Tag: malware

Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework

Nov 21, 2025 7:49 PM

Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windows

Cyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
Sneaky2FA phishing tool adds ability to insert legit-looking URLs

Nov 21, 2025 5:49 AM

Tags: access, ai, attack, awareness, breach, ciso, cloud, data, defense, detection, email, exploit, google, jobs, linkedin, malicious, malware, microsoft, phishing, risk, software, tactics, tool, training

A look at Sneaky2FA: Sneaky2FA operates through a full-featured bot on Telegram, says the report. Customers reportedly receive access to a licensed, obfuscated version of the source code and deploy it independently. This means they can customize it to their needs. On the other hand, the report notes, Sneaky2FA implementations can be reliably profiled and…
Sneaky2FA phishing tool adds ability to insert legit-looking URLs

Nov 21, 2025 5:49 AM

Tags: access, ai, attack, awareness, breach, ciso, cloud, data, defense, detection, email, exploit, google, jobs, linkedin, malicious, malware, microsoft, phishing, risk, software, tactics, tool, training

A look at Sneaky2FA: Sneaky2FA operates through a full-featured bot on Telegram, says the report. Customers reportedly receive access to a licensed, obfuscated version of the source code and deploy it independently. This means they can customize it to their needs. On the other hand, the report notes, Sneaky2FA implementations can be reliably profiled and…
Google exposes BadAudio malware used in APT24 espionage campaigns

Nov 20, 2025 11:49 PM

Tags: attack, china, espionage, google, hacker, malware

China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-exposes-badaudio-malware-used-in-apt24-espionage-campaigns/
Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

Nov 20, 2025 10:49 PM

Tags: android, banking, communications, control, credentials, malware

The Android trojan Sturnus targets communications from secure messaging apps like WhatsApp, Telegram and Signal. Sturnus is a new Android banking trojan with full device-takeover abilities. It bypasses encrypted messaging by capturing on-screen content and can steal banking credentials, remotely control the device, and hide fraudulent actions from the user. ThreatFabric analysis shows Sturnus malware…
NDSS 2025 Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse

Nov 20, 2025 9:49 PM

Tags: android, botnet, dns, infection, infrastructure, Internet, law, malware, mobile, network, update

SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Runze Zhang (Georgia Institute of Technology), Mingxuan Yao (Georgia Institute of Technology), Haichuan Xu (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Jeman Park (Kyung Hee University), Brendan Saltaformaggio (Georgia Institute of Technology) ———– PAPER Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote…
The Changing Threat Landscape for Retailers: Why is data security working harder than last year?

Nov 20, 2025 9:49 PM

Tags: access, ai, api, application-security, attack, automation, breach, business, cloud, compliance, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, GDPR, hacker, ibm, incident, intelligence, Internet, malicious, malware, monitoring, PCI, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, saas, security-incident, service, social-engineering, software, strategy, supply-chain, tactics, threat, tool, unauthorized, vulnerability

The Changing Threat Landscape for Retailers: Why is data security working harder than last year? madhav Thu, 11/20/2025 – 08:37 It’s the 2025 holiday shopping season, and retailers everywhere are geared up for the rush of online customers. From late November to January, which includes Black Friday, Cyber Monday, Christmas shopping, and end-of-season sales, is…
NDSS 2025 Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse

Nov 20, 2025 9:49 PM

Tags: android, botnet, dns, infection, infrastructure, Internet, law, malware, mobile, network, update

SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Runze Zhang (Georgia Institute of Technology), Mingxuan Yao (Georgia Institute of Technology), Haichuan Xu (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Jeman Park (Kyung Hee University), Brendan Saltaformaggio (Georgia Institute of Technology) ———– PAPER Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote…
The Changing Threat Landscape for Retailers: Why is data security working harder than last year?

Nov 20, 2025 9:49 PM

Tags: access, ai, api, application-security, attack, automation, breach, business, cloud, compliance, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, GDPR, hacker, ibm, incident, intelligence, Internet, malicious, malware, monitoring, PCI, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, saas, security-incident, service, social-engineering, software, strategy, supply-chain, tactics, threat, tool, unauthorized, vulnerability

The Changing Threat Landscape for Retailers: Why is data security working harder than last year? madhav Thu, 11/20/2025 – 08:37 It’s the 2025 holiday shopping season, and retailers everywhere are geared up for the rush of online customers. From late November to January, which includes Black Friday, Cyber Monday, Christmas shopping, and end-of-season sales, is…
Sturnus Malware Hijacks Signal and WhatsApp, Taking Full Device Control

Nov 20, 2025 9:49 PM

Tags: android, banking, control, credentials, cyber, data, finance, malware, mobile, theft

MTI Security researchers have uncovered a new, particularly advanced Android banking trojan, dubbed Sturnus, that targets users’ financial and personal data with an unprecedented level of device control and operational stealth. Distinct from conventional mobile malware, Sturnus not only supports the typical arsenal of credential theft and whole device takeover but also demonstrates the ability…
Sturnus Malware Hijacks Signal and WhatsApp, Taking Full Device Control

Nov 20, 2025 9:49 PM

Tags: android, banking, control, credentials, cyber, data, finance, malware, mobile, theft

MTI Security researchers have uncovered a new, particularly advanced Android banking trojan, dubbed Sturnus, that targets users’ financial and personal data with an unprecedented level of device control and operational stealth. Distinct from conventional mobile malware, Sturnus not only supports the typical arsenal of credential theft and whole device takeover but also demonstrates the ability…
Emerging Ransomware Variants Exploit Amazon S3 Misconfigurations

Nov 20, 2025 9:49 PM

Tags: cloud, cyber, encryption, exploit, malware, ransomware, service, tactics, threat, vulnerability

Ransomware is shifting from traditional systems to cloud environments, fundamentally redefining its impact on cloud-native data. As organizations increasingly migrate to cloud platforms, threat actors are adapting their tactics moving away from traditional encryption-based malware to exploit the unique architecture and misconfiguration vulnerabilities inherent in cloud storage services. Cloud storage services like Amazon Simple Storage…
TamperedChef Campaign Exploits Everyday Apps to Deploy Malware and Enable Remote Access

Nov 20, 2025 9:49 PM

Tags: access, backdoor, control, cyber, exploit, malware, social-engineering, tactics, threat

The Acronis Threat Research Unit has uncovered a sophisticated global malvertising campaign called TamperedChef that disguises malware as legitimate everyday applications to compromise systems worldwide. The operation uses social engineering, search engine optimization tactics, and fraudulently obtained digital certificates to trick users into installing backdoors that grant attackers remote access and control over infected machines.…
Emerging Ransomware Variants Exploit Amazon S3 Misconfigurations

Nov 20, 2025 9:49 PM

Tags: cloud, cyber, encryption, exploit, malware, ransomware, service, tactics, threat, vulnerability

Ransomware is shifting from traditional systems to cloud environments, fundamentally redefining its impact on cloud-native data. As organizations increasingly migrate to cloud platforms, threat actors are adapting their tactics moving away from traditional encryption-based malware to exploit the unique architecture and misconfiguration vulnerabilities inherent in cloud storage services. Cloud storage services like Amazon Simple Storage…
TamperedChef Campaign Exploits Everyday Apps to Deploy Malware and Enable Remote Access

Nov 20, 2025 9:49 PM

Tags: access, backdoor, control, cyber, exploit, malware, social-engineering, tactics, threat

The Acronis Threat Research Unit has uncovered a sophisticated global malvertising campaign called TamperedChef that disguises malware as legitimate everyday applications to compromise systems worldwide. The operation uses social engineering, search engine optimization tactics, and fraudulently obtained digital certificates to trick users into installing backdoors that grant attackers remote access and control over infected machines.…
LLM-generated malware is improving, but don’t expect autonomous attacks tomorrow

Nov 20, 2025 8:49 PM

Tags: attack, chatgpt, jobs, LLM, malware

Researchers tried to get ChatGPT to do evil, but it didn’t do a good job First seen on theregister.com Jump to article: www.theregister.com/2025/11/20/llmgenerated_malware_improving/
New Android malware can capture private messages, researchers warn

Nov 20, 2025 7:49 PM

Tags: android, data, malware, phone

The malware can monitor everything displayed on a phone in real time, including contacts, full message threads and the content of encrypted chats, by accessing data after it has been decrypted by legitimate apps. First seen on therecord.media Jump to article: therecord.media/new-android-malware-captures-private-messages
NDSS 2025 Detecting And Interpreting Inconsistencies In App Behaviors

Nov 20, 2025 6:49 PM

Tags: android, china, computer, google, Internet, malware, mobile, network, privacy, risk, risk-analysis, tool, unauthorized

SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Chang Yue (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Zhixiu Guo (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Jun Dai, Xiaoyan Sun (Department of Computer Science,…
NDSS 2025 Detecting And Interpreting Inconsistencies In App Behaviors

Nov 20, 2025 6:49 PM

Tags: android, china, computer, google, Internet, malware, mobile, network, privacy, risk, risk-analysis, tool, unauthorized

SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Chang Yue (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Zhixiu Guo (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Jun Dai, Xiaoyan Sun (Department of Computer Science,…
Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

Nov 20, 2025 6:49 PM

Tags: botnet, control, cybersecurity, kaspersky, malware, threat, windows

Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that’s targeting Windows users.Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control (C2) server, Kaspersky researcher Lisandro Ubiedo said in an analysis published today.There are currently no details on how the botnet malware is propagated; First seen…
Copilot: KI in Windows 11 könnte Malware installieren

Nov 20, 2025 5:49 PM

Tags: ai, malware, microsoft, windows

KI-Agenten sollen in Windows 11 Daten auswerten und Apps installieren können. Microsoft warnt aber auch vor neuartigen Cyberangriffen. First seen on golem.de Jump to article: www.golem.de/news/copilot-ki-in-windows-11-koennte-malware-installieren-2511-202423.html
WhatsApp ‘Eternidade’ Trojan Self-Propagates Through Brazil

Nov 20, 2025 3:49 PM

Tags: banking, credentials, data, malware, phishing, worm

The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/whatsapp-eternidade-trojan-self-propagates-brazil
MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices

Nov 20, 2025 2:49 PM

Tags: apple, google, macOS, malware

A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/20/macos-digitstealer-malware-poses-as-dynamiclake-targets-apple-silicon-m2-m3-devices/
ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

Nov 20, 2025 2:49 PM

Tags: attack, crime, crimes, crypto, flaw, hacker, hacking, iot, linkedin, malware, zero-day

This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we’ve seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies are getting better at their jobs. Even simple things like browser add-ons and smart home gadgets are being used…
Banking-Trojaner: Neue Android-Malware liest verschlüsselte Chats mit

Nov 20, 2025 2:49 PM

Tags: android, banking, malware

Egal ob Signal, Telegram oder Whatsapp – kein Chat kann sich vor dem Sturnus-Trojaner verstecken. Opfer bemerken den Datenklau nicht. First seen on golem.de Jump to article: www.golem.de/news/banking-trojaner-neue-android-malware-liest-verschluesselte-chats-mit-2511-202408.html
MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices

Nov 20, 2025 2:49 PM

Tags: apple, google, macOS, malware

A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/20/macos-digitstealer-malware-poses-as-dynamiclake-targets-apple-silicon-m2-m3-devices/
Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices

Nov 20, 2025 1:49 PM

Tags: ai, api, flaw, malware

SquareX warns Perplexity’s Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control. First seen on hackread.com Jump to article: hackread.com/comet-browser-flaw-hidden-api-commands-devices/
Fake-Softwareupdates: Cyberspione verteilen Malware über manipulierten DNS-Traffic

Nov 20, 2025 12:49 PM

Tags: apt, backdoor, dns, malware, router

Eine APT-Gruppe leitet gezielt DNS-Traffic kompromittierter Router um, um Anwendern falsche Softwareupdates mit einer Backdoor unterzuschieben. First seen on golem.de Jump to article: www.golem.de/news/dns-traffic-umgeleitet-cyberspione-verbreiten-malware-ueber-manipulierte-updates-2511-202397.html
Multi-threat Android malware Sturnus steals Signal, WhatsApp messages

Nov 20, 2025 11:49 AM

Tags: android, banking, control, malware, threat

A new Android banking trojan named Sturnus can capture communication from end-to-end encrypted messaging platforms like Signal, WhatsApp, and Telegram, as well as take complete control of the device. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/multi-threat-android-malware-sturnus-steals-signal-whatsapp-messages/
Researchers Detail Rhadamanthys Loader’s Advanced Anti-Sandboxing and Anti-AV Emulation Techniques

Nov 20, 2025 9:49 AM

Tags: cyber, detection, malware, tool

Rhadamanthys, a sophisticated information-stealing malware active since 2022, has drawn renewed attention from security researchers who recently published an in-depth analysis of its native loader component. The loader’s significance lies not in its capabilities but in the advanced obfuscation and evasion techniques it employs to evade detection by security tools and analysis environments. The Rhadamanthys…