Tag: malware

Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via DNS

Feb 19, 2026 10:01 AM

Tags: cyber, dns, email, hacker, malicious, malware, phishing, social-engineering, tool

Social engineering campaigns are becoming increasingly sophisticated, moving beyond simple phishing emails to more complex technical deceptions. The >>ClickFix<>fix<< a fake browser error, has undergone significant evolution. Security researcher Muhammad Hassoub has observed attackers moving away from high-noise tools that trigger immediate […] The post Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via…
CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware

Feb 19, 2026 10:01 AM

Tags: access, attack, cybersecurity, iran, malicious, malware, rat, theft, threat

Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran’s ongoing protests to conduct information theft and long-term espionage.The Acronis Threat Research Unit (TRU) said it observed the activity after January 9, with the attacks designed to deliver a malicious payload that serves as a remote access trojan (RAT)…
Stealthy Crypto-Mining Malware Jumps Air-Gaps, Spreads via External Drives

Feb 19, 2026 9:01 AM

Tags: computing, crypto, cyber, infection, malware, software, threat, unauthorized

Cryptojacking, the unauthorized use of a victim’s computing resources to mine cryptocurrency, has transitioned from a browser-based nuisance (typified by Coinhive scripts) to a system-level threat utilizing advanced malware techniques. The infection chain starts with a familiar lure: cracked “premium” productivity suites distributed via pirated software bundles, where the user executes what appears to be…
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years

Feb 19, 2026 12:00 AM

Tags: access, backdoor, china, credentials, detection, endpoint, exploit, firewall, flaw, hacker, linkedin, linux, malware, mandiant, network, service, vmware, zero-day

Pivot techniques: In addition to the payloads themselves, the investigation also revealed new techniques. For example, the legitimate shell script convert_hosts.sh that exists on these appliances has been modified to include the path of the backdoors to achieve persistence.The SLAYSTYLE web shell, which is designed to receive commands over HTTP and execute them on the…
Notepad++ patches flaw used to hijack update system

Feb 18, 2026 10:01 PM

Tags: apt, china, flaw, group, hacker, infrastructure, malware, update, vulnerability

Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users. Notepad++ fixed a vulnerability that allowed a China-linked APT group to hijack its update mechanism and selectively push malware to chosen targets. In early February, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure,…
Zero-Day in Dell RecoverPoint Enables GRIMBOLT Backdoor

Feb 18, 2026 10:01 PM

Tags: exploit, malware, vmware, zero-day

A Dell RecoverPoint zero-day has been exploited to deploy GRIMBOLT malware and pivot into VMware environments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/zero-day-in-dell-recoverpoint-enables-grimbolt-backdoor/
AI platforms can be abused for stealthy malware communication

Feb 18, 2026 10:01 PM

Tags: ai, control, malware, microsoft

AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-platforms-can-be-abused-for-stealthy-malware-communication/
AI Assistants Used as Covert CommandControl Relays

Feb 18, 2026 4:58 PM

Tags: ai, control, exploit, malware, microsoft

AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-assistants-covert-c2-relays/
Cryptocurrency Scams in Asia Combine Malvertising and Pig Butchering, Causing Losses Up to ¥10 Million

Feb 18, 2026 2:58 PM

Tags: attack, crypto, cyber, finance, fraud, malware, scam

A rising wave of cryptocurrency scams sweeping across Asia is blending two major fraud techniques malvertising and pig butchering to create a more deceptive and scalable attack model. The scams begin with malvertising, where attackers run ads impersonating well”‘known financial experts or promoting AI”‘powered trading platforms. These ads often seen on Facebook, Instagram, and other social media sites direct users…
Notepad++ declares hardened update process ‘effectively unexploitable’

Feb 18, 2026 2:58 PM

Tags: malware, update

Miscreants will need to find another avenue for malware shenanigans First seen on theregister.com Jump to article: www.theregister.com/2026/02/18/notepadplusplus_security_update/
Keenadu: Android malware that comes preinstalled and can’t be removed by users

Feb 18, 2026 1:58 PM

Tags: access, ai, android, backdoor, banking, browser, cctv, chrome, control, credentials, data, endpoint, firmware, governance, identity, infection, kaspersky, malware, mitigation, mobile, network, risk, software, update

Embedded in core system apps: Keenadu can control legitimate system applications on affected devices. Kaspersky observed it inside critical components such as face unlock applications, raising the possibility that attackers could access biometric data. The malware was also found operating within the home screen app that controls the device’s primary interface.The researchers warned that the…
Gefährliche Backdoor: Android-Malware in Firmware und auf Google Play entdeckt

Feb 18, 2026 1:58 PM

Tags: android, backdoor, firmware, google, malware

Die Keenadu-Malware verschafft Angreifern die volle Kontrolle über Android-Geräte. Eine Entfernung gestaltet sich je nach Infektionsweg schwierig. First seen on golem.de Jump to article: www.golem.de/news/gefaehrliche-backdoor-android-malware-in-firmware-und-auf-google-play-entdeckt-2602-205544.html
Fake CAPTCHA Attack Chain Triggers Enterprise-Wide Malware Infection in Organizations

Feb 18, 2026 12:58 PM

Tags: attack, captcha, cyber, infection, malware, social-engineering, threat

Fake CAPTCHA (ClickFix) pages are enabling threat actors to turn a single user click into an enterprise”‘wide compromise, as seen in a recent incident affecting a major Polish organization. The campaign chained social engineering, DLL side”‘loading, and dual malware families (Latrodectus and Supper) to gain persistence, perform reconnaissance, and prepare the environment for potential follow”‘on…
Fake CAPTCHA Attack Chain Triggers Enterprise-Wide Malware Infection in Organizations

Feb 18, 2026 12:58 PM

Tags: attack, captcha, cyber, infection, malware, social-engineering, threat

Fake CAPTCHA (ClickFix) pages are enabling threat actors to turn a single user click into an enterprise”‘wide compromise, as seen in a recent incident affecting a major Polish organization. The campaign chained social engineering, DLL side”‘loading, and dual malware families (Latrodectus and Supper) to gain persistence, perform reconnaissance, and prepare the environment for potential follow”‘on…
ClawHavoc Infects OpenClaw’s ClawHub with 1,184 Malicious Skills, Exposing Data Theft Risks

Feb 18, 2026 12:58 PM

Tags: ai, cyber, data, malicious, malware, marketplace, risk, skills, supply-chain, theft

A large-scale supply chain poisoning campaign dubbed ClawHavoc has hit OpenClaw’s official skill marketplace, ClawHub, with at least 1,184 malicious “Skills” historically published on the platform. The incident highlights how fast-growing AI agent ecosystems can become high-value malware distribution channels when plugins are easy to publish and users routinely grant agents broad system access. OpenClaw (previously known…
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign

Feb 18, 2026 10:58 AM

Tags: android, backdoor, control, firmware, fraud, google, kaspersky, malware

Kaspersky uncovered Keenadu, an Android backdoor used for ad fraud that can even take full control of devices. Kaspersky has identified a new Android malware called Keenadu. It can be preinstalled in device firmware, hidden inside system apps, or even distributed via official stores like Google Play. Currently used for ad fraud by turning infected…
Malware Campaign Targets Crypto Users with Fake MetaMask Wallet and Remote Access Backdoor

Feb 18, 2026 10:58 AM

Tags: access, ai, backdoor, crypto, cyber, data, malware, theft

An aggressive malware campaign targeting IT professionals in cryptocurrency, Web3, and AI to steal sensitive data and live crypto funds from victim wallets. The attackers pose as recruiters and use trojanized coding tasks to deliver two core malware families, BeaverTail and InvisibleFerret, which have been steadily upgraded with new data theft and wallet-targeting features. The…
New SysUpdate Variant Malware Discovered, Decryption Tool for Linux C2 Traffic Released

Feb 18, 2026 10:58 AM

Tags: cyber, linux, malware, service, tool

A new Linux malware sample that strongly aligns with the SysUpdate malware family used by APT27/Iron Tiger. Initially detected on a client’s system, the binary behaved like a system service and executed the GNU/Linux id command when run without specific arguments, returning the output as part of its basic functionality. Closer inspection showed that the sample was…
Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Feb 18, 2026 9:58 AM

Tags: china, exploit, malware, software, threat, update

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest.The version 8.9.2 update incorporates what maintainer Don Ho calls a “double lock” design that aims to make the update process “robust and…
Foxveil Malware Loader Uses Cloudflare, Netlify, and Discord to Bypass Detection

Feb 18, 2026 8:58 AM

Tags: cyber, detection, malicious, malware

A new malware loader, dubbed Foxveil, that abuses trusted platforms such as Cloudflare Pages, Netlify, and Discord to stage and deliver malicious payloads while evading traditional detection methods. Active since at least August 2025, the loader is used as an initial-stage component, establishing a foothold on victim machines, executing shellcode in memory, and preparing the…
CRESCENTHARVEST Malware Campaign Uses Iran Protest Lures to Deploy Info”‘Stealing RAT

Feb 18, 2026 7:58 AM

Tags: access, cyber, iran, malware, rat

A new malware campaign, dubbed CRESCENTHARVEST, that abuses the ongoing Iran protest narrative to deliver a powerful information”‘stealing remote access trojan (RAT) against Farsi”‘speaking users. The operation appears tailored to supporters of the protests and other Iran”‘focused audiences, with a clear focus on long”‘term surveillance rather than short”‘lived disruption. The campaign surfaced shortly after January 9…
Dell 0-Day Vulnerability Targeted by Chinese Hackers Since Mid-2024 for Ongoing Malware Campaign

Feb 18, 2026 6:58 AM

Tags: china, cvss, cyber, exploit, google, group, hacker, intelligence, malware, mandiant, threat, vulnerability, zero-day

A critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines has been actively exploited by Chinese state-sponsored hackers since mid-2024. Mandiant and Google Threat Intelligence Group (GTIG) attribute this campaign to UNC6201, a threat cluster with significant overlaps to the group known as Silk Typhoon. The vulnerability, tracked as CVE-2026-22769, carries a maximum CVSS score of 10.0, allowing attackers to gain…
Dell 0-Day Vulnerability Targeted by Chinese Hackers Since Mid-2024 for Ongoing Malware Campaign

Feb 18, 2026 6:58 AM

Tags: china, cvss, cyber, exploit, google, group, hacker, intelligence, malware, mandiant, threat, vulnerability, zero-day

A critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines has been actively exploited by Chinese state-sponsored hackers since mid-2024. Mandiant and Google Threat Intelligence Group (GTIG) attribute this campaign to UNC6201, a threat cluster with significant overlaps to the group known as Silk Typhoon. The vulnerability, tracked as CVE-2026-22769, carries a maximum CVSS score of 10.0, allowing attackers to gain…
New CRESCENTHARVEST Malware Targets Iranian Dissidents

Feb 18, 2026 5:58 AM

Tags: iran, malware

The post New CRESCENTHARVEST Malware Targets Iranian Dissidents appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-crescentharvest-malware-targets-iranian-dissidents/
New CRESCENTHARVEST Malware Targets Iranian Dissidents

Feb 18, 2026 5:58 AM

Tags: iran, malware

The post New CRESCENTHARVEST Malware Targets Iranian Dissidents appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-crescentharvest-malware-targets-iranian-dissidents/
Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed

Feb 18, 2026 1:58 AM

Tags: china, exploit, google, hacker, malware, zero-day

Google researchers said Chinese attackers have been exploiting a zero-day since mid-2024, and they’ve moved on to a more advanced version of Brickstorm malware called Grimbolt. First seen on cyberscoop.com Jump to article: cyberscoop.com/china-brickstorm-grimbolt-dell-zero-day/
Supply Chain Attack Embeds Malware in Android Devices

Feb 17, 2026 11:59 PM

Tags: android, attack, fraud, malware, supply-chain

Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge. First seen on darkreading.com Jump to article: www.darkreading.com/mobile-security/supply-chain-attack-embeds-malware-android-devices
Supply Chain Attack Embeds Malware in Android Devices

Feb 17, 2026 11:59 PM

Tags: android, attack, fraud, malware, supply-chain

Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge. First seen on darkreading.com Jump to article: www.darkreading.com/mobile-security/supply-chain-attack-embeds-malware-android-devices
RMM Abuse Explodes as Hackers Ditch Malware

Feb 17, 2026 10:58 PM

Tags: hacker, malware, monitoring, software

It’s the path of lesser resistance, as remote monitoring and management (RMM) software offers stealth, persistence, and operational efficiency. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/rmm-abuse-explodes-hackers-ditch-malware
Fresh Cyberespionage Operation Tied to Iranian Surveillance

Feb 17, 2026 9:58 PM

Tags: cyberespionage, iran, malware

Malware Campaign Uses Lures With Positive Portrayal of Anti-Tehran Protests. A new malware campaign is using a positive-sounding report into the recent protests in Iran, accompanied by real photos and videos, as lures in an apparent cyberespionage operation designed to conduct surveillance of dissident researchers and global communities, warn security researchers. First seen on govinfosecurity.com…