Tag: malware
-
Possible US Government iPhone Hacking Tool Leaked
Tags: data-breach, defense, exploit, google, government, group, hacking, iphone, malware, tool, vulnerabilityWired writes (alternate source): Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it visits a website containing the exploitation code.…
-
RFQ Malware Campaign Uses DOCX, RTF, JS, and Python
Hackers are abusing DOCX, RTF, JavaScript, PowerShell, and Python to deliver an in”‘memory Cobalt Strike beacon in a stealthy spear”‘phishing campaign that impersonates Boeing procurement under the tag NKFZ5966PURCHASE. The operation chains six stages, relies heavily on living”‘off”‘the”‘land binaries, and reuses the same encryption keys across all known samples, creating both strong evasion and clear…
-
Nur schwer löschbar: Android-Malware millionenfach über Google Play verteilt
Eine über den Google Play Store verbreitete Android-Malware nutzt alte Lücken aus, um tief ins System einzudringen. Anwender merken davon nichts. First seen on golem.de Jump to article: www.golem.de/news/nur-schwer-loeschbar-android-malware-millionenfach-ueber-google-play-verteilt-2604-207201.html
-
TrueConf zero-day vulnerability exploited to target government networks
Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within government networks in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/02/trueconf-zero-day-vulnerability-cyber-espionage/
-
TA416 Broadens Europe Spy Campaign With Web Bugs and Malware
China-aligned threat actor TA416 has resumed large-scale espionage against European governments. It is now expanding to Middle Eastern diplomatic targets, combining web bug reconnaissance with constantly evolving malware delivery chains that culminate in a customized PlugX backdoor. From mid-2025, TA416 restarted regular targeting of European government and diplomatic entities after a two”‘year lull, with a…
-
WhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI Backdoor
A new malware campaign that abuses WhatsApp messages to deliver malicious Visual Basic Script (VBS) files to Windows users, enabling persistent remote access through unsigned MSI installers. The campaign starts with WhatsApp messages carrying VBS attachments that appear benign but execute as scripts when opened on Windows. Once launched, the initial script creates hidden folders…
-
‘NoVoice’ Android malware on Google Play infected 2.3 million devices
A new Android malware named NoVoice was found on Google Play, hidden in more than 50 apps that were downloaded at least 2.3 million times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/novoice-android-malware-on-google-play-infected-23-million-devices/
-
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE.As part of the attacks, the threat actors, tracked as UAC-0255, sent emails on March 26 and 27, 2026, posing as CERT-UA to…
-
Hackers Are Using WhatsApp to Deliver Malware to Windows PCs
Hackers are using WhatsApp messages to deliver malware to Windows PCs, exploiting user trust and attachments to trigger stealthy, multi-stage attacks. The post Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-whatsapp-malware-windows-attack/
-
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot.The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend Micro…
-
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files.The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It’s currently not known what lures the threat actors use to trick…
-
Zero-Day-Schwachstelle in abgehärteten Videokonferenz-Tool Trueconf
Check Point Research (CPR) hat eine bisher unbekannte Zero-Day-Sicherheitslücke in der Videokonferenz-Software <> aufgedeckt. Wie die Sicherheitsforscher von Check Point Software Technologies herausfanden, konnten Angreifer vertrauenswürdige, lokal installierte Software-Updates missbrauchen. Sie verbreiteten so unbemerkt Malware in mehreren südostasiatischen Behörden und Regierungsapparaten. Die Täter mussten also weder auf Phishing, also den Diebstahl von Anmeldedaten, noch auf Exploits…
-
Ethereum-Based EtherRAT, EtherHiding Power Stealthy Malware Campaigns
Hackers are abusing the Ethereum blockchain to hide and control a new Node.js backdoor called EtherRAT, using a stealthy technique known as EtherHiding to make their command”‘and”‘control (C2) infrastructure difficult to disrupt. EtherRAT, previously profiled by Sysdig and linked to North Korean “Contagious Interview” activity, is a Node.js backdoor that lets attackers run arbitrary commands,…
-
WhatsApp malware campaign uses malicious VBS files to gain persistent access
MSI as the backdoor vehicle for persistence: The final stages of the campaign lead to persistence, using Microsoft Installer (MSI) packages as the delivery mechanism for backdoors.MSI files are an effective choice as they are not usually treated as inherently suspicious and can execute custom actions during installation. In this campaign, they are used to…
-
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next.Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admin utilities to move laterally, escalate privileges, and persist without raising alarms.…
-
CrystalX Malware-as-a-Service Spreads via Telegram With Stealer, RAT Tools
Hackers are actively promoting a new malware-as-a-service (MaaS) platform called CrystalX RAT through private Telegram channels, offering cybercriminals a powerful toolkit that combines remote access, data theft, surveillance, and even prank-based disruption features. Security researchers identified the campaign in March 2026, noting that the malware is being sold under a subscription model with three pricing…
-
Alleged RedLine malware developer extradited to United States
Tags: malwareA man has appeared in federal court in Austin, Texas, after being extradited to the United States to face charges related to his alleged role as a key developer of the notorious RedLine malware. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/redline-malware-developer-extradited
-
Hackers Hijack Axios npm Package to Spread RATs
Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open”‘source maintainer’s account, researchers warn First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hackers-hijack-axios-npm-package/
-
XLoader malware Sharpens Obfuscation, Masks C2 Traffic via Decoy Servers
XLoader’s developers have released new versions that significantly harden the malware’s code and hide its command”‘and”‘control (C2) traffic behind layers of encryption and decoy servers, making analysis and detection more difficult for defenders. This article summarizes the latest obfuscation changes introduced in version 8.1 and explains how the current C2 protocol works. Formbook first appeared…
-
Malware detectors trained on one dataset often stumble on another
Machine learning models built to catch malware on Windows systems are typically evaluated on data that closely resembles their training set. In practice, the malware arriving … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/01/cross-dataset-malware-detection-research/
-
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack
Tags: ai, attack, breach, cloud, control, credentials, crypto, github, incident response, linux, LLM, macOS, malicious, malware, monitoring, open-source, openai, powershell, pypi, rat, spam, supply-chain, tool, windowspostinstall hook that would execute a dropper script when it was pulled in by a different package as a dependency.Shortly after midnight UTC on March 31 a new version of the Axios package, axios@1.14.1, was published on npm followed by axios@0.30.4 39 minutes later. Both listed plain-crypto-js@4.2.1 as a dependency in their package.json files, but…
-
Google links axios supply chain attack to North Korean group
Google Threat Intelligence Group (GTIG) joined several other researchers in attributing the attack to a North Korean threat actor they call UNC1069. SentinelOne found the same group using macOS-based malware in attacks dating back to 2023. First seen on therecord.media Jump to article: therecord.media/google-links-axios-supply-chain-attack-north-korea
-
Supply chain attack on Axios npm package: Scope, impact, and remediations
Tags: access, api, attack, breach, cloud, control, credentials, crypto, data, data-breach, defense, exploit, incident response, macOS, malicious, malware, open-source, rat, risk, security-incident, software, supply-chain, theft, threat, vulnerability, windowsThe Axios npm package has been compromised in a supply chain attack that uploaded new versions of the package containing malicious code. Any environment that downloaded these compromised Axios versions is at risk of severe data theft, including the loss of credentials and API keys. Scan your environment now. Key takeaways This incident is a…
-
North Korean hackers blamed for hijacking popular Axios open source project to spread malware
A hacker inserted malware in Axios, an open source web tool downloaded tens of millions of times weekly, in a widespread hack. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/31/hacker-hijacks-axios-open-source-project-used-by-millions-to-push-malware/
-
Attackers hijack Axios npm account to spread RAT malware
Threat actors hijacked the npm account of Axios to distribute RAT malware via malicious package updates. Threat actors compromised the npm account of Axios, a widely used library with over 100M weekly downloads, and published malicious versions to spread remote access trojans across Linux, Windows, and macOS. The supply chain attack was identified by multiple…
-
North Korean hackers blamed for hijacking popular Axios open-source project to spread malware
A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/31/hacker-hijacks-axios-open-source-project-used-by-millions-to-push-malware/
-
Latest Xloader Obfuscation Methods and Network Protocol
Tags: api, automation, breach, cloud, communications, credentials, data, detection, email, encryption, framework, google, Internet, malicious, malware, microsoft, network, password, powershell, software, threat, tool, update, windowsIntroduction Xloader is an information stealing malware family that evolved from Formbook and targets web browsers, email clients, and File Transfer Protocol (FTP) applications. Additionally, Xloader may execute arbitrary commands and download second-stage payloads on an infected system. The author of Xloader continues to update the codebase, with the most recent observed version being 8.7. Since…