Tag: malware
-
Steaelite RAT Drives Surge in Double Extortion Attacks on Enterprises
A newly surfaced Remote Access Trojan (RAT) named Stealer is rapidly gaining traction across cybercrime networks, fueling a fresh wave of double-extortion incidents against enterprise targets. It offers features such as HVNC (Hidden Virtual Network Computing) monitoring and banking application bypass capabilities once reserved for advanced, custom-built malware teams. Steaelite’s marketing strategy mirrors that of commercial malware projects. The developer has actively…
-
Steaelite RAT combines data theft and ransomware management capability in one tool
Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windowsCSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
-
Fake ‘interview’ repos lure Next.js devs into running secret-stealing malware
Tags: malwareCome for the coding test, stay for the C2 traffic First seen on theregister.com Jump to article: www.theregister.com/2026/02/25/jobseeking_nextjs_devs_attack/
-
China-linked hackers breach dozens of telecoms, government agencies
The campaign involved a clever technique: malware that hid in plain sight on Google Sheets. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-cyberattacks-telecommunications-google-sheets/813082/
-
mquire: Linux memory forensics without external dependencies
If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols aren’t typically installed on production systems and must be sourced from external repositories, which quickly become outdated when systems receive updates. If you’ve ever tried to analyze a memory dump only…
-
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data.The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications. First seen on thehackernews.com Jump…
-
$300 a Month Android Malware ‘Oblivion’ Uses Fake Updates to Hijack Phones
Cybersecurity researchers at Certo reveal Oblivion, a new Android Trojan targeting major brands like Samsung and Xiaomi. It bypasses security to steal passwords and bank codes. First seen on hackread.com Jump to article: hackread.com/android-malware-oblivion-fake-updates-hijack-phones/
-
Android RAT SURXRAT Grants Hackers Full Device Control and Data Exfiltration
SURXRAT is an actively developed Android Remote Access Trojan (RAT) sold as a commercial malware-as-a-service (MaaS) on Telegram, giving attackers full device control and powerful data”‘stealing capabilities. It combines large”‘scale affiliate distribution, cloud”‘hosted command”‘and”‘control, and even experimental AI modules, making it a serious and evolving threat for Android users. The Indonesian operator runs a channel…
-
SURXRAT, a Trojan’s LLM-Driven Expansion in Android Malware
SURXRAT, an Android Remote Access Trojan (RAT), has come out as a commercially structured malware operation. Distributed under the branding “SURXRAT V5,” the malware is sold through a Telegram-based malware-as-a-service (MaaS) network that enables affiliates to generate customized builds while the core operator retains centralized infrastructure and oversight. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/surxrat-arsinkrat-llm-android-rat-analysis/
-
Microsoft Alerts Developers of Malicious Next.js Repositories Used in Ongoing Hacker Attacks
Microsoft has warned that threat actors are weaponizing malicious Next.js repositories to compromise developers through what appear to be legitimate projects and recruiting”‘style technical assessments. The campaign abuses normal workflows in Visual Studio Code and Node.js to reach a staged command”‘and”‘control (C2) backdoor without relying on traditional malware installers. Attackers publish repositories that appear to…
-
Self-spreading npm malware targets developers in new supply chain attack
Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/npm-worm-sandworm-mode-supply-cain-attack/
-
Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools
Poisoning the AI developer interface: The campaign was specifically flagged for its direct targeting of AI coding assistants. The malware deploys a malicious Model Context Protocol (MCP) server and injects it into configurations of popular AI tools, embedding itself as a trusted component in the assistant’s environment.Once this is achieved, prompt-injection techniques can trick the…
-
Cybercriminals Exploit Windows Management Instrumentation WMI to Maintain Stealthy Access and Silent Control
Tags: access, control, cyber, cybercrime, exploit, infrastructure, malware, startup, strategy, windowsWindows Management Instrumentation (WMI) is a critical utility built into the Windows operating system designed to help administrators monitor status and automate routine tasks. However, cybercriminals have increasingly weaponized this legitimate infrastructure to maintain persistent access to compromised networks. Unlike traditional malware strategies that rely on visible startup folders or registry run keys, WMI abuse…
-
New ZeroDayRAT Malware Claims Full Monitoring of Android and iOS Devices
Meet ZeroDayRAT, a newly advertised malware targeting Android and iOS devices with surveillance, location tracking, and crypto theft tools sold via Telegram as a MaaS service. First seen on hackread.com Jump to article: hackread.com/zerodayrat-malware-monitoring-android-ios-devices/
-
Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign
Arkanix Stealer surfaced in late 2025 as a short-lived info-stealer, likely built as an AI-assisted experiment and quickly abandoned. Arkanix Stealer emerged in late 2025 as a short-lived information-stealing malware promoted on dark web forums. Researchers believe it was likely created as an AI-assisted experiment, suggesting the operators were testing automated development techniques rather than…
-
Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration
Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data…
-
Hackers Use Steganographic Images to Bypass Anti-Malware and Deploy Malware
Hackers are abusing steganography in PNG images to smuggle a Pulsar Remote Access Trojan (RAT) into Windows systems through a malicious NPM package named buildrunner”‘dev. The attack starts with a typosquatted NPM package, buildrunner”‘dev, which impersonates the abandoned “buildrunner”/”build-runner” tools to catch developers who mistype or assume it is a maintained fork. Its package.json looks harmless but defines a postinstall hook…
-
Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign
A typosquatted copy of the popular Huorong Security antivirus site is being used to deliver ValleyRAT, a modular remote access trojan (RAT) built on the Winos4.0 framework, to users who believe they are downloading legitimate protection software. The attackers registered huoronga[.]com adding a single “a” to the legitimate huorong.cn domain as part of a typosquatting strategy designed…
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Operation Olalampo: MuddyWater Unleashes AI-Assisted Rust Malware and Telegram C2 in MENA Espionage Surge
The post Operation Olalampo: MuddyWater Unleashes AI-Assisted Rust Malware and Telegram C2 in MENA Espionage Surge appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/operation-olalampo-muddywater-unleashes-ai-assisted-rust-malware-and-telegram-c2-in-mena-espionage-surge/
-
Iran’s MuddyWater Targets Orgs With Fresh Malware as Tensions Mount
The long-active Iranian threat group debuted various attack strains and payloads in attacks against organizations in the Middle East and Africa. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iran-muddywater-new-malware-tensions-mount
-
APT28 Targeted European Entities Using Webhook-Based Macro Malware
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe.The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation of…
-
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools
Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/shai-hulud-like-worm-devs-npm-ai/
-
Fake troubleshooting tip on ClawHub leads to infostealer infection
A new malware delivery campaign has hit ClawHub, the official online repository for >>skills<< that augment the capabilities of the popular OpenClaw AI agent. Unlike … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/clawhub-malicious-comment-infostealer/
-
Fraud Investigation Reveals Sophisticated Python Malware
Sophisticated Python malware uncovered in fraud probe shows obfuscation, disposable infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fraud-investigation-python-malware/
-
Künstliche Intelligenz wird zur neuen Befehls- und Kontrollschicht
Die Sicherheitsforscher von Check Point Research haben eine neue Forschungsanalyse veröffentlicht, die sich auf KI-Assistenten als verdeckte Befehls- und Kontrollkanäle und KI-gesteuerte Malware konzentriert. Ein Wendepunkt im modernen Cyber-Risiko mit Auswirkungen auf alle Branchen, die die Einführung von KI vorantreiben. KI-Assistenten wie Microsoft-Copilot und Grok unterstützen Webbrowsing- oder URL-Abruf-Funktionen. Sie können als verdeckte C2-Proxys missbraucht…
-
Deutschsprachiger Entwickler hinter Arkanix-Stealer?
Ein neuer Infostealer namens Arkanix wurde öffentlich über Discord beworben und im Malware-as-a-Service-Modell angeboten. Experten von Kaspersky haben die Spuren eines deutschsprachigen Entwicklers gefunden. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/infostealer-arkanix
-
GrayCharlie Hacks WordPress Sites, Spreads NetSupport RAT and Stealc Malware
GrayCharlie is abusing compromised WordPress sites to silently load malicious JavaScript that pushes NetSupport RAT, often followed by Stealc and SectopRAT, via fake browser updates and ClickFix lures. Insikt Group tracks GrayCharlie as a financially motivated threat actor overlapping with SmartApeSG, active since mid”‘2023, and specializing in turning legitimate WordPress sites into malware-delivery points. The…