Tag: malware
-
Hackers Pose as Non-Profit Developers to Deploy Monero Mining Malware
REF1695 hackers spread Monero mining malware via fake non-profit installers, using stealth tactics to evade detection and hijack systems for profit. First seen on hackread.com Jump to article: hackread.com/hackers-non-profit-developers-monero-mining-malware/
-
Storm Infostealer umgeht 2FA: Malware übernimmt Accounts ohne Passwort
Der neue Storm Infostealer umgeht 2FA, kapert Accounts per Session-Hijacking und entschlüsselt Daten serverseitig. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/szene/dark-commerce/storm-infostealer-umgeht-2fa-malware-uebernimmt-accounts-ohne-passwort-328010.html
-
Tor-Backed ClickFix Campaign Drops Node.js RAT on Windows
Hackers are using a deceptive technique known as “ClickFix” to deliver a sophisticated Node. js-based remote access Trojan (RAT) targeting Windows users. ClickFix, which gained popularity in early 2025, tricks users into interacting with fake CAPTCHA or verification prompts. In this latest campaign, attackers lure victims into executing malicious commands that silently install malware disguised…
-
Fake Installers Spread RATs, Monero Miners in Ongoing Malware Campaign
Fake software installers are being used in a long-running malware operation to drop remote access trojans (RATs), Monero cryptominers, and a new .NET implant across multiple campaigns dating back to late 2023. REF1695 relies on ISO-based fake installers that mimic legitimate software setup packages but never deliver real applications. Instead, users are guided via a…
-
New Microsoft Defender Update Issued for Windows 11, Windows 10, and Server Images
Microsoft has rolled out a fresh security intelligence update for Microsoft Defender Antivirus to help secure Windows 11, Windows 10, and Windows Server images. Released on April 7, 2026, this update equips endpoints with the latest threat detection logic and AI-enhanced cloud protection to defend against emerging malware campaigns. Keeping antimalware solutions up to date…
-
Fake TradingView Premium Reddit Posts Spread Vidar and AMOS Stealers
A new malware campaign is abusing Reddit to distribute fake “cracked” builds of TradingView Premium that secretly install Vidar and AMOS information”‘stealing malware on Windows and macOS systems. The campaign targets users searching for free or pirated versions of TradingView Premium, a popular browser”‘based charting and social platform for stock, crypto, and forex traders. Threat…
-
GitHub-Backed Malware Spread via LNK Files in South Korea
Hackers are abusing Windows shortcut files and GitHub to run a stealthy, multi”‘stage malware campaign against organizations in South Korea. The operation chains LNK files, PowerShell, and GitHub APIs to deliver surveillance tools while blending into normal enterprise traffic.The campaign begins with weaponized LNK files that contain hidden scripts instead of simple shortcuts. These older…
-
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign
GitHub as C2: Researchers also highlighted the campaign’s use of GitHub as a C2 layer. Rather than communicating with suspicious-looking or newly registered domains, the malware interacts with GitHub repositories and APIs to receive instructions and exfiltrate data.”The fact that this shortcut file creates a chain that ultimately reaches out to a GitHub repository, and…
-
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign
GitHub as C2: Researchers also highlighted the campaign’s use of GitHub as a C2 layer. Rather than communicating with suspicious-looking or newly registered domains, the malware interacts with GitHub repositories and APIs to receive instructions and exfiltrate data.”The fact that this shortcut file creates a chain that ultimately reaches out to a GitHub repository, and…
-
North Korea’s Modular Malware Strategy Hides Attribution, Defies Takedowns
North Korea’s cyber program is shifting from monolithic “families” to a modular, portfolio-style malware ecosystem designed to survive exposure, frustrate attribution, and keep operations running under constant pressure. Years of sanctions, coordinated law-enforcement pressure, and rapid public disclosure of campaigns have forced Pyongyang to treat every tool as disposable. Once-static implants are now built with…
-
6 ways attackers abuse AI services to hack your business
Tags: ai, api, attack, backdoor, breach, business, ceo, china, control, cve, cyber, cybercrime, cybersecurity, data, email, espionage, exploit, framework, group, hacking, injection, leak, LLM, malicious, malware, marketplace, microsoft, monitoring, open-source, openai, service, skills, software, startup, supply-chain, threat, tool, vulnerabilityAbusing AI platforms as covert C2 channels: Cybercriminals are also abusing AI platforms as covert command-and-control (C2) channels by turning AI services into proxies that hide malicious traffic inside the flow of legitimate content.Instead of running a dedicated C2 server, malware is programmed to fetch commands and exfiltrate data through AI services, circumventing traditional security…
-
Hackers Breach ILSpy WordPress Domain to Deliver Malware
The official WordPress website for ILSpy, a highly popular open-source tool used by software developers to examine .NET code, has been compromised. Hackers successfully breached the site to redirect visitors and deliver malware, turning a trusted developer resource into a dangerous trap. The Redirection Attack Cybersecurity research group vx-underground confirmed the breach after receiving video…
-
Poisoned Axios Package Spreads Cross-Platform Malware via Phantom Dependency
Hackers hijacked the npm account of Axios’s lead maintainer. They used it to push two malicious releases that silently installed a cross”‘platform remote access trojan (RAT) on macOS, Windows, and Linux systems. Axios is one of the JavaScript ecosystem’s most widely used HTTP clients, with over 100 million weekly downloads on npm, making it deeply…
-
ResokerRAT Hijacks Telegram API to Command Infected Windows PCs
A newly identified Windows malware dubbed ResokerRAT abuses Telegram’s Bot API as its main command-and-control (C2) channel to remotely monitor and control infected systems without relying on a traditional attacker”‘owned server. By blending in with legitimate encrypted Telegram traffic, it becomes harder for network defenses to distinguish its C2 communication from normal user activity. When ResokerRAT runs,…
-
36 Malicious Strapi npm Packages Deliver Redis RCE, Persistent C2 Malware
Tags: attack, control, credentials, cyber, malicious, malware, rce, remote-code-execution, spam, supply-chainA coordinated supply chain attack has been uncovered involving 36 malicious npm packages masquerading as Strapi CMS plugins, delivering a range of payloads including Redis remote code execution (RCE), credential harvesting, and persistent command-and-control (C2) malware. The campaign was carried out using four sock-puppet npm accounts umarbek1233, kekylf12, tikeqemif26, and umar_bektembiev1. Unlike typical npm spam…
-
Hackers Spread Vidar and GhostSocks Malware Through Claude Code Leak
What happened Hackers are weaponizing the leaked Claude Code source to spread Vidar and GhostSocks malware through malicious repositories that impersonate the exposed codebase. The campaign followed Anthropic’s March 31 packaging error, which exposed the source code for Claude Code in a public npm package through a JavaScript source map file containing more than half…The…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government RoadK1ll: A WebSocket Based Pivoting Implant axios Compromised: npm Supply Chain Attack via Dependency Injection…
-
Image or Malware? Read until the end and answer in comments 🙂
A malicious email delivered a .cmd malware that escalates privileges, bypasses antivirus, downloads payloads, sets persistence, and self-deletes. I received this email from a friend to make an analysis. First, let me express my thanks to Janô Falkowski Burkard for this amazing contribution. A little context, He received an email that was really strange and…
-
Internet-Connected Coffee Machine Reportedly Led to Corporate Data Breach
What happened An internet-connected coffee machine reportedly led to a significant corporate data breach after attackers used the device as an entry point into a secure network. A digital forensics investigator identified only as TR examined the incident after a client suspected a rival had infiltrated its systems. Instead of finding malware, the investigator found…The…
-
Sample Malware Phone Back CC (Command and Control) MD5s From Domains Belonging to XSS Forum Users A Compilation
Dear blog readers, In my most recent analysis I decided to take a deeper look inside some of the domains which belong to members of the XSS forum are known to have been used as malicious software phone back C&C (command and control) domains. Here’s the compilation: 206.su 740d9cd8ea165302aa3cd7e6f198ea4c 23fefvdfmbhty5ouihksdfs.com c2a10312a002ad7de56237d9a419f2f8 adwords-limon.biz 7e2c95f6297d372820df8bea6ec10c42 astfv43kol.com c5d8a48579e8bc4a2ff1ac229d7da4bb…
-
UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles
North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages. First seen on hackread.com Jump to article: hackread.com/unc1069-node-js-maintainer-fake-linkedin-slack-profile/
-
UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles
North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages. First seen on hackread.com Jump to article: hackread.com/unc1069-node-js-maintainer-fake-linkedin-slack-profile/
-
After fighting malware for decades, this cybersecurity veteran is now hacking drones
Mikko Hyppönen is one of the most recognizable faces of the cybersecurity industry. After fighting computer viruses, worms, and malware, for more than 35 years, he tells TechCrunch why he is now working on systems to stop killer drones. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/04/after-fighting-malware-for-decades-this-cybersecurity-veteran-is-now-hacking-drones/
-
Supply Chain Malware Alert: plainjs Compromises Axios Packages
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/supply-chain-malware-alert-plain-crypto-js-compromises-axios-packages
-
Hackers Are Posting the Claude Code Leak With Bonus Malware
Plus: The FBI says a recent hack of its wiretap tools poses a national security risk, attackers stole Cisco source code as part of an ongoing supply chain hacking spree, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-hackers-are-posting-the-claude-code-leak-with-bonus-malware/
-
Supply Chain Attacks Surge in March 2026
Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windowsIntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
-
7 ways to improve your business resilience with backup and recovery
Tags: attack, automation, backup, business, cloud, compliance, control, cyber, data, dns, HIPAA, identity, malware, metric, network, PCI, ransomware, resilience, risk, service, soc, threat, vulnerability2. Ensure off-site backup copies : Local backups are fast, but they are also vulnerable to the same physical disasters and ransomware attacks that hit your primary servers. If your production environment and your backups are on the same network segment without air-gapping, a single compromise becomes a total extinction event. The Fix: Adopt a 3-2-1 strategy (3 total copies of data, 2 different media…