Tag: malware
-
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
Tags: attack, breach, credentials, cybercrime, finance, fraud, infrastructure, law, malware, microsoft, network, ransomwareA coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC.”The main common goal was to disrupt the ‘assembly lines’ cybercriminals use to launch ransomware, financial fraud, and attacks on critical infrastructure,” Europol said in First seen…
-
Microsoft, Europol lead international takedown against infostealer malware
Cybercriminals used Amadey and StealC to infect thousands of computers worldwide, leading to ransomware and other digital crimes. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-europol-international-takedown-infostealer-malware/823655/
-
Law enforcement hits StealC and Amadey malware networks
Operation Endgame, the largest international law enforcement operation aimed at disrupting ransomware and cybercrime infrastructure across the world, has claimed its latest … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/24/operation-endgame-stealc-amadey-malware-disrupted/
-
Amadey, StealC malware operations disrupted in Operation Endgame action
Microsoft, Europol, and international partners have disrupted infrastructure used by the Amadey and StealC malware operations as part of Operation Endgame, which targets cybercriminal services and ransomware gangs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/amadey-stealc-malware-operations-disrupted-in-operation-endgame-action/
-
Android Malware Campaign Uses Fake Document Reader App with 100K Google Play Downloads
Android Malware Campaign Uses Fake Document Reader App with 100K Google Play Downloads tracks a fresh Anatsa campaign that abused trust in a seemingly useful document-reader app to reach a large install base before its payload was activated. The malicious app was published as a document reader and file utility, a category that normally attracts…
-
Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber Espionage
An NCC Group report warns state-backed hackers are attempting to hide activity by posing as ransomware groups and deploying commercially available malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iranlinked-muddywater-poses-as/
-
Payouts King Initial Access Broker Deploys Edgecution Malware Through Malicious Edge Extension
A concerted campaign by an initial access broker with ties to the Payouts King ransomware ecosystem that leverages a novel browser-based delivery technique to establish persistent host-level control. The actor deploys a malicious Microsoft Edge extension dubbed >>Edgecution<< which abuses the Chrome native messaging protocol to reach a Python backdoor running on the endpoint, effectively…
-
Neuer Schadsoftware-Loader OXLOADER nutzt Google-Anzeigen
Ein neuer Malware-Loader namens OXLOADER verbreitet den Passwort-Dieb CastleStealer über gefälschte Google Ads. Die Erkennungsrate ist bislang sehr gering. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/google-ads-schadsoftware-loader
-
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign
A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID MB-0009). The initial artifact is an archive named Besomar_documentation.rar, distributed with decoy PDF files mimicking…
-
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign
A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID MB-0009). The initial artifact is an archive named Besomar_documentation.rar, distributed with decoy PDF files mimicking…
-
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign
A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID MB-0009). The initial artifact is an archive named Besomar_documentation.rar, distributed with decoy PDF files mimicking…
-
New macOS ClickFix attack silently mounts DMGs to push infostealer
A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from malicious disk image (DMG) files. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/
-
New CryptoBandits Malware Uses USB Drives and Tor to Steal Crypto
Microsoft researchers warn of a new dual-action cryptocurrency clipper (CryptoBandits Malware) spreading through USB devices to alter wallet addresses and steal crypto assets. First seen on hackread.com Jump to article: hackread.com/cryptobandits-malware-usb-drives-tor-steal-crypto/
-
ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates
Attackers backdoored ShapedPlugin Pro updates, deploying malware that steals credentials, 2FA secrets, and grants full site access. If you installed a ShapedPlugin Pro plugin between April and June 2026 and kept it updated, your site may be compromised. Not because you did something wrong, but because the vendor’s own build and distribution pipeline was breached.…
-
ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates
Attackers backdoored ShapedPlugin Pro updates, deploying malware that steals credentials, 2FA secrets, and grants full site access. If you installed a ShapedPlugin Pro plugin between April and June 2026 and kept it updated, your site may be compromised. Not because you did something wrong, but because the vendor’s own build and distribution pipeline was breached.…
-
Cybercriminals Abuse TDS Infrastructure to Bypass Firewalls and Hide Malicious Destinations
Cybercriminals are increasingly abusing traffic distribution systems (TDSs) to evade defenses, conceal malicious destinations, and funnel victims into phishing, fraud, and malware campaigns. Once considered a legitimate marketing tool to route visitors to different content or offers, TDS infrastructure is now being repurposed as a stealthy redirection layer that complicates detection and response for network…
-
Gekaperte WhatsApp-Konten verschicken gefälschte Rechnungen
Tags: malwareEine mehrsprachige Malware-Kampagne nutzt kompromittierte WhatsApp-Konten, um Schadsoftware über gefälschte Geschäftsdokumente zu verbreiten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/whatsapp-gefaelschte
-
FlutterShell Malware Uses C2-Delivered JavaScript Payloads to Evade Sandbox Detection
Targeted macOS endpoint monitoring, the CL-CRI-1089 cluster tied to Operation FlutterBridge repurposes the Flutter framework to deliver a novel macOS malware family dubbed FlutterShell. Rather than rehashing prior campaign reporting, this piece treats recovered artifacts as a technical detection case study built from static analysis of ten Mach”‘O samples collected between December 2025 and March…
-
Botnetz AryStinger infiziert tausende Router weltweit
Das neu entdeckte Botnetz AryStinger hat weltweit über 4000 veraltete Router infiziert. Die Malware nutzt die Geräte als Proxys für Cyberangriffe. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/tausende-router-botnetz-arystinger
-
Botnetz AryStinger infiziert tausende Router weltweit
Das neu entdeckte Botnetz AryStinger hat weltweit über 4000 veraltete Router infiziert. Die Malware nutzt die Geräte als Proxys für Cyberangriffe. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/tausende-router-botnetz-arystinger
-
Botnetz AryStinger infiziert tausende Router weltweit
Das neu entdeckte Botnetz AryStinger hat weltweit über 4000 veraltete Router infiziert. Die Malware nutzt die Geräte als Proxys für Cyberangriffe. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/tausende-router-botnetz-arystinger
-
Botnetz AryStinger infiziert tausende Router weltweit
Das neu entdeckte Botnetz AryStinger hat weltweit über 4000 veraltete Router infiziert. Die Malware nutzt die Geräte als Proxys für Cyberangriffe. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/tausende-router-botnetz-arystinger
-
WhatsApp phishing attack uses fake business docs to hack PCs
An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/whatsapp-phishing-attack-uses-fake-business-docs-to-hack-pcs/
-
WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools
WhatsApp accounts were hijacked to spread fake debt notices that install remote access software, giving attackers control of victims’ PCs. Kaspersky published a technical analysis this week of an active malware campaign that spreads through WhatsApp messages and ends with a remote management tool silently installed on the victim’s machine. The campaign is still running…
-
WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools
WhatsApp accounts were hijacked to spread fake debt notices that install remote access software, giving attackers control of victims’ PCs. Kaspersky published a technical analysis this week of an active malware campaign that spreads through WhatsApp messages and ends with a remote management tool silently installed on the victim’s machine. The campaign is still running…
-
New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER.According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidence indicates that the threat actor is likely Russian-speaking and financially motivated, owing to the…
-
New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER.According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidence indicates that the threat actor is likely Russian-speaking and financially motivated, owing to the…
-
Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper
A multi-platform malware campaign abuses fake trust signals to infect Windows and Mac users with a crypto clipper packed with 15,500 attacker wallets. First seen on hackread.com Jump to article: hackread.com/scammers-fake-github-virustotal-crypto-clipper/
-
Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper
A multi-platform malware campaign abuses fake trust signals to infect Windows and Mac users with a crypto clipper packed with 15,500 attacker wallets. First seen on hackread.com Jump to article: hackread.com/scammers-fake-github-virustotal-crypto-clipper/