Tag: malware
-
The >>AllOne<< Spy: DKnife Malware Hijacks Routers to Swap Downloads
The post The >>All-in-One<< Spy: DKnife Malware Hijacks Routers to Swap Downloads appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/the-all-in-one-spy-dknife-malware-hijacks-routers-to-swap-downloads/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia Analyzing Dead#Vax: Analyzing Multi-Stage VHD…
-
DKnife toolkit abuses routers to spy and deliver malware since 2019
DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerful Linux toolkit that threat actors use to spy on and control network traffic through routers and edge devices. It inspects and alters data in transit and installs malware on PCs, phones,…
-
Hackers Exploit Cybersquatting Tactics to Spread Malware and Steal Sensitive Information
Digital squatting has evolved from a simple trademark nuisance into a dangerous cybersecurity threat. In 2025, the World Intellectual Property Organization (WIPO) handled a record-breaking 6,200 domain name disputes. This figure continues a troubling trend, with cybersquatting cases rising by 68% since the 2020 pandemic. Today, criminal networks use these fake domains not just to…
-
DKnife Linux toolkit hijacks router traffic to spy, deliver malware
A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaigns. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dknife-linux-toolkit-hijacks-router-traffic-to-spy-deliver-malware/
-
Chinese-Made Malware Kit Targets Chinese-Based Routers and Edge Devices
DKnife is a Chinese made malware framework that targets Chinese-based users First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-malware-kit-targets-routers/
-
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that’s operated by China-nexus threat actors since at least 2019.The framework comprises seven Linux-based implants that are designed to perform deep packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Its primary targets seem to First seen…
-
17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware
Bitdefender Labs reveals that 17% of OpenClaw AI skills analyzed in February 2026 are malicious. With over 160,000… First seen on hackread.com Jump to article: hackread.com/openclaw-add-ons-crypto-theft-macos-malware/
-
FvncBot Targets Android Users, Exploiting Accessibility Services for Attacks
A previously undocumented Android banking trojan dubbed >>FvncBot.<< First observed in late 2025, this sophisticated malware disguises itself as a security application from mBank, a major Polish financial institution. Unlike many recent threats that recycle code from leaked sources like Ermac or Hook, FvncBot appears to be a completely new creation, demonstrating that threat actors…
-
China-Nexus Hackers Target Linux Devices to Redirect Traffic and Deploy Malware
>>DKnife,<< a sophisticated gateway-monitoring and adversary-in-the-middle (AitM) framework that turns Linux-based routers and edge devices into surveillance tools. Active since at least 2019, this campaign employs seven distinct Linux implants to inspect network traffic, hijack legitimate software downloads, and deploy advanced malware. The framework remains active as of January 2026, targeting personal computers, mobile phones,…
-
RenEngine Loader Deploys Stealthy Multi-Stage Execution to Bypass Security Measures
The malware family, RenEngine Loader, after discovering malicious logic embedded within what appears to be a legitimate Ren’Py-based game launcher. Active since April 2025, the operation has already compromised over 400,000 victims globally, with a localized focus on India, the United States, and Brazil. The campaign currently infects approximately 5,000 new machines daily by hiding malicious…
-
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution.The compromised versions of the two packages are listed below -@dydxprotocol/v4-client-js (npm) – 3.4.1, 1.22.1, 1.15.2, 1.0.31& First…
-
New Wave of Odyssey Stealer Targets macOS Users in Active Cyberattack Campaign
A significant surge in Odyssey Stealer activity is currently targeting macOS users across multiple continents, with recent telemetry data revealing a dramatic geographic expansion of this sophisticated information-stealing campaign. Security researchers have observed newly updated malware samples spreading rapidly beyond their initial focus areas, now affecting users in the United Kingdom, Germany, Italy, Canada, Brazil,…
-
ChatGPT-Verbesserung durch Malewarebytes: Erkennung von Scams, Malware und Online-Risiken
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/chatgpt-verbesserung-malewarebytes-erkennung-scams-malware-online-risiken
-
New APT group breached gov and critical infrastructure orgs in 37 countries
Tags: apt, backdoor, computer, control, espionage, finance, framework, government, group, infrastructure, linux, malware, monitoring, network, software, threat, tool, usa, vulnerabilityA complex toolset of implants: In addition to Cobalt Strike, the group uses various other malware payloads and command-and-control (C2) frameworks, including VShell, Havoc, SparkRat, and Sliver. On compromised web servers, the attackers deploy a variety of web shells, including Behinder, Neo-reGeorg, and Godzilla.On Linux servers the group has been seen deploying a rootkit dubbed…
-
New APT group breached gov and critical infrastructure orgs in 37 countries
Tags: apt, backdoor, computer, control, espionage, finance, framework, government, group, infrastructure, linux, malware, monitoring, network, software, threat, tool, usa, vulnerabilityA complex toolset of implants: In addition to Cobalt Strike, the group uses various other malware payloads and command-and-control (C2) frameworks, including VShell, Havoc, SparkRat, and Sliver. On compromised web servers, the attackers deploy a variety of web shells, including Behinder, Neo-reGeorg, and Godzilla.On Linux servers the group has been seen deploying a rootkit dubbed…
-
Red Team Malware à la carte: Allpacka zur Simulation höchst befähigter Hacker-Angriffe
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/red-team-malware-a-la-carte-allpacka-simulation-hacker-angriffe
-
Cyberkriminelle nutzen den OpenClaw-Hype für Verbreitung von VB-Skripten und Malware
Die Entwicklung des KI-Agenten Moltbot (zuerst Clawdbot, inzwischen in OpenClaw umbenannt) sollte für die Security-Community und Technik- sowie KI-Begeisterte insgesamt eine Lehre sein. Obwohl der Agent erst kürzlich veröffentlicht wurde, zeigt das große Interesse und die Begeisterung in den sozialen Medien, wie schnell KI-Themen in der Tech-Community viral gehen. Leider wird dieser Hype bereits von…
-
Why a decade-old EnCase driver still works as an EDR killer
Attackers are leaning on a new EDR killer malware that can shut down 59 widely used endpoint security products by misusing a kernel driver that once shipped with Guidance … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/05/edr-killer-vulnerable-encase-driver/
-
New DesckVB RAT Unveiled with Multi-Stage Infection Chain and Plugin-Based Architecture
A sophisticated strain of the DeskVB Remote Access Trojan (RAT) has been identified in the wild, showcasing a highly modular architecture and a complex, multi-stage infection chain. While the malware family itself is not entirely new, this latest iteration (v2.9.0.0) stands out for its operational stability and >>plugin-based<< design, which allow attackers to deploy capabilities…
-
New 3-Step Malvertising Chain Exploits Facebook Ads to Promote Tech Support Scam Kit
A new, sophisticated malvertising campaign targeting users in the United States. This attack leverages Facebook’s massive paid advertising platform to lure victims into a tech support scam (TSS) kit. The campaign is notable for its rapid infrastructure rotation and a distinct three-step redirection chain designed to bypass standard security filters. The attack begins with a…
-
Attackers Use Windows Screensavers to Drop Malware, RMM Tools
By tapping the unusual .scr file type, attackers leverage executables that don’t always receive executable-level controls, one researcher noted. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/attackers-use-screensavers-drop-malware-rmm-tools
-
DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of “disciplined tradecraft and clever abuse of legitimate system features” to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT.”The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory First…
-
Global SystemBC Botnet Found Active Across 10,000 Infected Systems
SystemBC malware linked to 10,000 infected IPs, posing risks to sensitive government infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/global-systembc-botnet-10000/
-
Russian hackers exploited a critical Office bug within days of disclosure
One campaign, two infection paths: ZScaler found that exploitation of CVE-2026-21509 did not lead to a single uniform payload. Instead, the initial RTF-based exploit branched into two distinct infection paths, each serving a different operational purpose. The choice of dropper reportedly determined whether the attackers prioritized near-term intelligence collection or longer-term access to compromised systems.In…
-
Supply Chain Attack Exploits Notepad++ Update Mechanism to Push Targeted Malware
Notepad++, a widely used text editor among developers, became the target of a sophisticated supply chain attack that compromised its update infrastructure for nearly 6 months. On February 2, 2026, the developers published a statement revealing that attackers gained control of the update mechanism due to a hosting provider-level incident occurring from June to September…
-
Cyberangriffe auf Europa: Russische Hacker attackieren Office-Nutzer
Die dem russischen Militär zugeordnete Hackergruppe APT28 hat es auf Nutzer von Microsoft Office abgesehen und schleust durch eine Lücke Malware ein. First seen on golem.de Jump to article: www.golem.de/news/cyberangriffe-auf-europa-russische-hacker-attackieren-office-nutzer-2602-204982.html
-
ValleyRAT Masquerades as LINE Installer to Target Users and Harvest Login Credentials
A malware campaign where cybercriminals distribute a fake LINE messenger installer that secretly deploys the ValleyRAT malware to steal credentials and evade detection. Since early 2025, threat actors have increasingly used fraudulent software installers to deliver malware. This campaign shares techniques with previously discovered LetsVPN-themed attacks, including task-scheduler persistence, PowerShell-based evasion, and C2 communications via Hong Kong servers. Cybereason GSOC performed…