5.8.24

New Android Trojan "BlankBot" Targets Turkish Users' Financial DataCybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to stealVirusThe Hacker News

4.8.24

StackExchange abused to spread malicious PyPi packages as answersThreat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platform.Virus

BleepingComputer

4.8.24

Hackers abuse free TryCloudflare to deliver remote access malwareResearchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs).Virus

BleepingComputer

4.8.24

Google ads push fake Google Authenticator site installing malwareGoogle has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware.Virus

BleepingComputer

4.8.24

New Android malware wipes your device after draining bank accountsA new Android malware that researchers call 'BingoMod' can wipe devices after successfully stealing money from the victims' bank accounts using the on-device fraud technique.Virus

BleepingComputer

3.8.24

Massive SMS stealer campaign infects Android devices in 113 countriesA malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords (OTPs) for over 600 services.Virus

BleepingComputer

3.8.24

Google Chrome adds app-bound encryption to block infostealer malwareGoogle Chrome has added app-bound encryption for better cookie protection on Windows systems and improved defenses against information-stealing malware attacks.Virus

BleepingComputer

3.8.24

Android spyware 'Mandrake' hidden in apps on Google Play since 2022A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store.Virus

BleepingComputer

2.8.24

New Windows Backdoor BITSLOTH Exploits BITS for Stealthy CommunicationCybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in featureVirusThe Hacker News

2.8.24

Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread MalwareCybersecurity companies are warning about an uptick in the abuse of Clouflare's TryCloudflare free service for malware delivery. TheVirusThe Hacker News

1.8.24

Hackers Distributing Malicious Python Packages via Popular Developer Q&A PlatformIn yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to lightVirusThe Hacker News

1.8.24

New Android Banking Trojan BingoMod Steals Money, Wipes DevicesCybersecurity researchers have uncovered a new Android remote access trojan (RAT) called BingoMod that not only performsVirusThe Hacker News

1.8.24

Google Chrome Adds App-Bound Encryption to Protect Cookies from MalwareGoogle has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption toVirusThe Hacker News

1.8.24

Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR MalwareJapanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO andVirusThe Hacker News

1.8.24

Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP CodesA new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at leastVirusThe Hacker News

31.7.24

New Mandrake Spyware Found in Google Play Store Apps After Two YearsA new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available forVirusThe Hacker News

31.7.24

Cybercriminals Target Polish Businesses with Agent Tesla and Formbook MalwareCybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses (SMBs) inVirusThe Hacker News

29.7.24

'Stargazer Goblin' Creates 3,000 Fake GitHub Accounts for Malware SpreadA threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-ServiceVirusThe Hacker News

29.7.24

Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome SiteThe remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as partVirusThe Hacker News

28.7.24

PKfail Secure Boot bypass lets attackers install UEFI malwareHundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware.Virus

BleepingComputer

27.7.24

French police push PlugX malware self-destruct payload to clean PCsThe French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France.Virus

BleepingComputer

27.7.24

Over 3,000 GitHub accounts used by malware distribution serviceThreat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware.Virus

BleepingComputer

27.7.24

KnowBe4 mistakenly hires North Korean hacker, faces infostealer attackAmerican cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices.Virus

BleepingComputer

27.7.24

Hamster Kombat’s 250 million players targeted in malware attacksHamster Kombat’s 250 million players targeted in malware attacksVirus

BleepingComputer

27.7.24

Malicious PyPI Package Targets macOS to Steal Google Cloud CredentialsCybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets AppleVirusThe Hacker News

26.7.24

FrostyGoop malware attack cut off heat in Ukraine during winterRussian-linked malware was used in a January 2024 cyberattack to cut off the heating of over 600 apartment buildings in Lviv, Ukraine, for two days during sub-zero temperatures.Virus

BleepingComputer

26.7.24

Fake CrowdStrike repair manual pushes new infostealer malwareCrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu.Virus

BleepingComputer

26.7.24

New Chrome Feature Scans Password-Protected Files for Malicious ContentGoogle said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome webVirusThe Hacker News

23.7.24

PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential PhishingA Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google CloudVirusThe Hacker News

23.7.24

SocGholish Malware Exploits BOINC Project for Covert CyberattacksThe JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan calledVirusThe Hacker News

22.7.24

Fake CrowdStrike fixes target companies with malware, data wipersThreat actors are exploiting the massive business disruption from CrowdStrike's glitchy update on Friday to target companies with data wipers and remote access tools.Virus

BleepingComputer

21.7.24

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT MalwareCybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to WindowsVirusThe Hacker News

20.7.24

Revolver Rabbit gang registers 500,000 domains for malware campaignsA cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems.Virus

BleepingComputer

19.7.24

Pro-Houthi Group Targets Yemen Aid Organizations with Android SpywareA suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designedVirusThe Hacker News

18.7.24

Alert: HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel DriverCybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthilyVirus

The Hacker News

18.7.24

New BugSleep malware implant deployed in MuddyWater attacksThe Iranian-backed MuddyWater hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems.Virus

BleepingComputer

16.7.24

'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious TwinsDetails have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform aVirus

The Hacker News

16.7.24

Malicious npm Packages Found Using Image Files to Hide Backdoor CodeCybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to executeVirusThe Hacker News

15.7.24

Facebook ads for Windows desktop themes push info-stealing malwareCybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware.Virus

BleepingComputer

15.7.24

10,000 Victims a Day: Infostealer Garden of Low-Hanging FruitImagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting,VirusThe Hacker News

13.7.24

ViperSoftX malware covertly runs PowerShell using AutoIT scriptingThe latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection.Virus

BleepingComputer

13.7.24

Windows MSHTML zero-day used in malware attacks for over a yearMicrosoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features.Virus

BleepingComputer

13.7.24

DarkGate Malware Exploits Samba File Shares in Short-Lived CampaignCybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate theVirus

The Hacker News

12.7.24

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an

Virus

The Hacker News

11.7.24

New Poco RAT Targets Spanish-Speaking Victims in Phishing CampaignSpanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) calledVirus

The Hacker News

10.7.24

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy AttacksThe sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of theVirus

The Hacker News

9.7.24

GuardZoo Malware Targets Over 450 Middle Eastern Military PersonnelMilitary personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-VirusThe Hacker News

9.7.24

Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code RepositoriesUnknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to beVirusThe Hacker News

8.7.24

Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse SitesAn analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers ofVirusThe Hacker News

8.7.24

Experts Warn of Mekotio Banking Trojan Targeting Latin American CountriesFinancial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according toVirusThe Hacker News

6.7.24

Hackers attack HFS servers to drop malware and Monero minersHackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software.Virus

BleepingComputer

5.7.24

Infostealer malware logs used to identify child abuse website membersThousands of pedophiles who download and share child sexual abuse material (CSAM) were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations.Virus

BleepingComputer

5.7.24

GootLoader Malware Still Active, Deploys New Versions for Enhanced AttacksThe malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromisedVirusThe Hacker News

4.7.24

Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware ToolUnknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance toolVirusThe Hacker News

3.7.24

FakeBat Loader Malware Spreads Widely Through Drive-by Download AttacksThe loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using theVirusThe Hacker News

3.7.24

South Korean ERP Vendor's Server Hacked to Spread Xctdoor MalwareAn unnamed South Korean enterprise resource planning (ERP) vendor's product update server has been found to be compromisedVirusThe Hacker News

1.7.24

CapraRAT Spyware Disguised as Popular Apps Threatens Android UsersThe threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineeringVirusThe Hacker News

1.7.24

Indian Software Firm's Products Hacked to Spread Data-Stealing MalwareInstallers for three different software products developed by an Indian company named Conceptworld have been trojanized toVirusThe Hacker News

30.6.24

New Unfurling Hemlock threat actor floods systems with malwareA threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files.Virus

BleepingComputer

29.6.24

Snowblind malware abuses Android security feature to bypass securityA novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data.Virus

BleepingComputer

28.6.24New Medusa malware variants target Android users in seven countriesThe Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey.Virus

BleepingComputer

27.6.24New Medusa Android Trojan Targets Banking Users Across 7 CountriesCybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to targetVirusThe Hacker News
25.6.24New Cyberthreat 'Boolka' Deploying BMANAGER Trojan via SQLi AttacksA previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver aVirusThe Hacker News
25.6.24Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin AccountsMultiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injectedVirusThe Hacker News
25.6.24Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android DevicesMultiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool calledVirusThe Hacker News
23.6.24Warning: New Adware Campaign Targets Meta Quest App SeekersA new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a newVirusThe Hacker News
23.6.24Oyster Backdoor Spreading via Trojanized Popular Software DownloadsA malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams toVirusThe Hacker News
20.6.24New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data ExfiltrationA new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains withVirusThe Hacker News
20.6.24Experts Uncover New Evasive SquidLoader Malware Targeting Chinese OrganizationsCybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaignsVirusThe Hacker News
19.6.24Fake Google Chrome errors trick you into running malicious PowerShell scriptsA new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware.Virus

BleepingComputer

18.6.24Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar StealerThreat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader calledVirusThe Hacker News
17.6.24NiceRAT Malware Targets South Korean Users via Cracked SoftwareThreat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, whichVirusThe Hacker News
16.6.24New Linux malware is controlled through emojis sent from DiscordA newly discovered Linux malware dubbed 'DISGOMOJI' uses the novel approach of utilizing emojis to execute commands on infected devices in attacks on government agencies in India.Virus

BleepingComputer

15.6.24Phishing emails abuse Windows search protocol to push malicious scriptsA new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware.Virus

BleepingComputer

15.6.24Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in PakistanPakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyondVirusThe Hacker News
14.6.24Warmcookie Windows backdoor pushed via fake job offersA Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks.Virus

BleepingComputer

13.6.24Arid Viper Launches Mobile Espionage Campaign with AridSpy MalwareThe threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps toVirusThe Hacker News
13.6.24Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOSThreat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at leastVirusThe Hacker News
13.6.24Cybercriminals Employ PhantomLoader to Distribute SSLoad MalwareThe nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader,VirusThe Hacker News
13.6.24Gitloker attacks abuse GitHub notifications to push malicious OAuth appsThreat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos.Virus

BleepingComputer

13.6.24Malicious VSCode extensions with millions of installs discoveredA group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.VirusBleepingComputer
13.6.24New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux SystemsA previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actorsVirusThe Hacker News
12.6.24China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft TacticsCybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a newVirusThe Hacker News
10.6.24Sticky Werewolf Expands Cyber Attack Targets in Russia and BelarusCybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacksVirusThe Hacker News
8.6.24LightSpy Spyware's macOS Variant Found with Advanced Surveillance CapabilitiesCybersecurity researchers have disclosed that the LightSpy spyware recently identified as targeting Apple iOS users is in fact a previouslyVirusThe Hacker News

7.6.24

SPECTR Malware Targets Ukraine Defense Forces in SickSync CampaignThe Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country withVirus

The Hacker News

5.6.24

Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in UkraineA new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt StrikeVirusThe Hacker News

5.6.24

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber AttacksCyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkeyVirusThe Hacker News

5.6.24

Researchers Uncover RAT-Dropping npm Package Targeting Gulp UsersCybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed toVirusThe Hacker News
3.6.24Andariel Hackers Target South Korean Institutes with New Dora RAT MalwareThe North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in itsVirusThe Hacker News

3.6.24

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer MalwareFake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT andVirusThe Hacker News

1.6.24

Pirated Microsoft Office delivers malware cocktail on systemsCybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites.Virus

BleepingComputer

29.5.24

Brazilian Banks Targeted by New AllaKore RAT Variant Called AllaSenhaBrazilian banking institutions are the target of a new campaign that distributes a custom variant of the Windows-based AllaKoreVirusThe Hacker News

25.5.24

Stealers, stealers and more stealersStealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers, and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid (a new stealer), ScarletStealer (another new stealer) and Sys01, which had been updated quite a bit since the previous public analysis. VirusSecurelist

25.5.24

GhostEngine mining attacks kill EDR security using vulnerable driversA malicious crypto mining campaign codenamed 'REF4578,' has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner.Virus

BleepingComputer

24.5.24

JAVS Courtroom Recording Software Backdoored - Deploys RustDoor MalwareMalicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AVVirusThe Hacker News

24.5.24

Stealthy BLOODALCHEMY Malware Targeting ASEAN Government NetworksCybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting governmentVirusThe Hacker News

23.5.24

New BiBi Wiper version also destroys the disk partition tableA new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims.Virus

BleepingComputer

22.5.24

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive UsersA new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like GoogleVirusThe Hacker News

22.5.24

SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered InfrastructureThe persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure toVirusThe Hacker News

20.5.24

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks WorldwideThe threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024VirusThe Hacker News

19.5.24

Banking malware Grandoreiro returns after police disruptionThe banking trojan "Grandoreiro" is spreading in a large-scale phishing campaign in over 60 countries, targeting customer accounts of roughly 1,500 banks.Virus

BleepingComputer

18.5.24

PyPi package backdoors Macs using the Sliver pen-testing suiteA new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks.Virus

BleepingComputer

18.5.24

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RATCybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked VirusThe Hacker News

14.5.24

Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library LogoCybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requestsVirusThe Hacker News

10.5.24

Malicious Android Apps Pose as Google, Instagram, WhatsApp, to Steal Credentials

Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed

Virus

The Hacker News

8.5.24Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest VersionA newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysisVirusThe Hacker News
5.5.24New Cuttlefish malware infects routers to monitor traffic for credentialsA new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information.Virus

BleepingComputer

5.5.24New Latrodectus malware attacks use Microsoft, Cloudflare themesLatrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious.Virus

BleepingComputer

4.5.24Fake job interviews target developers with new Python backdoorA new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT).Virus

BleepingComputer

4.5.24Researchers sinkhole PlugX malware server with 2.5 million unique IPsResearchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses.Virus

BleepingComputer

3.5.24Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware CommunicationsThreat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim ofVirusThe Hacker News
2.5.24

New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials

A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthilyVirusThe Hacker News
1.5.24ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking TrojanThe authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojanVirusThe Hacker News
30.4.24Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated toVirusThe Hacker News
30.4.24Bogus npm Packages Used to Trick Software Developers into Installing MalwareAn ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a jobVirusThe Hacker News
27.4.24CoralRaider attacks use CDN cache to push info-stealer malwareA threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan.Virus

BleepingComputer

27.4.24US imposes visa bans on 13 spyware makers and their families​The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February.VirusBleepingComputer
26.4.24North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job LuresThe North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a newVirusThe Hacker News
25.4.24eScan Antivirus Update Mechanism Exploited to Spread Backdoors and MinersA new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoorsVirusThe Hacker News
24.4.24Hackers hijack antivirus updates to drop GuptiMiner malwareNorth Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware.Virus

BleepingComputer

24.4.24GitLab affected by GitHub-style CDN flaw allowing malware hostingBleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion.Virus

BleepingComputer

24.4.24CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-StealersA new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot , LummaC2 , and VirusThe Hacker News
22.4.24GitHub comments abused to push malware via Microsoft repo URLsA GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy.VirusBleepingComputer
22.4.24New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for StealthA new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee LabsVirusThe Hacker News
19.4.24Fake cheat lures gamers into spreading infostealer malwareA new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too.Virus

BleepingComputer

19.4.24Google ad impersonates Whales Market to push wallet drainer malwareA legitimate-looking Google Search advertisement for the crypto trading platform 'Whales Market' redirects visitors to a wallet-draining phishing site that steals all of your assets.Virus

BleepingComputer

19.4.24Hackers Target Middle East Governments with Evasive "CR4T" BackdoorGovernment entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoorVirusThe Hacker News
19.4.24OfflRouter Malware Evades Detection in Ukraine for Almost a DecadeSelect Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said itsVirusThe Hacker News
18.4.24DuneQuixote campaign targets Middle Eastern entities with “CR4T” malwareNew unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go.VirusSecurelist
18.4.24SoumniBot: the new Android banker’s unique techniquesThe creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. VirusSecurelist
18.4.24Malicious Google Ads Pushing Fake IP Scanner Software with Hidden BackdoorA new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver aVirusThe Hacker News
16.4.24TA558 Hackers Weaponize Images for Wide-Scale Malware AttacksThe threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide rangeVirusThe Hacker News
16.4.24Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global CrackdownTwo individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute aVirusThe Hacker News
14.4.24Firebird RAT creator and seller arrested in the U.S. and AustraliaA joint police operation between the Australian Federal Police (AFP) and the FBI has led to the arrest and charging of two individuals who are believed to be behind the development and distribution of the "Firebird" remote access trojan (RAT), later rebranded as "Hive."Virus

BleepingComputer

13.4.24Hackers Deploy Python Backdoor in Palo Alto Zero-Day AttackThreat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to MarchVirusThe Hacker News
13.4.24Malicious Visual Studio projects on GitHub push Keyzetsu malwareThreat actors are abusing GitHub automation features and malicious Visual Studio projects to push a new variant of the "Keyzetsu" clipboard-hijacking malware and steal cryptocurrency payments.Virus

BleepingComputer

13.4.24XZ backdoor story – Initial analysisa single message on the Openwall OSS-security mailing list marked an important discovery for the information security, open source and Linux communities: the discovery of a malicious backdoor in XZ. XZ is a compression utility integrated into many popular distributions of Linux.VirusSecurelist
13.4.24Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files"Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys , new findings fromVirusThe Hacker News
11.4.24Raspberry Robin Returns: New Malware Campaign Spreading Through WSF FilesCybersecurity researchers have discovered a new Raspberry Robin campaign wave that propagates the malware through maliciousVirusThe Hacker News
9.4.24Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice PhishingCybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver aVirusThe Hacker News
8.4.24Watch Out for 'Latrodectus' - This Malware Could Be In Your InboxThreat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaignsVirusThe Hacker News
7.4.24Over 92,000 exposed D-Link NAS devices have a backdoor accountA threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.Virus

BleepingComputer

7.4.24New Latrodectus malware replaces IcedID in network breachesA relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023.Virus

BleepingComputer

7.4.24Visa warns of new JSOutProx malware variant targeting financial orgsVisa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers.Virus

BleepingComputer

6.4.24The Biggest Takeaways from Recent Malware AttacksRecent high-profile malware attacks teach us lessons on limiting malware risks at organizations. Learn more from Blink Ops about what these attacks taught us. Virus

BleepingComputer

5.4.24From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan MalwareBogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan . TheVirusThe Hacker News
5.4.24New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENAFinancial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of anVirusThe Hacker News
4.4.24New XZ backdoor scanner detects implant in any Linux binaryFirmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094.Virus

BleepingComputer

4.4.24DinodasRAT malware targets Linux servers in espionage campaignSecurity researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022.Virus

BleepingComputer

3.4.24Mispadu Trojan Targets Europe, Thousands of Credentials CompromisedThe banking trojan known as Mispadu has expanded its focus beyond Latin America (LATAM) and Spanish-speaking individuals toVirusThe Hacker News
2.4.24Malicious Code in XZ Utils for Linux Systems Enables Remote Code ExecutionThe malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is alsoVirusThe Hacker News
2.4.24Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple SectorsThe threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors inVirusThe Hacker News
1.4.24Detecting Windows-based Malware Through Better VisibilityDespite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. TheseVirusThe Hacker News
31.3.24Vultur banking malware for Android poses as McAfee Security appSecurity researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism.Virus

BleepingComputer

31.3.24Activision: Enable 2FA to secure accounts recently stolen by malwareAn infostealer malware campaign has reportedly collected millions of logins from users of various gaming websites, including players that use cheats, pay-to-cheat services.Virus

BleepingComputer

31.3.24Red Hat warns of backdoor in XZ tools used by most Linux distrosToday, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.Virus

BleepingComputer

31.3.24PyPI suspends new user registration to block malware campaignThe Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign.Virus

BleepingComputer

31.3.24Hackers Target macOS Users with Malicious Ads Spreading Stealer MalwareMalicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targetingVirusThe Hacker News
30.3.24Google: Spyware vendors behind 50% of zero-days exploited in 2023Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients.Virus

BleepingComputer

30.3.24Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux DistrosRedHat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ UtilsVirusThe Hacker News
29.3.24Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several CountriesA Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, andVirusThe Hacker News
27.3.24TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy serviceA new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office (SOHO) routers and IoT devices in 88 countries.Virus

BleepingComputer

27.3.24Over 100 US and EU orgs targeted in StrelaStealer malware attacksA new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials.VirusBleepingComputer
23.3.24Evasive Sign1 malware campaign infects 39,000 WordPress sitesA previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads.Virus

BleepingComputer

23.3.24Russian Hackers Use 'WINELOADER' Malware to Target German Political PartiesThe WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has beenVirusThe Hacker News
22.3.24New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S.Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as VirusThe Hacker News
22.3.24Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' MalwareThe data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings fromVirusThe Hacker News
21.3.24New AcidPour data wiper targets Linux x86 network devicesA new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices.Virus

BleepingComputer

21.3.24Over 800 npm Packages Found with Discrepancies, 18 Exploitable to 'Manifest Confusion'New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have beenVirusThe Hacker News
21.3.24AndroxGh0st Malware Targets Laravel Apps to Steal Cloud CredentialsCybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitiveVirusThe Hacker News
20.3.24New BunnyLoader Malware Variant Surfaces with Modular Attack FeaturesCybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its variousVirusThe Hacker News
19.3.24From Deepfakes to Malware: AI's Expanding Role in Cyber AttacksLarge language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable ofVirusThe Hacker News
19.3.24Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 DevicesA new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. TheVirusThe Hacker News
19.3.24New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced TacticsA new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitiveVirusThe Hacker News
18.3.24Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google SitesCybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute aVirusThe Hacker News
17.3.24Hackers Using Cracked Software on GitHub to Spread RisePro Info StealerCybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealerVirusThe Hacker News
16.3.24Hackers exploit Windows SmartScreen flaw to drop DarkGate malwareA new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers.Virus

BleepingComputer

15.3.24Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote InstallersChinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads andVirusThe Hacker News
14.3.24Ande Loader Malware Targets Manufacturing Sector in North AmericaThe threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) likeVirusThe Hacker News
13.3.24PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian UsersThe threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvestVirusThe Hacker News
13.3.24Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHubA new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-VirusThe Hacker News
12.3.24Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ SitesA new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code.VirusThe Hacker News
12.3.24New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing TacticsUsers in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDFVirusThe Hacker News
11.3.24Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RATA financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunisticallyVirusThe Hacker News
10.3.24Magnet Goblin hackers use 1-day flaws to drop custom Linux malwareA financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems.Virus

BleepingComputer

9.3.24Hackers target Docker, Hadoop, Redis, Confluence with new Golang malwareHackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts.Virus

BleepingComputer

9.3.24New WogRAT malware abuses online notepad service to store malwareA new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code.Virus

BleepingComputer

9.3.24New WogRAT malware abuses online notepad service to store malwareMicrosoft has unexpectedly announced they are ending support for the Windows Subsystem for Android next year on March 5th.VirusBleepingComputer
7.3.24Android and Windows RATs Distributed Via Online Meeting LuresBeginning in December 2023, Zscaler’s ThreatLabz discovered a threat actor creating fraudulent Skype, Google Meet, and Zoom websites to spread malware.VirusZscaler
7.3.24Android and Windows RATs Distributed Via Online Meeting LuresBeginning in December 2023, Zscaler’s ThreatLabz discovered a threat actor creating fraudulent Skype, Google Meet, and Zoom websites to spread malware.VirusZscaler
7.3.24New Python-Based Snake Info Stealer Spreading Through Facebook MessagesFacebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that's designed to capture credentials andVirusThe Hacker News
7.3.24Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering MalwareThreat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver aVirusThe Hacker News
6.3.24Stealthy GTPDOOR Linux malware targets mobile operator networksSecurity researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks.Virus

BleepingComputer

6.3.24U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and JournalistsThe U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the IntellexaVirusThe Hacker News
6.3.24Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK MalwareNorth Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called Virus

The Hacker News

3.3.24CISA warns of Microsoft Streaming bug exploited in malware attacksCISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks.Virus

BleepingComputer

3.3.24New Bifrost malware for Linux mimics VMware domain for evasionA new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware.Virus

BleepingComputer

2.3.24Japan warns of malicious PyPi packages created by North Korean hackersJapan's Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware.Virus

BleepingComputer

2.3.24Malicious code in Tornado Cash governance proposal puts user funds at riskMalicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months.Virus

BleepingComputer

1.3.24New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for EvasionCybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptiveVirusThe Hacker News
1.3.24GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming NetworksThreat hunters have discovered a new Linux malware called GTPDOOR that's designed to be deployed in telecom networks that are adjacent toVirusThe Hacker News
1.3.24New Backdoor Targeting European Officials Linked to Indian Diplomatic EventsA previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomaticVirusThe Hacker News
1.3.24Lazarus Exploits Typos to Sneak PyPI Malware into Dev SystemsThe notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal ofVirusThe Hacker News
29.2.24New IDAT loader version uses steganography to push Remcos RATA hacking group tracked as 'UAC-0184' was observed utilizing steganographic image files to deliver the Remcos remote access trojan (RAT) onto the systems of a Ukrainian entity operating in FinlandVirus

BleepingComputer

29.2.24Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New MalwareAt least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886 , have been attributed to theVirusThe Hacker News
28.2.24Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHubAn "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it easily accessible to other actors atVirusThe Hacker News
27.2.24New IDAT Loader Attacks Using Steganography to Deploy Remcos RATUkrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as RemcosVirusThe Hacker News
27.2.24North Korean Hackers Targeting Developers with Malicious npm PackagesA set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findingsVirusThe Hacker News
27.2.24Banking Trojans Target Latin America and Europe Through Google Cloud RunCybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliverVirusThe Hacker News
24.2.24Hackers abuse Google Cloud Run in massive banking trojan campaignSecurity researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban.Virus

BleepingComputer

24.2.24New SSH-Snake malware steals SSH keys to spread across the networkA threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure.Virus

BleepingComputer

24.2.24Dormant PyPI Package Compromised to Spread Nova Sentinel MalwareA dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealerVirusThe Hacker News
23.2.24Microsoft Releases PyRIT - A Red Teaming Tool for Generative AIMicrosoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks inVirusThe Hacker News
22.2.24Russian Government Software Backdoored to Deploy Konni RAT MalwareAn installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remoteVirusThe Hacker News
20.2.24New Malicious PyPI Packages Caught Using Covert Side-Loading TacticsCybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging aVirusThe Hacker News
18.2.24Turla hackers backdoor NGOs with new TinyTurla-NG malwareSecurity researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data.Virus

BleepingComputer

18.2.24New Qbot malware variant uses fake Adobe installer popup for evasionThe developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December.Virus

BleepingComputer

18.2.24Ubuntu 'command-not-found' tool can be abused to spread malwareA logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users.Virus

BleepingComputer

18.2.24Hackers used new Windows Defender zero-day to drop DarkMe malwareMicrosoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT).Virus

BleepingComputer

17.2.24Bumblebee malware attacks are back after 4-month breakThe Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns.Virus

BleepingComputer

17.2.24FBI seizes Warzone RAT infrastructure, arrests malware vendorThe FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation.Virus

BleepingComputer

17.2.24Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoorHackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.Virus

BleepingComputer

17.2.24Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing AttacksA malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing AmazonVirusThe Hacker News
16.2.24Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG BackdoorThe Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaignVirusThe Hacker News
16.2.24Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware AttacksA Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans,VirusThe Hacker News
15.2.24Bumblebee Malware Returns with New Tricks, Targeting U.S. BusinessesThe infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a newVirusThe Hacker News
15.2.24DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day VulnerabilityA newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called VirusThe Hacker News
15.2.24Glupteba Botnet Evades Detection with Undocumented UEFI BootkitThe Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface ( UEFI ) bootkitVirusThe Hacker News
15.2.24PikaBot Resurfaces with Streamlined Code and Deceptive TacticsThe threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case ofVirusThe Hacker News
12.2.24U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key OperatorsThe U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT)VirusThe Hacker News
10.2.24Raspberry Robin malware evolves with early access to Windows exploitsRecent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them.VirusBleepingComputer
9.2.24Facebook ads push new Ov3r_Stealer password-stealing malwareA new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency.Virus

BleepingComputer

9.2.24New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered AttackSixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote . "This malware utilizes theVirusThe Hacker News
9.2.24Stealthy Zardoor Backdoor Targets Saudi Islamic Charity OrganizationAn unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop aVirusThe Hacker News
8.2.24HijackLoader Evolves: Researchers Decode the Latest Evasion MethodsThe threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to beVirusThe Hacker News
6.2.24Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and CredentialsThreat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealerVirusThe Hacker News
4.2.24PurpleFox malware infects thousands of computers in UkraineThe Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country.Virus

BleepingComputer

3.2.24

Hackers push USB malware payloads via news, media hosting sitesA financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content.Virus

BleepingComputer

3.2.24

DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and CryptojackingThe Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strainVirusThe Hacker News

2.2.24

HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto MiningCybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the worldVirusThe Hacker News
1.2.24Ukraine: Hack wiped 2 petabytes of data from Russian research centerThe Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data.Virus

BleepingComputer

1.2.24

Blackwood hackers hijack WPS Office update to install malwareA previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals.Virus

BleepingComputer

1.2.24

Russian TrickBot malware dev sentenced to 64 months in prisonRussian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide.Virus

BleepingComputer

1.2.24Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader MalwareA pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-VirusThe Hacker News

31.1.24

Malicious web redirect scripts stealth up to hide on hacked sitesSecurity researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms.Virus

BleepingComputer

31.1.24

Brazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top OperativesA Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil VirusThe Hacker News

31.1.24

New ZLoader Malware Variant Surfaces with 64-bit Windows CompatibilityThreat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure wasVirusThe Hacker News

29.1.24

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows MachinesCybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an informationVirusThe Hacker News

27.1.24

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud TricksMexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote accessVirusThe Hacker News

26.1.24

Malicious Ads on Google Target Chinese Users with Fake Messaging AppsChinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertisingVirusThe Hacker News

26.1.24

SystemBC Malware's C2 Server Analysis Exposes Payload Delivery TricksCybersecurity researchers have shed light on the command-and-control (C2) server workings of a known malware family called SystemBC . "SystemBC canVirusThe Hacker News

26.1.24

LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code TricksCybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks. The findingsVirusThe Hacker News

25.1.24

New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc ExploitsA new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromisedVirusThe Hacker News

23.1.24

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHubTwo malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen fromVirusThe Hacker News

23.1.24

North Korean Hackers Weaponize Research Lures to Deliver RokRAT BackdoorMedia organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor knownVirusThe Hacker News

22.1.24

NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular BrowsersCybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data fromVirusThe Hacker News

20.1.24

Microsoft: Iranian hackers target researchers with new MediaPl malwareMicrosoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware.Virus

BleepingComputer

19.1.24

Npm Trojan Bypasses UAC, Installs AnyDesk with "Oscompatible" PackageA malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. TheVirusThe Hacker News

19.1.24

New Docker Malware Steals CPU for Crypto & Drives Fake Website TrafficVulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as theVirusThe Hacker News

17.1.24

Remcos RAT Spreading Through Adult Games in New Attack WaveThe remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in SouthVirusThe Hacker News

15.1.24

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin VulnerabilityThousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector . First VirusThe Hacker News

12.1.24

New Balada Injector campaign infects 6,700 WordPress sitesA new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign.Virus

BleepingComputer

12.1.24

Threat Actors Increasingly Abusing GitHub for Malicious PurposesThe ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloadsVirusThe Hacker News

10.1.24

Alert: Water Curupira Hackers Actively Distributing PikaBot Loader MalwareA threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. "PikaBot'sVirusThe Hacker News

9.1.24

Stealthy AsyncRAT malware attacks targets US infrastructure for 11 monthsA campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains.Virus

BleepingComputer

9.1.24

Google: Malware abusing API is standard token theft, not an API issueGoogle is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.Virus

BleepingComputer

9.1.24

Beware! YouTube Videos Promoting Cracked Software Distribute Lumma StealerThreat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an informationVirusThe Hacker News

9.1.24

Syrian Hackers Distributing Stealthy C#-Based Silver RAT to CybercriminalsThreat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that's equipped to bypassVirusThe Hacker News

6.1.24

'everything' blocks devs from removing their own npm packagesOver the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it impossible for all npm authors to unpublish their packages from the registry.Virus

BleepingComputer

5.1.24

New Bandook RAT Variant Resurfaces, Targeting Windows MachinesA new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate WindowsVirusThe Hacker News

5.1.24

Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto MinersThree new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy aVirusThe Hacker News

5.1.24

UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RATThe threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection fromVirusThe Hacker News

3.1.24

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password ResetInformation stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user..Virus

The Hacker News

1.1.24

New JinxLoader Targeting Users with Formbook and XLoader MalwareA new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor..VirusThe Hacker News