Tag: malware
-
PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB Credentials
Tags: breach, cloud, container, credentials, cyber, data-breach, docker, extortion, framework, fraud, infrastructure, kubernetes, malware, spam, threat, wormA newly identified malware framework dubbed PCPJack is targeting exposed cloud and container infrastructure to steal credentials at scale while actively removing artifacts linked to the TeamPCP threat actor. Unlike typical cloud-focused campaigns, PCPJack skips cryptomining entirely and instead appears optimized for fraud, spam, extortion, and resale of stolen access. TeamPCP itself drew attention earlier in 2026…
-
NWHStealer Campaign Deploys Bun Loader, Anti-VM Evasion, and Encrypted C2
A new distribution method for the NWHStealer infostealer that leverages the Bun JavaScript runtime, marking a significant evolution in the malware’s delivery infrastructure. The threat actors behind this Rust-based stealer are exploiting Bun’s relative newness and high-performance capabilities to package malicious code into larger executables that evade traditional detection methods. Bun is a legitimate, fast…
-
Hackers Use Fake Claude AI Site to Infect Users With New Beagle Malware
Researchers have discovered a new malvertising campaign using a fake Claude AI website to plant a new, undocumented backdoor named Beagle on user devices. First seen on hackread.com Jump to article: hackread.com/hackers-fake-claude-ai-site-infect-beagle-malware/
-
New TCLBanker malware self-spreads over WhatsApp and Outlook
A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to infect systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-tclbanker-malware-self-spreads-over-whatsapp-and-outlook/
-
After Replacing TeamPCP Malware, ‘PCPJack’ Steals Cloud Secrets
PCPJack makes innovative use of parquet files for stealthy, pre-validated target discovery as it canvasses multiple cloud environments. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/teampcp-malware-pcpjack-steals-cloud-secrets
-
New PCPJack worm steals credentials, cleans TeamPCP infections
A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP’s access to the systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-pcpjack-worm-steals-credentials-cleans-teampcp-infections/
-
Microsoft-Edge speichert Passwörter im RAM als Klartext
Windows 10 und 11 nutzen eine Speicherisolation, damit Prozesse in voneinander getrennten virtuellen Adressräumen ausgeführt werden. Unter bestimmten Bedingungen kann jedoch ein gewöhnlicher Anwendungsprozess weiterhin auf den Speicher eines anderen Prozesses im Benutzermodus zugreifen. Das wirft die Befürchtung auf, dass Malware, die mit normalen Benutzerrechten ausgeführt wird, sensible Informationen wie Passwörter und Authentifizierungs-Tokens direkt aus…
-
Identitäten wie Perimeter behandeln
Der World-Password-Day ist nicht mehr nur ein Anstoß, sich stärkere Passwörter zu wählen, sondern ein Anlass, das Thema Identität neu zu überdenken. Cyberkriminelle müssen sich kaum noch reinhacken, sie stehlen die Zugangsdaten einfach über Phishing, Malware oder gehackte Datenbanken und loggen sich einfach ein. Wiederverwendete Passwörter ermöglichen es ihnen, sich über mehrere Dienste und Plattformen…
-
Fake Claude AI website delivers new ‘Beagle’ Windows malware
A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-claude-ai-website-delivers-new-beagle-windows-malware/
-
Fake Claude AI Installers Used to Spread Malware in New Cyber Scam
Hackers are abusing fake Claude AI installer pages promoted through Google Ads to trick users into running malware in a campaign. The operation combines highly realistic install guides with a stealthy, multi”‘stage infection chain that abuses trusted Windows components, fileless execution, and advanced evasion techniques to stay under the radar. Victims who click these ads…
-
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems.”While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files,” Kaspersky First…
-
Entwickler bestätigt: Daemon Tools Lite mit Schadcode verseucht
Der Entwickler von Daemon Tools hat bestätigt, dass die Lite-Variante seiner Software zuletzt Malware enthielt. Eine neue Version korrigiert das. First seen on golem.de Jump to article: www.golem.de/news/entwickler-bestaetigt-daemon-tools-lite-mit-schadcode-verseucht-2605-208417.html
-
UAT-8302 Targets Government Agencies With Custom Malware and Open-Source Tools
A new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America and southeastern Europe. The campaign focuses on long-term access and data theft, combining advanced backdoors like NetDraft and CloudSorcerer with aggressive network reconnaissance and credential theft. Researchers assess with high confidence…
-
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks.Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted First seen on…
-
DAEMON Tools devs confirm breach, release malware-free version
Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/daemon-tools-devs-confirm-breach-release-malware-free-version/
-
CloudZ Malware Abuses Phone Link to Steal SMS OTPs
Cisco Talos uncovers CloudZ RAT and Pheno plugin abusing Microsoft Phone Link to intercept SMS OTPs First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cloudz-rat-pheno-phone-link-otp/
-
Warum starke Passwörter nicht vor KI-Gefahren schützen
Angesichts der wachsenden KI-Bedrohungslage verkommt die Message nach starken Passwörtern mit 16 Zeichen und Symbolen am World-Password-Day zur Farce. Ein 16-stelliges Passwort ist nutzlos, wenn eine Infostealer-Malware es direkt aus dem Browser-Cache extrahiert oder ein Mitarbeiter es in einen unkontrollierten KI-Chatbot eingibt. Die Cyberbedrohungslandschaft hat sich rasch zu einer industrialisierten ‘Cybercrime-as-a-Service”-Wirtschaft (CaaS) entwickelt, die von…
-
Salat Malware Abuses QUIC and WebSockets for Stealthy C2 Control
A powerful new Windows malware family dubbed Salat Stealer, a Go-based Remote Access Trojan (RAT) that blends classic infostealing with a stealthy QUIC/WebSocket command-and-control (C2) channel and resilient blockchain-backed infrastructure. Written in Go, it supports remote shell access, desktop and webcam streaming, keylogging, clipboard theft, browser and crypto”‘wallet data theft, and SOCKS5-based pivoting, giving operators interactive…
-
New malware turns Linux systems into P2P attack networks
Persistence through rootkits and PAM backdoors: The researchers also wrote of QLNX’s use of rootkits and Linux Pluggable Authentication Modules (PAM) to establish long term persistence. According to Trend Micro, the malware leverages rootkit functionality to conceal malicious activity, processes, and components from administrative tools and security monitoring systems.The malware was also observed tampering with…
-
Daemon Tools: Offizielle Downloads enthalten seit Wochen Malware
Seit Anfang April wird über die offizielle Webseite des Entwicklers von Daemon Tools Malware verbreitet. Auch in Deutschland gibt es Infektionen. First seen on golem.de Jump to article: www.golem.de/news/daemon-tools-offizielle-downloads-enthalten-seit-wochen-malware-2605-208362.html
-
Malicious OpenClaw Skill Targets Agentic AI Workflows to Deploy RATs and Stealers
OpenClaw’s agent “skill” ecosystem to deliver both Remcos RAT and a cross”‘platform stealer called GhostLoader by hiding malware inside a deceptive DeepSeek integration called “DeepSeek”‘Claw.” The campaign shows how agentic AI workflows with high local privileges can be quietly hijacked through manipulated installation instructions rather than classic exploit chains. OpenClaw, formerly known as Clawdbot and…
-
Offizielle Daemon Tools-Downloads werden zur Malware-Falle
Ein aktueller Supply-Chain-Angriff auf Daemon Tools sorgt für weltweite Sicherheitsrisiken. Über die offizielle Downloadquelle wurde eine manipulierte Installationsdatei verbreitet, die neben der legitimen Software auch Schadcode enthält. Betroffen sind Nutzer in mehr als 100 Ländern, darunter auch Deutschland. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/daemon-tools-malware
-
North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware
Researchers at cybersecurity firm ESET attributed the campaign to APT37 and said the hackers used a backdoor attached to a suite of card games from a company called Sqgame. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-target-ethnic-koreans-in-china
-
New stealthy Quasar Linux malware targets software developers
A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers’ systems with a mix of rootkit, backdoor, and credential-stealing capabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-stealthy-quasar-linux-malware-targets-software-developers/
-
Windows 11 zeigt vermehrt Malware-Warnungen: Was hinter der Cerdigent-Meldung steckt
First seen on t3n.de Jump to article: t3n.de/news/windows-11-malware-warnung-cerdigent-1740888/
-
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky.”These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers,” Kaspersky researchers Igor Kuznetsov, Georgy Kucherin, Leonid First seen on…
-
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025.The activity is being tracked by Cisco Talos under the moniker UAT-8302, with post-exploitation involving the deployment of custom-made malware families that have been…
-
Hackers Abuse DAEMON Tools Distribution Channel to Deliver Malicious Payloads
A sophisticated supply-chain attack has compromised the official distribution channel for DAEMON Tools, delivering multi-stage malware to users worldwide. Since April 8, 2026, threat actors have distributed trojanized installers signed with legitimate digital certificates to conduct highly targeted cyberespionage operations. Attackers successfully breached the development pipeline of AVB Disc Soft, the creators of the widely…