Tag: malware
-
âš¡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More
Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar.Across devices, cloud services, research labs, and even everyday apps, the line between normal behavior…
-
Hackers Use Excel Exploit to Hide XWorm 7.2 in JPEG Files, Hijack PCs
A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys. First seen on hackread.com Jump to article: hackread.com/hackers-excel-exploit-xworm-7-2-jpeg-files-hijack-pcs/
-
Malware in Javascript-Projekten: Neuer Wurm frisst sich durch die NPM-Datenbank
Tags: malwareForscher haben mehrere mit Malware verseuchte NPM-Pakete entdeckt. Die Infektion weiterer Pakete soll automatisch erfolgen. First seen on golem.de Jump to article: www.golem.de/news/malware-in-javascript-projekten-neuer-wurm-frisst-sich-durch-die-npm-datenbank-2602-205732.html
-
Über 1500 Prozent mehr neue Malware
Der aktuelle Internet Security Report von WatchGuard zeigt einen massiven Anstieg neuartiger Malware im zweiten Halbjahr 2025. Besonders auffällig ist die wachsende Fähigkeit der Schadsoftware, klassische Schutzmechanismen zu umgehen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/mehr-neue-malware
-
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo.The activity, first observed on January 26, 2026, has resulted in the deployment of new malware…
-
North Korean Hackers Exploit Fake IT Worker Schemes and Malicious Interview Lures
North Korean state-backed hackers are running large-scale fake IT worker and “Contagious Interview” campaigns that abuse developer hiring workflows to deliver JavaScript-based malware, steal code and credentials, and covertly generate revenue for the regime. Since at least 2022, North Korean threat actors have impersonated recruiters and hiring managers, luring software developers into executing booby-trapped code…
-
Silver Fox APT Deploys DLL Sideloading and BYOVD in Advanced Malware Campaign
Silver Fox APT is running a new wave of targeted attacks in Taiwan that combine DLL sideloading and Bring Your Own Vulnerable Driver (BYOVD) techniques to deploy Winos 4.0 (ValleyRat) while aggressively disabling security tools. The campaigns rely on highly localized tax and e”‘invoice lures and fast”‘changing infrastructure, making them difficult to block with static…
-
Arkanix Stealer pops up as short-lived AI info-stealer experiment
An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/arkanix-stealer-pops-up-as-short-lived-ai-info-stealer-experiment/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations Divide and conquer: how the new Keenadu backdoor exposed links…
-
ClickFix Malware-Kampagne: Fake-Cloudflare-Check installiert unbemerkt MIMICRAT
Tags: malwareClickFix Malware-Kampagne verteilt MIMICRAT über Fake-Cloudflare-Seiten mit fünfstufiger Infektionskette, AMSI-/ETW-Bypass und HTTPS-C2. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/malware/clickfix-malware-kampagne-fake-cloudflare-check-installiert-unbemerkt-mimicrat-326127.html
-
Neue Android-Malware nutzt Gemini als Gehirn
Sicherheitsforscher des slowakischen IT-Unternehmens ESET haben eine neue Android-Schadsoftware entdeckt, die Google Gemini aktiv im laufenden Betrieb einsetzt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/neue-android-malware-nutzt-gemini-als-gehirn
-
Compromised npm package silently installs OpenClaw on developer machines
Update to the latest version: npm install “-g cline@latest.”If on version 2.3.0, update to 2.4.0 or higher.Check for and immediately remove OpenClaw if it hadn’t been intentionally installed (“npm uninstall -g openclaw”).Gooding noted, “nothing ran automatically beyond the install,” but added there was still a risk: “OpenClaw is a capable agentic tool with broad system…
-
Android Malware Taps Google Gemini at Runtime
Researchers Say PromptSpy Automates Persistence on Infected Devices. A newly discovered Android malware strain, PromptSpy, is using Google’s Gemini generative artificial intelligence model to automate part of its persistence mechanism, marking what researchers describe as the second known case of AI-driven mobile malware. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/android-malware-taps-google-gemini-at-runtime-a-30819
-
Cashing Out: ATM Jackpotting Attacks Surging Across US
$20M Stolen Last Year in Malware-Driven Jackpotting Attacks, Warns FBI. Malware-wielding criminals jackpotted ATMs across the United States last year to walk away with $20 million thanks to cash-out attacks. Tracking that collective haul, the FBI said such attacks are on the rise, and urged operators to implement a range of physical and hardware-level defenses.…
-
Don’t trust TrustConnect: This fake remote support tool only helps hackers
Attackers use a dual-purpose website: The TrustConnect website has realistic marketing language, feature descriptions, and documentation that serves both as a public-facing front to promote the software and as a backend portal for customers who purchase access to the tool’s malicious services.”Cybercriminals are instructed to sign up for a ‘free trial,’ instructed on how to…
-
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT).”The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage First seen on thehackernews.com Jump to…
-
Google Blocks 1.75 Million Malicious Apps from Entering Play Store
Google has revealed that it blocked more than 1.75 million malicious or policy”‘violating Android apps from reaching users through the Play Store in 2025, highlighting a major AI”‘driven push to secure the mobile ecosystem against malware, fraud, and privacy abuse. More than 80,000 “bad” developer accounts were also banned, cutting off repeat offenders who tried…
-
Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets
Attackers are weaponizing Facebook ads to distribute password-stealing malware masked as a Windows download. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/facebook-ads-spread-fake-windows-11-downloads-that-steal-passwords-and-crypto-wallets/
-
CharlieKirk Grabber Malware Targets Windows Systems to Steal Login Credentials
CharlieKirk Grabber is a Python-based Windows infostealer that focuses on rapid “smash”‘and”‘grab” credential theft and data exfiltration rather than long-term system control or destructive behavior. It targets browser”‘stored passwords, Wi”‘Fi keys, Discord tokens, and gaming sessions, then exfiltrates the collected data via third”‘party file hosting and encrypted Discord or Telegram channels. File Name CharlieKirk.exe File…
-
The Cyber Express Weekly Roundup: AI Disruption, Regulatory Pressure, and the Evolving Cyber Threat Landscape
Artificial intelligence is no longer a future-facing concept; it is actively reshaping cyber risk, regulatory enforcement, and enterprise security strategy in real time. This week’s The Cyber Express weekly roundup reflects the modern environment where AI-driven fraud, deepfake investigations, ransomware incidents, and mobile malware innovations are unfolding simultaneously across multiple regions. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/ai-deepfakes-ransomware-weekly-roundup/
-
FBI Issues Emergency Alert as Ploutus Malware Drains U.S. ATMs Without Cards or Accounts
Ploutus malware is powering a new wave of “jackpotting” attacks that drain U.S. ATMs without needing a bank card, customer account, or bank authorization, prompting the FBI to issue an emergency FLASH alert to financial institutions nationwide.”‹ According to the FBI alert, threat actors are using Ploutus and related ATM jackpotting malware to control cash…
-
Android Malware Hijacks Google Gemini to Stay Hidden
A new Android malware implant using Google Gemini to perform persistence tasks was discovered on VirusTotal and analyzed by ESET First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-malware-hijacks-google/
-
FBI: Over $20 million stolen in surge of ATM malware attacks in 2025
The FBI warned that Americans lost more than $20 million last year amid a massive surge in ATM “jackpotting” attacks, in which criminals use malware to force cash machines to dispense money. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-over-20-million-stolen-in-surge-of-atm-malware-attacks-in-2025/
-
FBI: Over $20 million stolen in surge of ATM malware attacks in 2025
The FBI warned that Americans lost more than $20 million last year amid a massive surge in ATM “jackpotting” attacks, in which criminals use malware to force cash machines to dispense money. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-over-20-million-stolen-in-surge-of-atm-malware-attacks-in-2025/
-
PromptSpy abuses Gemini AI to gain persistent access on Android
PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity…
-
PromptSpy läutet mit GenAI die Ära der Android-Bedrohungen ein
ESET-Forscher entdecken PromptSpy, die erste bekannte Android-Malware, die generative KI in ihrem Ausführungsablauf nutzt. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/promptspy-lautet-mit-genai-die-ara-der-android-bedrohungen-ein/
-
Neue Malware TrustConnect für 300 Euro im Monat zu mieten
Für 300 US-Dollar im Monat können Kriminelle einen vollwertigen Remote Access Trojan mieten, inklusive Dashboard, gefälschtem Firmenzertifikat und professioneller Website. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/malware-trustconnect-fuer-300-euro
-
PromptSpy: First Android AI Malware Leverages Google’s Gemini for Decision-Making
PromptSpy is a newly discovered Android malware family that abuses Google’s Gemini generative AI model to make real”‘time decisions on how to manipulate the user interface and stay active on infected devices. PromptSpy’s AI”‘assisted functionality is focused on persistence rather than initial infection or data theft. Instead of relying on hardcoded tap coordinates or fragile…