Tag: malware
-
FBI seeks victims of Steam games used to spread malware
Tags: malwareFirst seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/fbi-seeks-victims-of-steam-games-used-to-spread-malware/
-
Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm
<div cla Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000 downloads collectively per week and were modified to deliver multi-stage malware. Sonatype is tracking the malicious packages as sonatype-2026-001153. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/hijacked-npm-packages-deliver-malware-via-solana-linked-to-glassworm/
-
More Attackers Are Logging In, Not Breaking In
Credential theft soared in the second half of 2025, thanks in part to the industrialization of infostealer malware and AI-enabled social engineering. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/more-attackers-logging-in-not-breaking-in
-
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/glassworm-malware-hits-400-plus-code-repos-on-github-npm-vscode-openvsx/
-
ClickFix Attack Targets Devs with MacSync Malware via Fake Claude Tools
Cybersecurity researchers at 7AI have revealed a new Claude Fraud campaign in which hackers use fake AI extensions and Google ads to steal data from tech professionals. First seen on hackread.com Jump to article: hackread.com/clickfix-attack-devs-macsync-malware-fake-claude-tools/
-
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/leaknet-ransomware-uses-clickfix-and-deno-runtime-for-stealthy-attacks/
-
Chinesische APT-Gruppe Camaro Dragon nutzt Nahost-Konflikt für Malware-Kampagne gegen Katar aus
Check Point Research (CPR), die Sicherheitsforschungsabteilung von Check Point Software Technologies hat eine Malware-Kampagne beobachtet, die sich an Ziele in Katar richtet und Foto-Archive mit Bildern aus dem Konflikt in Nahost als Lockmittel nutzt, um Malware einzuschleusen. Kurz nach Beginn der Angriffe am 1. März beobachtete CPR gezielte, mutmaßlich per E-Mail durchgeführte Kampagnen gegen Einrichtungen…
-
Mysteriöse Malware: Angreifer kapern Github-Projekte und verbreiten Schadcode
Eine Kampagne mit verschlüsselter Malware hat es auf Python-Entwickler abgesehen – allerdings nur, wenn die nicht in Russland sitzen. First seen on golem.de Jump to article: www.golem.de/news/mysterioese-malware-angreifer-kapern-github-projekte-und-verbreiten-schadcode-2603-206592.html
-
Google cracks down on Android apps abusing accessibility
Malware has been abusing Android’s accessibility features for years. Google just made that a lot harder. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/google-cracks-down-on-android-apps-abusing-accessibility/
-
Google cracks down on Android apps abusing accessibility
Malware has been abusing Android’s accessibility features for years. Google just made that a lot harder. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/google-cracks-down-on-android-apps-abusing-accessibility/
-
Glassworm Malware Infects Popular React Native npm Packages
Tags: attack, country, credentials, cyber, international, malicious, malware, phone, supply-chain, windowsA new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 were published to npm, each embedding an identical staged loader that executes during a routine npm install. Together, these packages account for…
-
Glassworm Malware Infects Popular React Native npm Packages
Tags: attack, country, credentials, cyber, international, malicious, malware, phone, supply-chain, windowsA new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 were published to npm, each embedding an identical staged loader that executes during a routine npm install. Together, these packages account for…
-
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
Tags: access, email, group, hacking, intelligence, malicious, malware, north-korea, phishing, spear-phishing, threatNorth Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s KakaoTalk desktop application to distribute malicious payloads to certain contacts.The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni.”Initial access was achieved through a spear-phishing email disguised…
-
Check Point analysiert neue Malware-Kampagne – Cyberangreifer nutzen den Nahost-Konflikt
Tags: malwareDie aktuellen Kampagnen verdeutlichen einmal mehr, wie flexibel und opportunistisch moderne Cyberangreifer agieren. Sie nutzen nicht nur technische Schwachstellen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-analysiert-neue-malware-kampagne-cyberangreifer-nutzen-den-nahost-konflikt/a44160/
-
Attack on Stryker’s Microsoft environment wiped employee devices without malware
The recent cyberattack on Stryker wiped tens of thousands of employee devices through its Microsoft environment, and systems are still offline. A recent cyberattack on medical technology giant Stryker targeted its internal Microsoft environment and remotely wiped tens of thousands of employee devices without using malware. The company confirmed that its medical devices were not…
-
FBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft
FBI warns gamers after malware hidden in several Steam games stole browser data and drained cryptocurrency wallets between May 2024 and January 2026. First seen on hackread.com Jump to article: hackread.com/fbi-investigate-steam-games-malware-crypto-theft/
-
GlassWorm Malware Evolves to Hide in Dependencies
Researchers have identified dozens of malicious GlassWorm extensions that come with new evasion techniques. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/glassworm-malware-evolves-hide-dependencies
-
Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets
Russia-linked threat actors target Ukrainian entities with DRILLAPP backdoor and use Edge debugging for stealth. A new DRILLAPP backdoor campaign targets Ukrainian organizations, abusing Microsoft Edge debugging to evade detection. Observed in February 2026, it shows links to previous Russian-aligned operations by Laundry Bear APT group (aka UAC-0190, Void Blizzard) using the PLUGGYAPE malware family…
-
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories.”The attack targets Python projects, including Django apps, ML research code, Streamlit dashboards, and PyPI packages, by appending obfuscated code to files like setup.py, main.py, and app.py,” StepSecurity said. “Anyone…
-
Stryker attack wiped tens of thousands of devices, no malware needed
Last week’s cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/
-
FBI launches inquiry into Steam games spreading malware
Tags: malwareThe FBI is asking gamers who installed malware-infected Steam games between May 2024 and January 2026 to come forward as part of an ongoing investigation. The FBI is seeking gamers who downloaded Steam games later found to contain malware. According to a notice from the FBI’s Seattle Division, investigators are trying to identify victims who…
-
CamelClone Uses Public File-Sharing Sites in Government Cyberattacks
A new cyber espionage campaign dubbed Operation CamelClone, targeting government and strategic sectors across several geopolitically significant regions. The campaign abuses legitimate tools and public file”‘sharing platforms to deliver malware and steal sensitive data, making it harder for defenders to detect. The operation primarily targets organizations linked to government and national security interests. Industries affected…
-
GlassWorm Campaign Expands Through Malicious Open VSX Extensions
A large-scale malicious campaign tied to GlassWorm has expanded within the ecosystem of open VSX extensions, introducing a method of spreading malware through developer tools. Researchers identified at least 72 additional malicious open VSX extensions beginning January 31, 2026, including several that function as transitive GlassWorm loader extensions aimed at developers. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/glassworm-malicious-campaign/
-
Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse
Tags: ai, blockchain, control, exploit, infrastructure, malicious, malware, software, supply-chain, tool, updateThe evolving GlassWorm: Earlier research into the GlassWorm operation has revealed techniques such as heavy code obfuscation, the use of Unicode characters to hide malicious logic, and infrastructure that retrieves command-and-control servers through blockchain transactions, making the campaign more resilient to takedowns.The latest wave also mimics widely used developer tools to maximise installation chances. “The…
-
Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse
Tags: ai, blockchain, control, exploit, infrastructure, malicious, malware, software, supply-chain, tool, updateThe evolving GlassWorm: Earlier research into the GlassWorm operation has revealed techniques such as heavy code obfuscation, the use of Unicode characters to hide malicious logic, and infrastructure that retrieves command-and-control servers through blockchain transactions, making the campaign more resilient to takedowns.The latest wave also mimics widely used developer tools to maximise installation chances. “The…
-
FBI Calls for Help to Track Steam Malware Campaign
Tags: malwareThe FBI wants to hear from gamers who have downloaded Steam titles containing malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-calls-help-track-steam-malware/
-
Advanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services
Android 17 will block non-accessibility apps from using the Accessibility API under Advanced Protection Mode to reduce malware abuse. Android 17 introduces a new security feature in Advanced Protection Mode (AAPM) that blocks apps without accessibility functions from accessing the Accessibility API. The change, first reported by Android Authority and included in Android 17 Beta…
-
IBM Discovers ‘Slopoly’ AI-Generated Malware Linked to Hive0163 Ransomware
Ransomware group Hive0163 is experimenting with a likely AI-generated malware framework, dubbed “Slopoly,” marking a visible shift toward AI-assisted tooling in attacks. While the malware itself is simple, its use shows how quickly threat actors can now generate and iterate on custom command-and-control clients using large language models (LLMs). Hive0163 is a financially motivated cluster…
-
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo’s LAB52 threat intelligence team.The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed…