Virus List - 2026 2025 2024 2023 2021 2020 2019 2018 2017
DATE |
NAME |
Info |
CATEG. |
WEB |
| 28.1.26 | Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks | Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to | Virus | The Hacker News |
| 28.1.26 | Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan | Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but | Virus | The Hacker News |
| 25.1.26 | US to deport Venezuelans who emptied bank ATMs using malware | South Carolina federal prosecutors announced that two Venezuelan nationals convicted of stealing hundreds of thousands of dollars from U.S. banks in an ATM jackpotting scheme will be deported after serving their sentences. | Virus | |
| 25.1.26 | New Android malware uses AI to click on hidden browser ads | A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements. | Virus | |
| 25.1.26 | VoidLink cloud malware shows clear signs of being AI-generated | The recently discovered cloud-focused VoidLink malware framework is believed to have been developed by a single person with the help of an artificial intelligence model. | Virus | |
| 25.1.26 | New PDFSider Windows malware deployed on Fortune 100 firm's network | Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems. | Virus | |
| 25.1.26 | Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware | A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. "The | Virus | The Hacker News |
| 22.1.26 | Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts | A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to | Virus | The Hacker News |
| 22.1.26 | VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code | The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with | Virus | The Hacker News |
| 20.1.26 | Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto | Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called | Virus | The Hacker News |
| 19.1.26 |
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures |
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension | Virus | The Hacker News |
| 19.1.26 |
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations |
Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC | Virus | The Hacker News |
| 18.1.26 | StealC hackers hacked as researchers hijack malware control panels | A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware allowed researchers to observe active sessions and gather intelligence on the attackers' hardware. | Virus | |
| 18.1.26 | Gootloader now uses 1,000-part ZIP archives for stealthy delivery | The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives. | Virus | |
| 18.1.26 | New VoidLink malware framework targets Linux cloud servers | A newly discovered advanced cloud-native Linux malware framework named VoidLink focuses on cloud environments, providing attackers with custom loaders, implants, rootkits, and plugins designed for modern infrastructures. | Virus | |
| 17.1.26 | GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection | The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. | Virus | The Hacker News |
| 17.1.26 | LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing | Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as | Virus | The Hacker News |
| 14.1.26 | PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces | The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between | Virus | The Hacker News |
| 14.1.26 | Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool | Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that's capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries , while masquerading as a tool to automate trading on the platform. | Virus | The Hacker News |
| 14.1.26 | New Advanced Linux VoidLink Malware Targets Cloud and container Environments | Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that's specifically designed for long-term, | Virus | The Hacker News |
| 14.1.26 | New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack | Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a | Virus | The Hacker News |
| 8.1.26 | Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages | Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT . The names of the | Virus | The Hacker News |
| 7.1.26 | Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches | A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick | Virus | The Hacker News |
| 7.1.26 | Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat | Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix -style lures to display fixes for fake blue | Virus | The Hacker News |
| 5.1.26 | New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code | Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of harvesting Discord | Virus | The Hacker News |
| 3.1.26 | New GlassWorm malware wave targets Macs with trojanized crypto wallets | A fourth wave of the "GlassWorm" campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. | Virus | |
| 3.1.26 | Chinese state hackers use rootkit to hide ToneShell malware activity | A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. | Virus | |
| 3.1.26 | Zoom Stealer browser extensions harvest corporate meeting intelligence | A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. | Virus | |
| 3.1.26 | Chinese state hackers use rootkit to hide ToneShell malware activity | A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. | Virus | |
| 3.1.26 | Hacker arrested for KMSAuto malware campaign with 2.8 million downloads | A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software. | Virus | |
| 3.1.26 | Fake MAS Windows activation domain used to spread PowerShell malware | A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader' | Virus | BleepingComputer |
| 2.1.26 | Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia | The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan | Virus | The Hacker News |