Tag: malware
-
Gunra Ransomware Targets Windows and Linux with Dual Encryption
The cybersecurity landscape continues to face persistent threats from emerging ransomware groups, with Gunra representing a significant concern since its emergence in April 2025. This threat actor has launched systematic attacks across multiple industries and geographic regions, including documented incidents in Korea. What makes Gunra particularly noteworthy is its dual-platform capability”, the group distributes separate…
-
CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware
Security researchers found a government hacking campaign that relies on Windows spyware developed by surveillance tech maker Memento Labs. When reached by TechCrunch, the spyware maker’s chief executive blamed a government customer for getting caught. First seen on techcrunch.com Jump to article: techcrunch.com/2025/10/28/ceo-of-spyware-maker-memento-labs-confirms-one-of-its-government-customers-was-caught-using-its-malware/
-
New Atroposia RAT Uses Hidden Remote Desktop, Vulnerability Scanning and Advanced Persistence
Tags: access, credentials, cyber, cyberattack, cybercrime, malware, marketplace, network, rat, theft, vulnerabilityA sophisticated new remote access trojan called Atroposia has emerged in underground cybercrime marketplaces, offering attackers a comprehensive toolkit for hidden remote desktop access, credential theft, and network manipulation at an accessible price point. Security researchers at Varonis recently discovered the malware being promoted on underground forums, highlighting how advanced cyberattack capabilities are increasingly packaged…
-
Atroposia malware kit lowers the bar for cybercrime, and raises the stakes for enterprise defenders
Tags: apt, authentication, automation, ciso, credentials, crime, cybercrime, defense, detection, dns, endpoint, infrastructure, mail, malicious, malware, mfa, monitoring, rat, service, spam, threat, tool, update, vulnerabilityRAT toolkits proliferating: Atroposia is one of a growing number of RAT tools targeting enterprises; Varonis has also recently discovered SpamGPT and MatrixPDF, a spam-as-a-service platform and malicious PDF builder, respectively.Shipley noted that these types of packages which identify additional avenues to maintain persistence have been around for some time; Mirai, which goes back to…
-
YouTube Ghost Network Utilizes Spooky Tactics to Target Users
The malware operation uses compromised accounts and bot networks to distribute infostealers and has tripled its output in 2025. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/youtube-ghost-network-target-users
-
Rethinking Identity Security in the Age of AI
Tags: access, ai, api, attack, authentication, automation, awareness, best-practice, breach, business, captcha, ceo, container, control, credentials, cyber, cybercrime, cybersecurity, data, deep-fake, defense, detection, email, endpoint, exploit, finance, fraud, Hardware, iam, identity, login, malware, mfa, monitoring, passkey, password, phishing, risk, risk-management, scam, threat, tool, vulnerabilityRethinking Identity Security in the Age of AI madhav Tue, 10/28/2025 – 06:35 Traditional identity protections were never designed for the age of AI. They can’t stop the lightning-fast, highly convincing identity attacks AI facilitates. There’s a reason that nearly 60% of businesses say compromised credentials are the leading cause of breaches. Data Security Marco…
-
Rethinking Identity Security in the Age of AI
Tags: access, ai, api, attack, authentication, automation, awareness, best-practice, breach, business, captcha, ceo, container, control, credentials, cyber, cybercrime, cybersecurity, data, deep-fake, defense, detection, email, endpoint, exploit, finance, fraud, Hardware, iam, identity, login, malware, mfa, monitoring, passkey, password, phishing, risk, risk-management, scam, threat, tool, vulnerabilityRethinking Identity Security in the Age of AI madhav Tue, 10/28/2025 – 06:35 Traditional identity protections were never designed for the age of AI. They can’t stop the lightning-fast, highly convincing identity attacks AI facilitates. There’s a reason that nearly 60% of businesses say compromised credentials are the leading cause of breaches. Data Security Marco…
-
Researchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware Chains
Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire.According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called…
-
New Android malware mimics human typing to evade detection, steal money
New Android malware tries to “humanize” the actions attackers perform during remote control. First seen on therecord.media Jump to article: therecord.media/android-malware-mimics-humans-avoid-detection
-
Critical Microsoft WSUS Security Flaw is Being Actively Exploited
A critical security flaw in Microsoft’s WSUS feature is being actively exploited in the wild by threat actors who could gain access into unpatched servers, remotely control networks, and use them to deliver malware or do other damage. Microsoft is urging organizations to apply a patch to their systems. First seen on securityboulevard.com Jump to…
-
Critical Microsoft WSUS Security Flaw is Being Actively Exploited
A critical security flaw in Microsoft’s WSUS feature is being actively exploited in the wild by threat actors who could gain access into unpatched servers, remotely control networks, and use them to deliver malware or do other damage. Microsoft is urging organizations to apply a patch to their systems. First seen on securityboulevard.com Jump to…
-
RedTiger Malware Steals Data, Discord Tokens and Even Webcam Images
A new Python-based infostealer called RedTiger is targeting Discord gamers to steal authentication tokens, passwords, and payment information. Learn how the malware works, its evasion tactics, and essential security steps like enabling MFA. First seen on hackread.com Jump to article: hackread.com/redtiger-malware-discord-tokens-webcam-images/
-
Herodotus: New Android Malware Mimics Human Behavior to Bypass Biometric Security
A sophisticated new Android banking Trojan named Herodotus has emerged as a significant threat to mobile users, introducing a novel approach that deliberately mimics human typing patterns to evade behavioral biometrics detection systems. The malware’s sophisticated approach to avoiding detection marks it apart from conventional banking Trojans, incorporating randomized time intervals between text inputs”, ranging…
-
New Herodotus Android malware fakes human typing to avoid detection
A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-herodotus-android-malware-fakes-human-typing-to-avoid-detection/
-
New Atroposia malware comes with a local vulnerability scanner
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-atroposia-malware-comes-with-a-local-vulnerability-scanner/
-
New Herodotus Android malware fakes human typing to avoid detection
A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-herodotus-android-malware-fakes-human-typing-to-avoid-detection/
-
New Phishing Attack Using Invisible Characters Hidden in Subject Line Using MIME Encoding
Security researchers have discovered a sophisticated phishing technique that weaponizes invisible Unicode characters embedded within email subject lines using MIME encoding”, a tactic that remains largely unknown among email security professionals. The discovery reveals how attackers are evolving their evasion methods to bypass automated filtering systems while maintaining complete readability to end users. During routine…
-
New Phishing Attack Using Invisible Characters Hidden in Subject Line Using MIME Encoding
Security researchers have discovered a sophisticated phishing technique that weaponizes invisible Unicode characters embedded within email subject lines using MIME encoding”, a tactic that remains largely unknown among email security professionals. The discovery reveals how attackers are evolving their evasion methods to bypass automated filtering systems while maintaining complete readability to end users. During routine…
-
Attackers Sell Turnkey Remote Access Trojan ‘Atroposia’
Atroposia, a new RAT malware, offers low-level cybercriminal affiliates the ability to utilize sophisticated stealth and persistence capabilities. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/attackers-sell-turnkey-remote-access-trojan-atroposia
-
Attackers Sell Turnkey Remote Access Trojan ‘Atroposia’
Atroposia, a new RAT malware, offers low-level cybercriminal affiliates the ability to utilize sophisticated stealth and persistence capabilities. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/attackers-sell-turnkey-remote-access-trojan-atroposia
-
New Atroposia malware comes with a local vulnerability scanner
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-atroposia-malware-comes-with-a-local-vulnerability-scanner/
-
Anivia Stealer Peddled on Dark Web with UAC Bypass
A newly advertised information-stealing malware called Anivia Stealer has surfaced on the dark web, with threat actor ZeroTrace aggressively promoting the C++17-based infostealer as a commercial malware-as-a-service offering. The malware implements sophisticated privilege escalation capabilities, including automatic User Account Control (UAC) bypass functionality, making it a significant threat to Windows-based systems across multiple operating system…
-
Anivia Stealer Peddled on Dark Web with UAC Bypass
A newly advertised information-stealing malware called Anivia Stealer has surfaced on the dark web, with threat actor ZeroTrace aggressively promoting the C++17-based infostealer as a commercial malware-as-a-service offering. The malware implements sophisticated privilege escalation capabilities, including automatic User Account Control (UAC) bypass functionality, making it a significant threat to Windows-based systems across multiple operating system…
-
‘Herodotus’ Android Trojan Mimics Human Sluggishness
Trojan Poised for Use in Campaigns Across the Globe. Android malware advertised as Herodotus on cybercrime forums injects a randomized pause of up to three seconds whenever a hacker bypasses the keyboard on an infected device to enter account credentials. Systems that rely on indicators such as input timing may wave through the transaction. First…
-
‘Herodotus’ Android Trojan Mimics Human Sluggishness
Trojan Poised for Use in Campaigns Across the Globe. Android malware advertised as Herodotus on cybercrime forums injects a randomized pause of up to three seconds whenever a hacker bypasses the keyboard on an infected device to enter account credentials. Systems that rely on indicators such as input timing may wave through the transaction. First…
-
New GhostGrab Android Malware Silently Steals Banking Login Details and Intercept SMS for OTPs
A sophisticated new Android malware family called GhostGrab is actively targeting mobile users with a dual-monetization strategy that combines covert cryptocurrency mining with comprehensive financial data theft. GhostGrab functions as a multifaceted threat that systematically harvests banking credentials, debit card details, personal identification information, and one-time passwords through SMS interception. According to analysis by CYFIRMA,…
-
Water Saci Hackers Use WhatsApp to Deploy Persistent SORVEPOTEL Malware
Trend Micro Research has identified a significant evolution in the aggressive Water Saci malware campaign, revealing a new infection chain that abandons traditional .NET-based delivery methods in favor of sophisticated script-driven techniques. On October 8, 2025, researchers discovered file downloads originating from WhatsApp Web sessions that utilize Visual Basic Script downloaders and PowerShell scripts to…
-
Water Saci Hackers Use WhatsApp to Deploy Persistent SORVEPOTEL Malware
Trend Micro Research has identified a significant evolution in the aggressive Water Saci malware campaign, revealing a new infection chain that abandons traditional .NET-based delivery methods in favor of sophisticated script-driven techniques. On October 8, 2025, researchers discovered file downloads originating from WhatsApp Web sessions that utilize Visual Basic Script downloaders and PowerShell scripts to…
-
Beware of Free Video Game Cheats that Deliver Infostealer Malwares
The competitive gaming landscape has become a breeding ground for cybercriminals who exploit players’ desire to gain an unfair advantage. While major esports tournaments like last year’s CS2 PGL Major in Copenhagen boast prize pools reaching $1.25 million, the temptation to cheat extends far beyond professional competition. The industry noted one of its most notorious…
-
Süßes oder Scam Halloween ist eine Zeit für saisonalen Internetbetrug
Deutschland auf Rang Zwei als Zielland für Spambetrug. Fünf Prozent des Spams stammen aus Deutschland. 63 Prozent des Spams mit Halloween-Bezug sind bösartig und beabsichtigen, Malware zu implementieren oder Zugangsdaten oder Geld zu stehlen. Die Bitdefender Labs haben anhand ihrer Telemetrie in der Zeit vom 15. September bis zum 15. Oktober einen globalen Anstieg von… First…