Tag: malware
-
Notepad++ Updates Delivered Malware After Hosting Provider Breach
A months-long breach allowed Chinese State-sponsored hackers to hijack Notepad++ updates in 2025, exposing users to malware via a compromised hosting provider. First seen on hackread.com Jump to article: hackread.com/notepad-updates-malware-hosting-breach/
-
Hugging Face Repositories Abused in New Android Malware Campaign
Attackers exploited Hugging Face’s trusted infrastructure to spread an Android RAT, using fake security apps and thousands of malware variants. The post Hugging Face Repositories Abused in New Android Malware Campaign appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-hugging-face-android-rat-malware-campaign/
-
This stealthy Windows RAT holds live conversations with its operators
Tags: access, data, detection, injection, malware, mitigation, monitoring, powershell, rat, reverse-engineering, theft, windowsRAT capabilities and stealer functionality: The .NET payload implements a remote access trojan that allows operators to interact directly with compromised systems. Unlike many commodity RATs that rely on periodic check-ins, this malware supports live command handling, enabling attackers to issue instructions and receive responses in near real-time.This interactive design allows operators to perform reconnaissance,…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors Who Operates the Badbox 2.0 Botnet? Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload…
-
Android RAT Uses Hugging Face to Host Malware
Bitdefender has discovered a new Android malware campaign that uses Hugging Face First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-rat-hugging-face-host/
-
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility’s update mechanism to redirect update traffic to malicious servers instead.”The attack involved [an] infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org,” developer Don Ho said. “The compromise occurred at the hosting First seen on thehackernews.com Jump…
-
PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware
A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments. The framework has been observed in two coordinated campaigns, SHADOW-VOID-044 and SHADOW-EARTH-045, targeting Chinese gambling industries, Asian government entities, and private organizations with advanced malware, including HOLODONUT and MKDOOR backdoors. PeckBirdy distinguishes itself through its…
-
PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware
A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments. The framework has been observed in two coordinated campaigns, SHADOW-VOID-044 and SHADOW-EARTH-045, targeting Chinese gambling industries, Asian government entities, and private organizations with advanced malware, including HOLODONUT and MKDOOR backdoors. PeckBirdy distinguishes itself through its…
-
ShadowHS: New Stealthy Fileless Linux Malware Spreads Automatically
A sophisticated fileless Linux malware framework, ShadowHS, that represents a significant evolution in post-exploitation tooling. Unlike traditional malware binaries, ShadowHS operates entirely in memory and demonstrates advanced operator-driven capabilities designed specifically for long-term persistence in defended enterprise environments. ShadowHS is not a standalone malware binary but rather a heavily modified variant of the hackshell utility…
-
eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems.”Malicious updates were distributed through eScan’s legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise First seen on thehackernews.com Jump to…
-
Dezember 2025: 191 Prozent mehr Malware-Angriffe
Zum Jahreswechsel 2025/2026 hat sich die globale Bedrohungslage im Cyberraum spürbar verschärft. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/191-prozent-mehr-malware-angriffe
-
Keine Malware nötig: So leicht lässt sich Googles Gemini über den Kalender hacken
First seen on t3n.de Jump to article: t3n.de/news/keine-malware-noetig-so-leicht-laesst-sich-googles-gemini-ueber-den-kalender-hacken-1726136/
-
Infostealer im Wandel: Wie JSCEAL gezielt Krypto-Nutzer angreift
Schadsoftware entwickelt sich oft nicht sprunghaft, sondern schrittweise und gerade darin liegt ihre Gefahr. Der Infostealer JSCEAL ist ein aktuelles Beispiel dafür, wie aus einem einfachen Werkzeug eine technisch ausgereifte Malware wird. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/infostealer-jsceal-krypto-nutzer
-
Windows Malware Uses Pulsar RAT for Live Chats While Stealing Data
We usually think of computer viruses as silent, invisible programs running in the background, but a worrying discovery shows that modern hackers are getting much more personal. First seen on hackread.com Jump to article: hackread.com/windows-malware-pulsar-rat-live-chats-steal-data/
-
DynoWiper update: Technische Analyse und neue Erkenntnisse
ESET-Forscher präsentieren technische Details zur zerstörerischen Malware, die gegen ein Energieunternehmen in Polen eingesetzt wurde. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/dynowiper-update-technische-analyse-und-neue-erkenntnisse/
-
Arsink Spyware Posing as WhatsApp, YouTube, Instagram, TikTok Hits 143 Countries
Another day, another Android malware campaign targeting unsuspecting users worldwide by masquerading as popular apps. First seen on hackread.com Jump to article: hackread.com/arsink-spyware-whatsapp-youtube-instagram-tiktok/
-
GhostChat Spyware Targets Android Users Through WhatsApp, Steals Sensitive Data
A sneaky Android spyware called GhostChat, which tricks Pakistan-based users with romance scams via WhatsApp. The malware grabs sensitive data like contacts, photos, and files from victims’ devices. Threat actors pose as dating apps to hook targets. GhostChat mimics a legit chat platform named >>Dating Apps without payment,<< stealing its icon for trust. Users must…
-
Threat Actors Hide Behind School-Themed Domains In Newly Uncovered Bulletproof Infrastructure
A sophisticated traffic distribution system (TDS) hiding behind education-themed domains. The operation uses bulletproof hosting to deliver phishing pages, scams, and malware files. Analysts triaged a first-stage JavaScript loader from hxxps[:]//toxicsnake-wifes[.]com/promise/script.js. This revealed a commodity cybercrime farm routing victims to harmful payloads. The main domain, toxicsnake-wifes[.]com, acts as a TDS node. It injects db.php with…
-
Sophisticated Malware Lurks In Open VSX Extension With 5,066 Downloads
A malicious VS Code extension in the Open VSX registry that masquerades as the popular Angular Language Service. Published two weeks ago, it amassed 5,066 downloads before activating sophisticated malware. The extension bundles legitimate Angular tooling (@angular/language-service 21.1.0-rc.0) and TypeScript 5.9.3. However, it contains malicious code hidden in the extension/index.js file, posing a severe supply-chain…
-
Hugging Face infra abused to spread Android RAT in a large-scale malware campaign
Abuse through smart hosting: Hugging Face is a go-to platform for developers hosting machine learning models, datasets, and tooling. According to Bitdefender, the resource is now being leveraged to mask malicious downloads amidst legitimate activity. While the platform uses ClamAV scanning on uploads, these controls currently fall short of filtering out cleverly disguised malware repositories,…
-
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026.The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of…
-
New AI-Developed Malware Campaign Targets Iranian Protests
The RedKitten campaign distributes lures designed to target people seeking information about missing persons or political dissidents in Iran First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-malware-redkitten-iranian/
-
Cyble Research Discovers ShadowHS, an In-Memory Linux Framework for Long-Term Access
Cyble Research & Intelligence Labs (CRIL) has uncovered a post-exploitation Linux framework called ShadowHS, designed for stealthy, in-memory operations. Unlike traditional malware, ShadowHS leverages a fileless architecture and a weaponized version of hackshell, enabling attackers to maintain long-term, operator-controlled access to compromised Linux systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/shadowhs-fileless-linux-exploitation-framework/
-
Chinese APTs Hacking Asian Orgs With High-End Malware
Advanced persistent threat (APT) groups have deployed new cyber weapons against a variety of targets, highlighting the increasing threats to the region. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-apts-asian-orgs-high-end-malware
-
Hugging Face abused to spread thousands of Android malware variants
A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hugging-face-abused-to-spread-thousands-of-android-malware-variants/
-
Report: Open Source Malware Instances Increased 73% in 2025
ReversingLabs this week published a report that finds there was a 73% increase in the number of malicious open source packages discovered in 2025 compared with the previous year. More than 10,000 malicious open source packages were discovered, most of which involved node package managers (npms) that cybercriminals were using to compromise software supply chains……
-
Google disrupts IPIDEA residential proxy networks fueled by malware
IPIDEA, one of the largest residential proxy networks used by threat actors, was disrupted earlier this week by Google Threat Intelligence Group (GTIG) in collaboration with industry partners. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-disrupts-ipidea-residential-proxy-networks-fueled-by-malware/
-
Not a Kids Game: From Roblox Mod to Compromising Your Company
Seemingly harmless game mods can hide infostealer malware that quietly steals identities. Flare shows how Roblox mods can turn a home PC infection into corporate compromise. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/not-a-kids-game-from-roblox-mod-to-compromising-your-company/
-
Fake “Mac Cleaner” Campaign Uses Google Ads to Redirect Users to Malware
Cybercriminals are exploiting Google Search Ads to distribute malware through deceptive landing pages that impersonate Apple’s official website design. The malicious ads appear prominently in Google Search results when users search for >>mac cleaner,<< displaying trusted domains such as docs.google.com and business.google.com as landing pages. However, clicking these ads redirects users to Google Apps Script…
-
eScan Antivirus Update Server Breached to Deliver Malicious Software Updates
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer endpoints worldwide. Security researchers immediately alerted the vendor, which isolated the affected infrastructure within one hour and took its global update system offline…