Collecting Cyber-News from over 60 sources

Tag: infection

Qilin EDR killer infection chain

Apr 2, 2026 12:52 PM

Tags: attack, edr, infection, malicious, ransomware

This blog provides an in-depth analysis of the malicious “msimg32.dll” used in Qilin ransomware attacks, which is a multi-stage infection chain targeting EDR systems. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/qilin-edr-killer/
48 Hours: The Window Between Infostealer Infection and Dark Web Sale

Apr 1, 2026 7:30 PM

Tags: credentials, dark-web, infection, intelligence, marketplace

New research maps the full infostealer lifecycle. Your credentials go from an employee’s device to an underground marketplace in less time than it takes your security team to notice anything is wrong. On March 24, 2026, researchers at Whiteintel’s Intelligence Division published a detailed map of the full infostealer lifecycle, tracing the exact sequence from……
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

Apr 1, 2026 4:29 PM

Tags: infection, malicious, malware, microsoft, threat, windows

Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files.The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It’s currently not known what lures the threat actors use to trick…
Google Drive Expands AI Ransomware Detection, File Recovery to More Users

Mar 31, 2026 9:31 PM

Tags: ai, detection, google, infection, ransomware

Google expands Drive ransomware detection and file recovery with its latest AI model, which detects 14 times more infections as the features move beyond beta. The post Google Drive Expands AI Ransomware Detection, File Recovery to More Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-drive-ransomware-detection-file-recovery/
Apple Adds ClickFix Attack Warnings in New macOS Tahoe Security Feature

Mar 31, 2026 11:29 AM

Tags: apple, attack, cyber, defense, infection, macOS, social-engineering

Apple has silently introduced a new security mechanism in macOS Tahoe 26.4 to protect users against social engineering campaigns known as ClickFix attacks. This defense intercepts potentially harmful commands before they are pasted into the Terminal application, breaking the infection chain. The ClickFix Attack Methodology ClickFix is a sophisticated social engineering technique designed to bypass…
Fake Certificate Loader Hides BlankGrabber Malware Chain

Mar 28, 2026 10:31 AM

Tags: cyber, infection, malware, rust, service, tool, windows

BlankGrabber’s operators are now abusing a fake “certificate” loader to hide a multi”‘stage Rust and Python infection chain, making this commodity stealer significantly harder to spot on Windows endpoints. The new technique relies on built”‘in tools such as certutil.exe, heavily obfuscated PyInstaller stubs, and stealthy exfiltration via Telegram and public web services to evade both…
GlassWorm attack installs fake browser extension for surveillance

Mar 26, 2026 4:47 PM

Tags: attack, data, infection, risk, tool

It hides inside developer tools, then monitors activity and steals data, turning a single infection into a wider risk across the supply chain. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/glassworm-attack-installs-fake-browser-extension-for-surveillance/
SmartApeSG ClickFix Campaign Spreads Remcos, NetSupport RAT, StealC, Sectop RAT

Mar 25, 2026 12:47 PM

Tags: access, attack, captcha, cyber, infection, rat

A recent SmartApeSG campaign observed on March 24, 2026, highlights the growing sophistication of ClickFix-based attack chains, which deliver multiple remote access trojans (RATs) and information stealers through a staged infection process. The infection begins with the ClickFix technique, where victims are redirected from a compromised legitimate website to a fake CAPTCHA page. This page…
New Study Reveals How Infostealer Infections Lead to Dark Web Exposure in Just 48 Hours

Mar 25, 2026 10:46 AM

Tags: breach, credentials, cyber, dark-web, detection, infection, malware, marketplace

New research is shedding light on how infostealer malware turns a single careless click into full-blown credential exposure on dark web marketplaces in less than 48 hours far faster than traditional breach detection timelines. Unlike database breaches that take weeks or months to uncover, infostealer infections move at machine speed. A typical scenario begins when…
Faster attacks and ‘recovery denial’ ransomware reshape threat landscape

Mar 23, 2026 5:48 PM

Tags: access, ai, api, attack, authentication, backup, ciso, cloud, control, credentials, data, defense, detection, email, encryption, espionage, exploit, governance, identity, infection, infrastructure, intelligence, mandiant, mfa, monitoring, network, north-korea, phishing, ransomware, resilience, saas, service, social-engineering, strategy, tactics, theft, threat, tool, update

Social engineering becomes more interactive: While exploits remain the leading initial infection vector at 32%, the report underscores a shift toward more adaptive social engineering. Voice phishing has risen sharply, while email phishing continues to decline, signaling a move away from high-volume campaigns toward real-time interaction.Mandiant’s data shows that email phishing dropped to just 6%…
We Know You Can Pay a Million by Anja Shortland review the terrifying new world of ransomware

Mar 23, 2026 8:47 AM

Tags: business, computer, infection, jobs, malware, ransomware, risk

Criminals extorting money online have created huge businesses, complete with branding and HRThe birth of ransomware was a stunt that got out of hand. In 1989, an evolutionary biologist called Joseph L Popp Jr was working part time for the World Health Organisation on the Aids epidemic. He was a difficult man. When he was…
Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge

Mar 20, 2026 1:10 PM

Tags: apple, attack, exploit, infection, iphone, malicious, risk, update, vulnerability

Apple warns that outdated iPhones are vulnerable to Coruna and DarkSword exploit kits and urges users to update iOS. Apple has warned that iPhones running outdated iOS versions are at risk from exploit kits like Coruna and DarkSword. These attacks use malicious web content to trigger infection chains that can steal sensitive data. Users are…
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Mar 20, 2026 7:10 AM

Tags: apple, attack, exploit, infection, iphone, malicious, theft, update, vulnerability

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword.These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data.”For…
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Mar 20, 2026 7:10 AM

Tags: apple, attack, exploit, infection, iphone, malicious, theft, update, vulnerability

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword.These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data.”For…
Technical Analysis of SnappyClient

Mar 18, 2026 7:10 PM

Tags: access, antivirus, api, attack, browser, chrome, cloud, communications, computer, control, credentials, crypto, data, defense, detection, encryption, endpoint, finance, framework, github, infection, injection, jobs, login, malicious, malware, network, password, software, startup, theft, threat, update, windows

IntroductionIn December 2025, Zscaler ThreatLabz identified a new command-and-control (C2) framework implant that we track as SnappyClient, which was delivered using HijackLoader. SnappyClient has an extended list of capabilities including taking screenshots, keylogging, a remote terminal, and data theft from browsers, extensions, and other applications. In this blog post, ThreatLabz provides a technical analysis of SnappyClient, including…
4,000+ Routers Compromised by KadNap Malware Exploiting Vulnerabilities

Mar 12, 2026 2:10 PM

Tags: botnet, cyber, exploit, infection, malware, router, russia, vulnerability

A newly uncovered malware campaign dubbed KadNap has silently conscripted more than 14,000 internet”‘exposed routers and edge devices into a stealth proxy botnet, with Asus routers the primary victims. More than 60% of known victims are located in the United States, with additional infections observed in Taiwan, Hong Kong, Russia, and other countriesHow KadNap Infects Routers The…
North Korean fake IT worker tradecraft exposed

Mar 12, 2026 11:10 AM

Tags: access, ai, banking, breach, china, crypto, data-breach, defense, detection, finance, fintech, fraud, gitlab, group, identity, infection, intelligence, jobs, malicious, malware, mobile, north-korea, programming, scam, service, skills, software, tactics, threat, tool

Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
North Korean fake IT worker tradecraft exposed

Mar 12, 2026 11:10 AM

Tags: access, ai, banking, breach, china, crypto, data-breach, defense, detection, finance, fintech, fraud, gitlab, group, identity, infection, intelligence, jobs, malicious, malware, mobile, north-korea, programming, scam, service, skills, software, tactics, threat, tool

Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
Middle East Conflict Fuels Opportunistic Cyber Attacks

Mar 6, 2026 9:47 PM

Tags: access, advisory, api, apt, attack, authentication, awareness, backdoor, best-practice, breach, browser, business, chrome, cloud, crypto, cyber, cybercrime, cybersecurity, data, defense, endpoint, exploit, fraud, google, government, identity, infection, Internet, iran, iraq, malicious, malware, mfa, middle-east, military, monitoring, network, password, phishing, PurpleTeam, radius, risk, risk-assessment, scam, service, software, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

IntroductionThreat actors often take advantage of major global events to fuel interest in their malicious activities. Zscaler ThreatLabz is diligently tracking a surge in cybercriminal activity that capitalizes on the elevated political climate in the Middle East. This increased malicious activity includes discoveries that are directly tied to the ongoing conflict, alongside other related findings. ThreatLabz…
Fake Zoom and Google Meet Phishing Campaigns Deploy Teramind Surveillance Software

Feb 28, 2026 5:37 PM

Tags: attack, cyber, endpoint, google, infection, monitoring, phishing, scam, software, threat, unauthorized, windows

Threat actors are executing sophisticated phishing campaigns that impersonate Zoom and Google Meet to silently deploy Teramind onto Windows devices. While Teramind is a legitimate enterprise endpoint monitoring product, scammers are abusing its stealth features to conduct unauthorized surveillance. The Infection Chain and Delivery Mechanism The attack relies on fabricated landing pages that mimic official…
APT37 Adds New Capabilities for Air-Gapped Networks

Feb 26, 2026 5:37 PM

Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windows

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
APT37 Adds New Capabilities for Air-Gapped Networks

Feb 26, 2026 5:37 PM

Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windows

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
Steaelite RAT combines data theft and ransomware management capability in one tool

Feb 26, 2026 5:37 AM

Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windows

CSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
Malicious OpenClaw Tactics Deceive Users into Manual Password Entry for AMOS Infection

Feb 24, 2026 11:02 AM

Tags: ai, attack, cyber, infection, macOS, malicious, password, skills, social-engineering, software, supply-chain, tactics

Malicious OpenClaw skills are being weaponized to coerce users into manually entering their passwords, enabling a new Atomic (AMOS) Stealer infection chain that abuses AI agent workflows as a social engineering channel. TrendAI Research has tracked Atomic (AMOS) Stealer’s evolution from crude “cracked” macOS software lures to a refined supply chain attack abusing OpenClaw’s skill…
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Feb 23, 2026 8:01 PM

Tags: crypto, cybersecurity, exploit, infection, software

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts.”Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim First seen on thehackernews.com Jump…
Fake troubleshooting tip on ClawHub leads to infostealer infection

Feb 23, 2026 5:02 PM

Tags: ai, infection, malware

A new malware delivery campaign has hit ClawHub, the official online repository for >>skills<< that augment the capabilities of the popular OpenClaw AI agent. Unlike … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/clawhub-malicious-comment-infostealer/
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85

Feb 22, 2026 5:02 PM

Tags: android, backdoor, china, data-breach, infection, international, malware

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations Divide and conquer: how the new Keenadu backdoor exposed links…
PromptSpy: First Android AI Malware Leverages Google’s Gemini for Decision-Making

Feb 20, 2026 7:02 AM

Tags: ai, android, cyber, data, google, infection, malware

PromptSpy is a newly discovered Android malware family that abuses Google’s Gemini generative AI model to make real”‘time decisions on how to manipulate the user interface and stay active on infected devices. PromptSpy’s AI”‘assisted functionality is focused on persistence rather than initial infection or data theft. Instead of relying on hardcoded tap coordinates or fragile…
Infostealer Found Stealing OpenClaw AI Identity and Memory Files

Feb 19, 2026 12:01 PM

Tags: ai, identity, infection, malware

Researchers at Hudson Rock have identified a live infection where an infostealer exfiltrated a victim’s OpenClaw configuration. The discovery highlights a shift in malware behaviour toward harvesting personal AI identity files. First seen on hackread.com Jump to article: hackread.com/infostealer-steal-openclaw-ai-identity-memory-files/
Stealthy Crypto-Mining Malware Jumps Air-Gaps, Spreads via External Drives

Feb 19, 2026 9:01 AM

Tags: computing, crypto, cyber, infection, malware, software, threat, unauthorized

Cryptojacking, the unauthorized use of a victim’s computing resources to mine cryptocurrency, has transitioned from a browser-based nuisance (typified by Coinhive scripts) to a system-level threat utilizing advanced malware techniques. The infection chain starts with a familiar lure: cracked “premium” productivity suites distributed via pirated software bundles, where the user executes what appears to be…