Tag: malware
-
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware
High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phorpiex-phishing-global-group/
-
North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam
The scam involved a ClickFix attack where hackers install malware on a device by having the victim try to resolve fictitious technical issues. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-targeted-crypto-exec-clickfix
-
ZeroDayRAT malware grants full access to Android, iOS devices
A new commercial mobile spyware platform dubbed ZeroDayRAT is being advertised to cybercriminals on Telegram as a tool that provides full remote control over compromised Android and iOS devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zerodayrat-malware-grants-full-access-to-android-ios-devices/
-
Windows shortcut weaponized in Phorpiex-linked ransomware campaign
Phorpiex as the distribution layer: Forcepoint attributed the email distribution in this campaign to the Phorpiex botnet, also known as Trik. Phorpiex has been operating for more than a decade and is known for maintaining a large global footprint capable of delivering spam at scale. In this campaign, infected systems within the botnet are used…
-
Windows shortcut weaponized in Phorpiex-linked ransomware campaign
Phorpiex as the distribution layer: Forcepoint attributed the email distribution in this campaign to the Phorpiex botnet, also known as Trik. Phorpiex has been operating for more than a decade and is known for maintaining a large global footprint capable of delivering spam at scale. In this campaign, infected systems within the botnet are used…
-
TeamPCP Turns Cloud Misconfigurations Into a Self-Propagating Cybercrime Platform
Tags: api, attack, cloud, cyber, cybercrime, data-breach, docker, group, infrastructure, kubernetes, malware, threat, vulnerabilityTeamPCP, operating under aliases including PCPcat, ShellForce, and DeadCatx3, emerged in late 2025 as a cloud-native cybercrime operation that transforms misconfigured infrastructure into automated attack platforms. Unlike traditional malware groups, this threat actor doesn’t break into systems they walk through doors left open by exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and React2Shell-vulnerable…
-
Socelars Malware Targets Windows Systems to Steal Sensitive Data
Security researchers are tracking Socelars, an information-stealing Trojan aimed at Windows users that focuses on quietly harvesting browser-based access rather than damaging files. The malware is designed to collect authenticated session data and other system identifiers that can let attackers reuse a victim’s existing “logged-in” state to reach online services.”‹ Public reporting has linked Socelars to…
-
Trojaner an Bord: Mit Schadcode verseuchte 7-Zip-Version in Umlauf
Wer das Packprogramm 7-Zip herunterlädt, sollte dringend auf die korrekte Domain achten. Eine mit Malware verseuchte Version wurde gesichtet. First seen on golem.de Jump to article: www.golem.de/news/trojaner-an-bord-mit-schadcode-verseuchte-7-zip-versionen-in-umlauf-2602-205223.html
-
VoidLink Linux C2 Uses LLM-Generated Malware with Kernel-Level Stealth
VoidLink represents a concerning evolution in malware development: a sophisticated Linux command-and-control framework that shows clear signs of being built with AI assistance. This Linux malware operates as a modular implant designed for long-term access to compromised systems. It doesn’t discriminate between cloud providers, actively harvesting credentials from AWS, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, and…
-
NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting Critical National Infrastructure
NCSC call firms to ‘act now’ following disruptive malware attacks targeting Polish energy providers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ncsc-warning-severe-cyberattacks/
-
GuLoader Leverages Polymorphic Malware and Trusted Cloud Infrastructure to Evade Detection
GuLoader, also known as CloudEye, is a sophisticated malware downloader that has been active since late 2019. Its primary function is to download and install secondary malware, such as Remote Access Trojans (RATs) and information stealers, onto compromised systems. One of GuLoader’s most effective evasion strategies is its use of legitimate cloud services. Instead of…
-
Google Warns Over 1 Billion Android Phones Are Now at Risk
Google warns that over 40% of Android devices no longer receive security updates, leaving more than 1 billion devices exposed to malware and spyware attacks. The post Google Warns Over 1 Billion Android Phones Are Now at Risk appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-android-update-billion-devices-risk/
-
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code
VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/voidlink-malware-multi-cloud-ai/
-
âš¡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More
Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths.A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps,…
-
Node.js LTX Stealer Emerges as New Threat to Login Credentials
A new, sophisticated malware campaign dubbed >>LTX Stealer.<< This malware represents a shift in attacker techniques, utilizing legitimate software frameworks and cloud services to hide its activities and steal sensitive user data. By mimicking standard Windows processes, LTX Stealer is designed to operate quietly, making it difficult for traditional antivirus systems to detect. The malware…
-
OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks
Tags: access, ai, api, control, crowdstrike, crypto, cybersecurity, data, data-breach, email, exploit, gartner, github, governance, injection, macOS, malicious, malware, marketplace, network, risk, security-incident, skills, software, threat, tool, virus, vulnerabilityWhat prompted the response: The scanning initiative follows a series of security incidents documented by multiple firms over the past two weeks. Koi Security’s February 1 audit of all 2,857 ClawHub skills discovered 341 malicious ones in a campaign dubbed “ClawHavoc.”The professional-looking skills for cryptocurrency tools and YouTube utilities contained fake prerequisites that installed keyloggers…
-
OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks
Tags: access, ai, api, control, crowdstrike, crypto, cybersecurity, data, data-breach, email, exploit, gartner, github, governance, injection, macOS, malicious, malware, marketplace, network, risk, security-incident, skills, software, threat, tool, virus, vulnerabilityWhat prompted the response: The scanning initiative follows a series of security incidents documented by multiple firms over the past two weeks. Koi Security’s February 1 audit of all 2,857 ClawHub skills discovered 341 malicious ones in a campaign dubbed “ClawHavoc.”The professional-looking skills for cryptocurrency tools and YouTube utilities contained fake prerequisites that installed keyloggers…
-
DKnife targets network gateways in long running AitM campaign
Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
-
DKnife targets network gateways in long running AitM campaign
Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
-
Active Exploitation of SolarWinds Web Help Desk RCE Used to Drop Custom Malware
Threat actors are actively exploiting critical vulnerabilities in SolarWinds Web Help Desk (WHD) to deploy custom malware and establish persistent remote control. Security researchers observed these attacks starting on February 7, 2026, targeting organizations that had not yet applied the latest security patches. SolarWinds Web Help Desk RCE The intrusion leverages recently disclosed Remote Code…
-
ScarCruft Exploits Trusted Cloud Services and OLE Documents to Deliver Malware
The North Korean-backed advanced persistent threat (APT) group known as ScarCruft has significantly evolved its attack techniques. In a departure from their established methods, the group is now using a sophisticated OLE-based dropper to distribute its signature malware, ROKRAT. This new campaign highlights the group’s ability to abuse legitimate cloud services like pCloud and Yandex…
-
China-Linked DKnife Spyware Hijacking Internet Routers Since 2019
Cisco Talos uncovers DKnife, a China-nexus framework targeting routers and edge devices. Learn how seven stealthy implants hijack data and deliver malware via AitM attacks. First seen on hackread.com Jump to article: hackread.com/china-dknife-spyware-hijack-internet-routers-2019/
-
APT Hackers Abuse Trusted Edge Services to Stealthily Deploy Malware
APT activity across APAC is rising rapidly as geopolitical tensions continue to grow, and defenders are seeing more advanced tradecraft aimed at long-term access. Taiwan stood out as the most targeted environment, with 173 tracked attacks far higher than any other regional target highlighting its role as a focal point for espionage and strategic access.…
-
Cybersquatting Attacks Exploit Trusted Brands to Steal Customer Data and Spread Malware
The nightmare scenario for any modern business is simple but devastating: scammers clone your website, steal your domain identity, and rob your customers. By the time the complaints roll in, the money is gone, and your reputation is left in tatters. This practice, known as cybersquatting, is no longer just a nuisance it is a…
-
New Telegram Phishing Scam Hijacks Login Flow to Steal Fully Authorized User Sessions
A new and sophisticated Telegram phishing operation is active in the wild, targeting users globally by hijacking the platform’s legitimate authentication features. Unlike traditional phishing, which often relies on malware or cloning login pages to steal passwords, this campaign integrates directly with Telegram’s official infrastructure. The attackers register their own Telegram API credentials (api_id and api_hash) and…
-
The >>AllOne<< Spy: DKnife Malware Hijacks Routers to Swap Downloads
The post The >>All-in-One<< Spy: DKnife Malware Hijacks Routers to Swap Downloads appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/the-all-in-one-spy-dknife-malware-hijacks-routers-to-swap-downloads/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia Analyzing Dead#Vax: Analyzing Multi-Stage VHD…