Tag: malware
-
Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper
A multi-platform malware campaign abuses fake trust signals to infect Windows and Mac users with a crypto clipper packed with 15,500 attacker wallets. First seen on hackread.com Jump to article: hackread.com/scammers-fake-github-virustotal-crypto-clipper/
-
âš¡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
It’s Monday again.This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control.The annoying part is how little of this feels new. Weak credentials, sketchy downloads, browser extensions with too much access, and WordPress sites are…
-
Github als Malware-Schleuder: Trojaner über 10.000 Github-Repos verbreitet
Angreifer kopieren auf Github ständig bestehende Code-Repos und schleusen dort Trojaner ein. Die Plattform scheint bisher wenig dagegen zu unternehmen. First seen on golem.de Jump to article: www.golem.de/news/github-als-malware-schleuder-trojaner-ueber-10-000-github-repos-verbreitet-2606-210032.html
-
4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware
AryStinger hijacks outdated routers via old flaws, turning 4,300+ devices into a stealth network for reconnaissance and intrusion support. On March 12, 2026, QiAnXin’s XLab threat detection system flagged a single IP address, 107.150.106.14, spreading a Linux binary through two vulnerabilities that were disclosed in 2013 and 2016 respectively. The binary had zero detections on…
-
AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin’s XLab calls it AryStinger and counts at least 4,300 infected routers, a total it says is still rising.The distinction matters. AryStinger exists for the stage of an attack…
-
Massive GitHub Attack Injects Malware into 10,000 Compromised Repositories
A large-scale malware distribution campaign utilizing GitHub repositories has been uncovered. This coordinated effort weaponized over 10,000 repositories to deliver Trojanized payloads. The activity was first identified on June 18, 2026, and highlights significant gaps in automated detection and monitoring of repositories on one of the world’s most widely used developer platforms. Massive GitHub Attack…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 102
Tags: ai, android, attack, china, cyber, defense, intelligence, international, malware, supply-chain, threatSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter OptinMonster supply chain attack hits 1.2 million sites Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research Rokarolla : Android Banker with Complete Device…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 102
Tags: ai, android, attack, china, cyber, defense, intelligence, international, malware, supply-chain, threatSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter OptinMonster supply chain attack hits 1.2 million sites Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research Rokarolla : Android Banker with Complete Device…
-
AryStinger botnet infected thousands of D-Link routers worldwide
A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/arystinger-botnet-infected-thousands-of-d-link-routers-worldwide/
-
Wer nutzt wirklich Ihre Internetverbindung zu Hause?
Ihre Heimverbindung könnte den Verkehr für Fremde leiten. So funktionieren Wohn-Proxy-Netzwerke, wie Geräte registriert werden und was unsere Telemetrie über die Risiken für Verbraucher aufzeigt. Management Summary Kernaussage: Wohn-Proxy-Netzwerke machen private Haushaltsanschlüsse zur kommerziellen Infrastruktur für Dritte. Was für Marktforschung, Werbeprüfung oder Sicherheitstests legitim genutzt werden kann, wird zunehmend auch für Phishing, Malware-Verteilung, Betrug, Scraping……
-
Police raid malware network tied to Russia’s Evil Corp hacker group
An international operation targeted the SocGholish botnet, which has been linked to the Russia-based cybercrime group Evil Corp. First seen on therecord.media Jump to article: therecord.media/socgholish-botnet-disrupted
-
14,971 WordPress Sites Cleaned in Global SocGholish Takedown
Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware. On June 18, 2026, law enforcement agencies from the Netherlands, Canada, the United States, and Germany, coordinated through Europol, executed a joint action week against SocGholish, one of the most persistent and widely deployed malware distribution networks…
-
Cybercrime Initial Access Service SocGholish Disrupted
Police Seize Evil Corp-Tied Group’s Servers, Clean Subverted WordPress Sites. Long-running initial access service provider SocGholish, tied to Russian cybercrime stalwart Evil Corp, has been disrupted by law enforcement, which seized 106 botnet servers and cleaned 15,000 legitimate WordPress sites subverted by the group to launch ClickFix attacks pushing malware downloaders. First seen on govinfosecurity.com…
-
Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware
A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/19/fake-github-stars-crypto-stealing-malware/
-
124M Passwords Exposed as Infostealer Malware Hits Millions of Devices
Have I Been Pwned has added 124 million passwords and 56 million email addresses from infostealer logs tied to infected devices. The post 124M Passwords Exposed as Infostealer Malware Hits Millions of Devices appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-have-i-been-pwned-infostealer-passwords-124m/
-
HazyBeacon Abuses AWS Lambda Function URLs for Stealthy CommandControl Operations
HazyBeacon is a stealthy cloud-native malware campaign identified as CL-STA-1020. It is exploiting Amazon Web Services (AWS) Lambda Function URLs to create covert command-and-control (C2) channels, marking a significant evolution in attacker tactics. According to recent Qualys research, the campaign primarily targets government entities across Southeast Asia by exploiting misconfigured serverless infrastructure. This allows adversaries…
-
Operation Endgame Disrupts Malware Network Linked to Major Ransomware Gang
SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/operation-endgame-socgholish-evil/
-
Polizei greift durch: Malware über 15.000 gehackte Webseiten verbreitet
Eine russische Hackergruppe hat massenhaft WordPress-Webseiten gekapert, um Besuchern Malware unterzuschieben. Doch damit ist jetzt Schluss. First seen on golem.de Jump to article: www.golem.de/news/polizei-greift-durch-malware-ueber-15-000-gehackte-webseiten-verbreitet-2606-209944.html
-
Authorities Seize 106 Servers and 101 Domains in Major SocGholish Malware Takedown
Tags: cyber, cybercrime, exploit, group, infection, infrastructure, international, law, malware, russiaInternational law enforcement agencies have successfully seized 106 servers and 101 domains as part of a coordinated global effort against the SocGholish malware infrastructure, marking a major milestone in Operation Endgame. Announced on June 18, 2026, from The Hague, this operation targeted a crucial infection chain exploited by cybercriminal groups, including the infamous Russia-linked group…
-
Malware campaign uses VirusTotal manipulation, legitimate news sites to gain reputation
Tags: malwareFirst seen on scworld.com Jump to article: www.scworld.com/news/malware-campaign-uses-virustotal-manipulation-legitimate-news-sites-to-gain-reputation
-
Operation Endgame Disrupts SocGholish Malware Infrastructure
International law enforcement dismantled TA569’s SocGholish infrastructure, taking down over 100 C2 servers and remediating nearly 15,000 compromised websites. First seen on hackread.com Jump to article: hackread.com/operation-endgame-disrupts-socgholish-malware/
-
Tor-Based Clipper Malware Targets Wallet Seed Phrases
USB .lnk malware steals crypto via clipboard hijack, replaces wallet addresses, steals seed phrases, and screenshots. Microsoft Threat Intelligence has been tracking a clipboard-stealing malware (Clipper) campaign since February 2026 that targets cryptocurrency wallets. A clipper is a type of malicious software that monitors and manipulates your clipboard, the temporary memory where data is stored…
-
Operation Endgame Disrupts SocGholish Malware Network Tied to Ransomware Attacks
Operation Endgame disrupted the SocGholish malware network, taking down more than 100 servers and domains. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/operation-endgame-disrupts-socgholish-malware-network-tied-to-ransomware-attacks/
-
USB worm spreads crypto-stealing malware via Windows shortcut files
Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/usb-worm-spreads-crypto-stealing-malware-via-windows-shortcut-files/
-
USB worm spreads crypto-stealing malware via Windows shortcut files
Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/usb-worm-spreads-crypto-stealing-malware-via-windows-shortcut-files/
-
USB worm spreads crypto-stealing malware via Windows shortcut files
Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/usb-worm-spreads-crypto-stealing-malware-via-windows-shortcut-files/
-
ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories
The internet did not break this week. It got used exactly as designed, which is worse.Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud agents looked like helpers until attackers treated them like open shells.Add exposed edge gear,…
-
Malware erbeutet 124 Millionen Passwörter was du jetzt tun solltest
First seen on t3n.de Jump to article: t3n.de/news/haveibeenpwned-malware-erbeutet-124-millionen-nutzerdaten-was-du-jetzt-tun-solltest-1747930/
-
Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned
SocGholish, an operation that’s been delivering malware to users via fake software updates, has suffered a major blow: the international law enforcement coalition behind … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/18/law-enforcement-socgholish-operation-endgame/
-
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026.”The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and poll a hidden-service C2 [command-and-control] server,” the Microsoft Defender Security Research Team said in an analysis published Tuesday. “It…