Tag: malware
-
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs
Multi-stage infection chain: The intrusion begins with an unknown initial access vector, followed by the execution of a malicious file disguised as a ScreenConnect update, Talos said.The initial payload is a Rust-compiled loader using filenames such as “systemupdates.exe,” which drops a .NET loader disguised as a text file in a system directory, the post said.Persistence…
-
FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware
A massive fraud network called FEMITBOT uses Telegram Mini Apps and fake brand names like Apple, Disney, and… First seen on hackread.com Jump to article: hackread.com/femitbot-telegram-mini-apps-crypto-scam-android-malware/
-
UAT-8302 and its box full of malware
Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-8302/
-
Warum unser Passwort von gestern heute ein Problem ist
Die meisten Nutzer verschwenden erst dann einen Gedanken an ihre Passwörter, wenn eine der lästigen Aufforderungen zur Änderung aufploppt. Doch Passwort-Pflege ist weit mehr als eine ungeliebte Pflicht zum Welt-Passwort-Tag ist ein radikales Umdenken fällig. Ob durch gezieltes Phishing, Angriffe auf zentrale Verzeichnisse oder lautlose Infostealer-Malware: Cyberkriminelle haben es auf unsere Zugangsdaten abgesehen. Das […]…
-
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloudz-malware-abuses-microsoft-phone-link-to-steal-sms-and-otps/
-
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China.While prior versions of the backdoor have primarily targeted Windows users only, the supply chain attack is assessed to have…
-
UAT-8302 and its box full of malware
Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-8302/
-
ScarCruft hackers push BirdCall Android malware via game platform
The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/scarcruft-hackers-push-birdcall-android-malware-via-game-platform/
-
New Attribution Framework Links APT Campaigns Across Key Layers
A new attribution framework is reshaping how cybersecurity analysts connect advanced persistent threat (APT) activity, moving beyond static group labels toward a dynamic, multi-layered model that reflects how modern adversaries actually operate. These profiles are built from observed tactics, techniques, procedures (TTPs), malware, and infrastructure. But this approach is increasingly strained. Threat actors evolve constantly…
-
Fake “Notepad++ for Mac” Site May Pose Malware Risk for Mac Users
A deceptive website is circulating online that claims to offer an official “Notepad++ for Mac” download, and it has already misled some users and even tech media outlets into believing that Notepad++ has finally launched a native macOS version. The site operates under the domain notepad-plus-plus-mac[.]org. It is branded to look like an official extension…
-
DigiCert Hacked in Screensaver-Based Attack to Fraudulently Obtain EV Code Signing Certificates
DigiCert, a major Certificate Authority, recently suffered a significant security breach where hackers used a malicious screensaver file to steal 60 Extended Validation (EV) Code Signing certificates. These highly trusted certificates were subsequently used to sign the >>Zhong Stealer<< malware, allowing the malicious files to bypass security warnings by appearing as legitimate software. The incident…
-
Microsoft Defender Bug Triggers False Malware Alerts for DigiCert Certificates
Microsoft fixed a Defender false positive that flagged legitimate DigiCert certificates as malware, disrupting Windows trust stores for some IT teams. The post Microsoft Defender Bug Triggers False Malware Alerts for DigiCert Certificates appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-defender-digicert-certificates-false-positive/
-
Telegram Mini Apps Abused for Crypto Scams and Android Malware Delivery
What happened CTM360 researchers have uncovered a large-scale fraud operation using Telegram’s Mini App feature to run cryptocurrency scams, impersonate major brands, and distribute Android malware. The platform behind the operation, dubbed FEMITBOT based on a string found in API responses, uses Telegram bots and embedded Mini Apps to create convincing app-like experiences within the…The…
-
Microsoft Defender Mistakenly Flags DigiCert Root Certificates as Malware
What happened A faulty Microsoft Defender antimalware signature update released around April 30, 2026, caused widespread false positive alerts by incorrectly flagging two legitimate DigiCert root certificates as high-severity malware. The detection, labeled Trojan:Win32/Cerdigent.A!dha, identified registry entries belonging to DigiCert Assured ID Root CA and DigiCert Trusted Root G4 as threats and automatically quarantined them…The…
-
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor.The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities.”Both waves…
-
DigiCert Root Certificates Incorrectly Detected as Malware by Microsoft Defender
On May 3, 2026, system administrators and everyday users worldwide experienced a sudden, massive spike in severe security alerts from Microsoft Defender. The native Windows security platform began aggressively flagging system files as >>Trojan:Win32/Cerdigent.A!dha.<< This unexpected detection caused widespread panic across IT departments, leading many professionals to believe a sophisticated threat actor had actively compromised…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 95
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter fast16 – Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet 73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations An alarm clock you can’t ignore: How CapFix attacks…
-
Telegram Mini Apps abused for crypto scams, Android malware delivery
Cybersecurity researchers have uncovered a large-scale fraud operation that uses Telegram’s Mini App feature to run crypto scams, impersonate well-known brands, and distribute Android malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/telegram-mini-apps-abused-for-crypto-scams-android-malware-delivery/
-
New Deep#Door RAT uses stealth and persistence to target Windows
Deep#Door hides a Python RAT inside a batch file, kills Windows defenses, survives via multiple persistence methods, and exfiltrates data through a public TCP tunnel. Security researchers at Securonix uncovered a sophisticated malware campaign called Deep#Door. Threat actors employed a stealthy Python-based backdoor that uses a surprisingly simple delivery method to achieve deep, persistent access…
-
New Global Scam Uses Fake Meeting Links to Run PowerShell Malware
BlueNoroff hackers used fake Zoom calls, ClickFix prompts, and fileless PowerShell malware to steal credentials from Web3 and crypto targets. The post New Global Scam Uses Fake Meeting Links to Run PowerShell Malware appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-lazarus-bluenoroff-fake-video-call-malware/
-
New Android Spyware Platform Enables Rebranding and Resale
A newly discovered Android spyware platform is raising concerns among cybersecurity researchers by introducing a business model that allows buyers to rebrand and resell surveillance malware as their own product. Buyers can subscribe to the service, customize branding, and launch their own spyware operation with minimal effort. KidsProtect presents itself as a parental monitoring app,…
-
CAPTCHA and ClickFix Abuse Fuels Credential Theft Surge
Attackers are increasingly combining QR codes, fake CAPTCHA gates, and ClickFix-style tricks to steal credentials at scale, even as major phishing-as-a-service (PhaaS) platforms face disruption. These tactics shift risk from traditional malware attachments to highly convincing, hosted phishing flows that are harder for both users and email filters to spot. Across this volume, 78% of…
-
DDoS Malware Targets Jenkins to Hit Valve Game Servers
A new DDoS botnet that abuses exposed Jenkins servers to launch powerful attacks against Valve Source Engine game infrastructure, including servers hosting titles like Counter”‘Strike and Team Fortress 2. The campaign shows how a single misconfigured CI server can be turned into a multi”‘platform attack node capable of UDP, TCP, and application”‘layer floods against online…
-
Fake CAPTCHA Scam Uses SMS Pumping to Inflate Phone Bills
A newly uncovered cyber fraud campaign is abusing fake CAPTCHA pages to trick mobile users into sending large volumes of international SMS messages, resulting in unexpected phone bills and illicit profits for attackers. Unlike traditional malware campaigns, this operation does not require installing malicious software. Instead, it exploits telecom billing systems and affiliate revenue models…
-
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
Mini Shai-Hulud caught spreading credential-stealing malware First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/
-
Three Arrested for Hacking Over 610,000 Roblox Accounts
Suspects accused of distributing malware and selling access to stolen Roblox accounts on Russian marketplaces First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/three-arrested-over-roblox-hacking/
-
Qinglong Task Scheduler RCE Flaws Exploited in the Wild
Tags: authentication, cyber, exploit, flaw, hacker, malware, open-source, rce, remote-code-execution, vulnerabilityHackers are actively exploiting two severe authentication bypass vulnerabilities in Qinglong, a popular open-source task scheduling platform. These flaws allow attackers to execute arbitrary code and deploy resource-draining cryptomining malware on vulnerable servers. Qinglong is a self-hosted task management platform used by developers to automate background tasks using Python, JavaScript, Shell, and TypeScript scripts. With…
-
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years
fast16.sys, is briefly mentioned in the 2017 Shadow Brokers leak of documents covering exploits and tools used by US National Security Agency cyber teams.”This 2005 attack is a harbinger for sabotage operations targeting ultra expensive high-precision computing workloads of national importance like advanced physics, cryptographic, and nuclear research workloads,” the SentinelOne researchers said in their…