Tag: malware
-
Massives Datenleck bedroht rund 150 Millionen Benutzer
Tags: credentials, credit-card, crypto, cyberattack, data-breach, finance, fraud, login, mail, malware, password, phishing, riskDie offengelegten Zugangsdaten stellen ein erhebliches Sicherheitsrisiko dar.Der Cybersicherheitsforscher Jeremiah Fowler deckte kürzlich ein Datenleck mit 149 Millionen Login-Daten auf. Zu den Opfern zählen vor allem Nutzer großer Tech-und Streaming-Anbieter. Aber auch Finanzdienstleistungskonten, Krypto-Wallets oder Handelskonten, Bank- und Kreditkarten-Logins tauchten in den offengelegten Datensätzen auf. Laut Forschungsbericht enthält die Datenbank jedoch nicht nur Benutzernamen und…
-
Cybercriminals Leverage AI-Generated Malicious Job Offers to Spread PureRAT Malware
A Vietnamese threat actor is using AI-authored code to power a phishing campaign that delivers the PureRAT malware and related payloads, leveraging realistic job-themed lures to compromise corporate systems. The campaign, first documented by Trend Micro in December 2025, initially used malicious ZIP and RAR attachments posing as job opportunity documents. More recent activity observed…
-
Emojis in PureRAT’s Code Point to AI-Generated Malware Campaign
Researchers discover that PureRAT’s code now contains emojis indicating it has been written by AI based-on comments ripped from social media. First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/emojis-in-purerats-code/
-
Betrügerische Immobilienangebote: BSI warnt vor Malware bei Kleinanzeigen
Angreifer haben es mal wieder auf Kleinanzeigen-Nutzer abgesehen. Sie verbreiten Malware und ködern sie mit Onlinebesichtigungen für Immobilien. First seen on golem.de Jump to article: www.golem.de/news/kleinanzeigen-verlockende-immobilienangebote-mit-malware-im-schlepptau-2601-204714.html
-
Sicarii ransomware locks your data and throws away the keys
Tags: ai, business, communications, compliance, credentials, data, encryption, extortion, finance, malware, network, ransomware, risk, vulnerabilityUnusual technical profile hints at vibe-coding: One possible explanation for Sicarii’s broken encryption flow is immature or poorly implemented development practices. The ransomware’s failure to retain usable keys is inconsistent with established ransomware design and suggests it may have been assembled without rigorous testing or a clear understanding of operational consequences, or even vibe-coded.”Halcyon assesses…
-
Kleinanzeigen: Verlockende Immobilienangebote mit Malware im Schlepptau
Tags: malwareAngreifer haben es mal wieder auf Kleinanzeigen-Nutzer abgesehen. Sie verbreiten Malware und ködern sie mit Onlinebesichtigungen für Immobilien. First seen on golem.de Jump to article: www.golem.de/news/kleinanzeigen-verlockende-immobilienangebote-mit-malware-im-schlepptau-2601-204714.html
-
Phantom Malware in Android Game Mods Hijacks Devices for Ad Fraud
Another day, another Android malware strain. This time, Phantom malware (aka Android.Phantom) is targeting users who install third-party gaming apps from unofficial sources. First seen on hackread.com Jump to article: hackread.com/phantom-malware-android-game-mods-ad-fraud/
-
Password Reuse in Disguise: An Often-Missed Risky Workaround
When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of the most persistent and underestimated risks to organizational security remains far more ordinary.Near-identical password reuse continues to slip past security controls, often First seen…
-
Sicherheitslücke: Mehrere Hackergruppen attackieren Winrar-Nutzer seit Monaten
Cyberakteure aus mehreren Ländern nutzen seit Mitte 2025 eine bekannte Winrar-Lücke aus. Sie schleusen Trojaner und andere Malware ein. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-mehrere-hackergruppen-attackieren-winrar-nutzer-seit-monaten-2601-204699.html
-
Another Credential Leak, Another Dollar
A 149M-credential breach shows why encryption alone isn’t enough. Infostealer malware bypasses cloud security by stealing passwords at the endpoint”, where encryption offers no protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/another-credential-leak-another-dollar/
-
Another Credential Leak, Another Dollar
A 149M-credential breach shows why encryption alone isn’t enough. Infostealer malware bypasses cloud security by stealing passwords at the endpoint”, where encryption offers no protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/another-credential-leak-another-dollar/
-
Another Credential Leak, Another Dollar
A 149M-credential breach shows why encryption alone isn’t enough. Infostealer malware bypasses cloud security by stealing passwords at the endpoint”, where encryption offers no protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/another-credential-leak-another-dollar/
-
‘Stanley’ Toolkit Turns Chrome Into Undetectable Phishing Vector
The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/stanley-toolkit-chrome-undetectable-phishing
-
Android Adds ‘Accountability Layer’ to Third-Party Apps
Android is adding new verification steps to sideloaded apps, introducing friction for advanced users while aiming to reduce malware, fraud, and scams. The post Android Adds ‘Accountability Layer’ to Third-Party Apps appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-android-sideloading-verification-update/
-
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP – Part 2
Tags: access, ai, api, apt, attack, backdoor, backup, cloud, control, credentials, data, dns, email, exploit, github, google, government, group, india, infection, infrastructure, Internet, linux, malicious, malware, microsoft, monitoring, network, phishing, powershell, programming, service, tactics, threat, tool, update, windowsThis is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP, used to power the Sheet Attack campaign. In Part 2 of this series, ThreatLabz will…
-
US charges 31 more suspects linked to ATM malware attacks
A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-charges-31-more-suspects-linked-to-atm-malware-attacks/
-
Living Off the Web: How Fake Captcha Turned Trust Into a Malware Delivery Channel
Fake Captcha abuses trusted web interactions to deliver malware and evade traditional detection. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/living-off-the-web-how-fake-captcha-turned-trust-into-a-malware-delivery-channel/
-
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses
A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/27/malware-delivery-via-windows-app-v-lolbin/
-
Attackers Hijack GitHub Desktop Repo to Spread Malware via Official Installer
Threat actors have successfully exploited a design flaw in GitHub’s fork architecture to distribute malware disguised as the legitimate GitHub Desktop installer. The attack chain begins with a deceptively simple but effective technique. Attackers create throwaway GitHub accounts and fork the official GitHub Desktop repository. They then modify the download link in the README file…
-
G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload
A highly sophisticated infostealer malware disguised as a legitimate npm UI component library has been targeting developers through the ansi-universal-ui package. The malware, internally identified as >>G_Wagon,<>a lightweight, modular UI component […] The post G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload appeared first on GBHackers Security | #1 Globally Trusted…
-
Hackers Exploit SEO Poisoning to Target Users Seeking Legitimate Tools
Search engine optimization (SEO) poisoning techniques to trick users into downloading malicious software disguised as legitimate tools. This attack campaign involves manipulating search results to promote fake repositories and archives containing BAT executable files that impersonate popular applications. Once users execute these files, the malware establishes contact with command-and-control (C2) servers to deliver secondary payloads,…
-
149 Millionen gestohlenen Benutzernamen Es reicht nicht Passwörter zu ändern. Vielmehr muss der Zugriff kontrolliert und reduziert werden.
Eine öffentlich zugängliche Datenbank mit 149 Millionen gestohlenen Benutzernamen und Passwörtern wurde vom Netz genommen, nachdem ein Sicherheitsforscher die Sicherheitslücke entdeckt und den Hosting-Anbieter darüber informiert hatte. Die Datenbank scheint mithilfe von Infostealer-Malware zusammengestellt worden zu sein, die unbemerkt Anmeldedaten von infizierten Geräten abgreift. Ein Kommentar von Shane Barney, CISO bei Keeper Security. Die Zahlen…
-
Beauty in Destruction: Exploring Malware’s Impact Through Art
Artistic initiatives turn cybersecurity into immersive exhibits at the Museum of Malware Art, transforming digital threats into thought-provoking experiences. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/beauty-in-destruction-exploring-malware-impact-through-art
-
Botnet Spotlight: Pressure rises on botnets, but the fight is far from over
Momentum is building in the fight against botnets, as network operators and law enforcement ramp up crackdowns on botnet infrastructure, malware, and bulletproof hosting providers. While major takedowns show progress, cybercriminals are still adapting, learn more in this latest edition of the Botnet Spotlight. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/botnet-spotlight-pressure-rises-on-botnets-but-the-fight-is-far-from-over/
-
Sysdig entdeckt C2-kompilierte Kernel-Rootkits und neue Tarnmechanismen im LinuxFramework Voidlink
Sysdig hat Voidlink, ein in China entwickeltes Linux-Malware-Framework zur gezielten Attacke auf Cloud-Umgebungen, untersucht. Vorausgegangen war dieser technisch tiefgehenden Analyse die Aufdeckung von Voidlink durch Check Point Research am 13. Januar 2026. In der eigenen Analyse war es Sysdig möglich, Loader-Kette, Rootkit-Interna und Kontrollmechanismen detailliert unter die Lupe zu nehmen und zu dekonstruieren inklusive […]…
-
Poland Thwarts Russian Wiper Malware Attack on Power Plants
Poland blocked a Russian wiper malware attack on power and heating plants, officials say, avoiding outages during winter and prompting tighter cyber rules. First seen on hackread.com Jump to article: hackread.com/poland-thwarts-russian-wiper-malware-power-plants/
-
149 million compromised credentials expose growing infostealer malware crisis
A recently discovered online database containing 149 million stolen usernames and passwords has been taken offline after being identified by security researcher Jeremiah Fowler. While the exposure has now been addressed, the scale and nature of the data involved underline a far deeper and ongoing cybersecurity challenge: the industrialisation of credential theft through infostealing malware.…
-
Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud
Tags: authentication, bug-bounty, control, corporate, defense, email, github, guide, hacker, malicious, malware, microsoft, vulnerabilitydisabling the ability to run lifecycle scripts, commands that run automatically during package installation,saving lockfile integrity checks (package-lock.json, pnpm-lock.yaml, and others) to version control (git). The lockfile records the exact version and integrity hash of every package in a dependency tree. On subsequent installs, the package manager checks incoming packages against these hashes, and if…