Tag: malware
-
Dezember 2025: 191 Prozent mehr Malware-Angriffe
Zum Jahreswechsel 2025/2026 hat sich die globale Bedrohungslage im Cyberraum spürbar verschärft. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/191-prozent-mehr-malware-angriffe
-
Keine Malware nötig: So leicht lässt sich Googles Gemini über den Kalender hacken
First seen on t3n.de Jump to article: t3n.de/news/keine-malware-noetig-so-leicht-laesst-sich-googles-gemini-ueber-den-kalender-hacken-1726136/
-
Infostealer im Wandel: Wie JSCEAL gezielt Krypto-Nutzer angreift
Schadsoftware entwickelt sich oft nicht sprunghaft, sondern schrittweise und gerade darin liegt ihre Gefahr. Der Infostealer JSCEAL ist ein aktuelles Beispiel dafür, wie aus einem einfachen Werkzeug eine technisch ausgereifte Malware wird. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/infostealer-jsceal-krypto-nutzer
-
Windows Malware Uses Pulsar RAT for Live Chats While Stealing Data
We usually think of computer viruses as silent, invisible programs running in the background, but a worrying discovery shows that modern hackers are getting much more personal. First seen on hackread.com Jump to article: hackread.com/windows-malware-pulsar-rat-live-chats-steal-data/
-
DynoWiper update: Technische Analyse und neue Erkenntnisse
ESET-Forscher präsentieren technische Details zur zerstörerischen Malware, die gegen ein Energieunternehmen in Polen eingesetzt wurde. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/dynowiper-update-technische-analyse-und-neue-erkenntnisse/
-
Arsink Spyware Posing as WhatsApp, YouTube, Instagram, TikTok Hits 143 Countries
Another day, another Android malware campaign targeting unsuspecting users worldwide by masquerading as popular apps. First seen on hackread.com Jump to article: hackread.com/arsink-spyware-whatsapp-youtube-instagram-tiktok/
-
GhostChat Spyware Targets Android Users Through WhatsApp, Steals Sensitive Data
A sneaky Android spyware called GhostChat, which tricks Pakistan-based users with romance scams via WhatsApp. The malware grabs sensitive data like contacts, photos, and files from victims’ devices. Threat actors pose as dating apps to hook targets. GhostChat mimics a legit chat platform named >>Dating Apps without payment,<< stealing its icon for trust. Users must…
-
Threat Actors Hide Behind School-Themed Domains In Newly Uncovered Bulletproof Infrastructure
A sophisticated traffic distribution system (TDS) hiding behind education-themed domains. The operation uses bulletproof hosting to deliver phishing pages, scams, and malware files. Analysts triaged a first-stage JavaScript loader from hxxps[:]//toxicsnake-wifes[.]com/promise/script.js. This revealed a commodity cybercrime farm routing victims to harmful payloads. The main domain, toxicsnake-wifes[.]com, acts as a TDS node. It injects db.php with…
-
Sophisticated Malware Lurks In Open VSX Extension With 5,066 Downloads
A malicious VS Code extension in the Open VSX registry that masquerades as the popular Angular Language Service. Published two weeks ago, it amassed 5,066 downloads before activating sophisticated malware. The extension bundles legitimate Angular tooling (@angular/language-service 21.1.0-rc.0) and TypeScript 5.9.3. However, it contains malicious code hidden in the extension/index.js file, posing a severe supply-chain…
-
Hugging Face infra abused to spread Android RAT in a large-scale malware campaign
Abuse through smart hosting: Hugging Face is a go-to platform for developers hosting machine learning models, datasets, and tooling. According to Bitdefender, the resource is now being leveraged to mask malicious downloads amidst legitimate activity. While the platform uses ClamAV scanning on uploads, these controls currently fall short of filtering out cleverly disguised malware repositories,…
-
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026.The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of…
-
New AI-Developed Malware Campaign Targets Iranian Protests
The RedKitten campaign distributes lures designed to target people seeking information about missing persons or political dissidents in Iran First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-malware-redkitten-iranian/
-
Cyble Research Discovers ShadowHS, an In-Memory Linux Framework for Long-Term Access
Cyble Research & Intelligence Labs (CRIL) has uncovered a post-exploitation Linux framework called ShadowHS, designed for stealthy, in-memory operations. Unlike traditional malware, ShadowHS leverages a fileless architecture and a weaponized version of hackshell, enabling attackers to maintain long-term, operator-controlled access to compromised Linux systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/shadowhs-fileless-linux-exploitation-framework/
-
Chinese APTs Hacking Asian Orgs With High-End Malware
Advanced persistent threat (APT) groups have deployed new cyber weapons against a variety of targets, highlighting the increasing threats to the region. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-apts-asian-orgs-high-end-malware
-
Hugging Face abused to spread thousands of Android malware variants
A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hugging-face-abused-to-spread-thousands-of-android-malware-variants/
-
Report: Open Source Malware Instances Increased 73% in 2025
ReversingLabs this week published a report that finds there was a 73% increase in the number of malicious open source packages discovered in 2025 compared with the previous year. More than 10,000 malicious open source packages were discovered, most of which involved node package managers (npms) that cybercriminals were using to compromise software supply chains……
-
Google disrupts IPIDEA residential proxy networks fueled by malware
IPIDEA, one of the largest residential proxy networks used by threat actors, was disrupted earlier this week by Google Threat Intelligence Group (GTIG) in collaboration with industry partners. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-disrupts-ipidea-residential-proxy-networks-fueled-by-malware/
-
Not a Kids Game: From Roblox Mod to Compromising Your Company
Seemingly harmless game mods can hide infostealer malware that quietly steals identities. Flare shows how Roblox mods can turn a home PC infection into corporate compromise. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/not-a-kids-game-from-roblox-mod-to-compromising-your-company/
-
Fake “Mac Cleaner” Campaign Uses Google Ads to Redirect Users to Malware
Cybercriminals are exploiting Google Search Ads to distribute malware through deceptive landing pages that impersonate Apple’s official website design. The malicious ads appear prominently in Google Search results when users search for >>mac cleaner,<< displaying trusted domains such as docs.google.com and business.google.com as landing pages. However, clicking these ads redirects users to Google Apps Script…
-
eScan Antivirus Update Server Breached to Deliver Malicious Software Updates
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer endpoints worldwide. Security researchers immediately alerted the vendor, which isolated the affected infrastructure within one hour and took its global update system offline…
-
Python-Based PyRAT Emerges as Cross-Platform Threat With Advanced Remote Access Capabilities
In the evolving landscape of cyber threats, attackers increasingly leverage Python to develop sophisticated Remote Access Trojans (RATs) that evade traditional security controls. Python’s widespread adoption and cross-platform compatibility make it an attractive development platform for threat actors seeking to maximize their reach. Unlike compiled binaries, Python-based malware compiled into ELF and PE formats poses…
-
Matanbuchus Malware Evolves to Bypass AV Defenses by Swapping Core Components
Matanbuchus is a malicious C++-based downloader that has been sold as Malware-as-a-Service (MaaS) since 2020. Initially known as a simple loader for second-stage payloads, it has steadily evolved into a flexible backdoor platform that is increasingly tied to ransomware operations. In July 2025, researchers observed Matanbuchus version 3.0 in the wild, featuring redesigned components, stronger…
-
Virenschutz ade: Malware über Update-Server von Antivirus-Tool verteilt
Angreifer haben über das Antivirus-Tool eScan Malware auf Nutzersysteme geschleust. Ein Update-Server des Anbieters war kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/von-wegen-virenschutz-malware-ueber-update-server-von-antivirus-tool-verteilt-2601-204754.html
-
Dissecting UAT-8099: New persistence mechanisms and regional focus
Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-8099-new-persistence-mechanisms-and-regional-focus/
-
Von wegen Virenschutz: Malware über Update-Server von Antivirus-Tool verteilt
Angreifer haben über das Antivirus-Tool eScan Malware auf Nutzersysteme geschleust. Ein Update-Server des Anbieters war kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/von-wegen-virenschutz-malware-ueber-update-server-von-antivirus-tool-verteilt-2601-204754.html
-
Open-source malware zeroes in on developer environments
Open source malware activity during 2025 concentrated on a single objective: executing code inside developer environments, according to Sonatype. The focus reflected a broader … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/report-open-source-malware-activity/
-
31 More Charged in Massive ATM Jackpotting Scheme Linked to Tren de Aragua Gang
The DOJ indicted 31 people accused of participating in an ATM jackpotting scheme in which the venerable Ploutus malware was used to help steal more than $5 million from machines around the United States. In total, 87 people have been charged, with many connected to the Tren de Aragua Venezuelan crime syndicate. First seen on…
-
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims to be a free artificial intelligence (AI) coding assistant, but stealthily drops a malicious payload on compromised hosts.The extension, named “ClawdBot Agent – AI Coding Assistant” (“clawdbot.clawdbot-agent”) First seen on…
-
FBI seizes RAMP cybercrime forum used by ransomware gangs
The FBI has seized the notorious RAMP cybercrime forum, a platform used to advertise a wide range of malware and hacking services, and one of the few remaining forums that openly allowed the promotion of ransomware operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-seizes-ramp-cybercrime-forum-used-by-ransomware-gangs/
-
Hackers Still Using Patched WinRAR Flaw for Malware Drops, Warns Google
The Google Threat Intelligence Group (GTIG) warns that nation-state actors and financially motivated threat actors are exploiting a… First seen on hackread.com Jump to article: hackread.com/hackers-patch-winrar-flaw-malware-google/