Tag: malware
-
Researchers expose large-scale YouTube malware distribution network
Check Point researchers have uncovered, mapped and helped set back a stealthy, large-scale malware distribution operation on YouTube they dubbed the >>YouTube Ghost … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/23/youtube-malware-distribution-network-ghost/
-
Google nukes 3,000 YouTube videos that sowed malware disguised as cracked software
Check Point helps exorcise vast ‘Ghost Network’ that used fake tutorials to push infostealers First seen on theregister.com Jump to article: www.theregister.com/2025/10/23/youtube_ghost_network_malware/
-
Caminho Malware Loader Conceals .NET Payloads inside Images via LSB Steganography
Cybersecurity researchers at Arctic Wolf Labs have uncovered a cunning new threat dubbed Caminho, a Brazilian Loader-as-a-Service (LaaS) that’s turning everyday images into Trojan horses for malware. Active since March 2025 and evolved rapidly by June, this operation hides .NET payloads using Least Significant Bit (LSB) steganography inside files hosted on trusted sites like archive.org.…
-
Caminho Malware Loader Conceals .NET Payloads inside Images via LSB Steganography
Cybersecurity researchers at Arctic Wolf Labs have uncovered a cunning new threat dubbed Caminho, a Brazilian Loader-as-a-Service (LaaS) that’s turning everyday images into Trojan horses for malware. Active since March 2025 and evolved rapidly by June, this operation hides .NET payloads using Least Significant Bit (LSB) steganography inside files hosted on trusted sites like archive.org.…
-
Microsoft stoppt Ransomware-Angriffe auf Teams-Nutzer
Eine Ransomware-Bande hat gefälschte MS Teams-Installationsprogramme verwendet, um Nutzer anzugreifen.Durch die zunehmende Verbreitung von Remote-Work geraten Collaboration-Tools immer wieder in das Visier von Cyberkriminellen. Microsoft entdeckte vor kurzem eine Angriffskampagne der Ransomware-Bande Vanilla Tempest, die auf gefälschten Teams-Installationsprogrammen basiert. Die Angreifer verwendeten dazu imitierte MSTeamsSetup.exe-Dateien, die auf bösartigen Domains gehostet wurden. Ziel war es, ahnungslose…
-
Phishing campaign across Mideast, North Africa is attributed to Iranian group
The well-known Iranian cyber-espionage operation tracked as MuddyWater spread backdoor malware in recent months through a compromised email account, researchers said. First seen on therecord.media Jump to article: therecord.media/iran-muddywater-phishing-campaign-north-africa-middle-east
-
Russian Hackers Pivot Fast With New “ROBOT” Malware Chain
Russian hackers launched a new “ROBOT” malware chain after LOSTKEYS was exposed. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/russian-hackers-pivot-fast-with-new-robot-malware-chain/
-
Stealthy Malware Leveraging Variable Functions and Cookies for Evasion
Cybersecurity researchers at Wordfence Threat Intelligence and their Care and Response teams have observed a persistent trend in new malware that leverages heavy obfuscation techniques to evade detection. While some malware attempts to blend in as legitimate files, the more common strategy involves sophisticated obfuscation through variable functions and cookie manipulation. This article explores this…
-
Stealthy Malware Leveraging Variable Functions and Cookies for Evasion
Cybersecurity researchers at Wordfence Threat Intelligence and their Care and Response teams have observed a persistent trend in new malware that leverages heavy obfuscation techniques to evade detection. While some malware attempts to blend in as legitimate files, the more common strategy involves sophisticated obfuscation through variable functions and cookie manipulation. This article explores this…
-
Stealthy Malware Leveraging Variable Functions and Cookies for Evasion
Cybersecurity researchers at Wordfence Threat Intelligence and their Care and Response teams have observed a persistent trend in new malware that leverages heavy obfuscation techniques to evade detection. While some malware attempts to blend in as legitimate files, the more common strategy involves sophisticated obfuscation through variable functions and cookie manipulation. This article explores this…
-
Verborgene Angriffe nehmen zu: Verschlüsselte Malware auf dem Vormarsch
Cyberkriminelle werden immer raffinierter und verschleiern ihre Aktivitäten zunehmend hinter sicheren Verbindungen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/verborgene-angriffe-verschluesselte-malware
-
GlassWorm Malware Targets Developers Through OpenVSX Marketplace
GlassWorm, a self-propagating malware, infects VS Code extensions through the OpenVSX marketplace, stealing credentials and using blockchain for control. First seen on hackread.com Jump to article: hackread.com/glassworm-malware-developers-openvsx-marketplace/
-
This ‘Privacy Browser’ Has Dangerous Hidden Features
The Universe Browser is believed to have been downloaded millions of times. But researchers say it behaves like malware and has links to Asia’s booming cybercrime and illegal gambling networks. First seen on wired.com Jump to article: www.wired.com/story/universe-browser-malware-gambling-networks/
-
New Python-Based RAT Disguised as Minecraft App Steals Sensitive User Data
Threat researchers at Netskope have uncovered a sophisticated new Remote Access Trojan (RAT) written in Python that masquerades as >>Nursultan Client,
-
This ‘Privacy Browser’ Has Dangerous Hidden Features
The Universe Browser is believed to have been downloaded millions of times. But researchers say it behaves like malware and has links to Asia’s booming cybercrime and illegal gambling networks. First seen on wired.com Jump to article: www.wired.com/story/universe-browser-malware-gambling-networks/
-
SideWinder Leverages ClickOnce Installer to Deliver StealerBot Malware
The notorious SideWinder advanced persistent threat (APT) group has evolved its cyber espionage tactics with a sophisticated new attack method, combining PDF lures with ClickOnce technology to deploy StealerBot malware against diplomatic targets across South Asia. SideWinder orchestrated a carefully planned phishing operation throughout 2025, deploying customized lures designed for specific diplomatic institutions. The campaign’s…
-
SideWinder Leverages ClickOnce Installer to Deliver StealerBot Malware
The notorious SideWinder advanced persistent threat (APT) group has evolved its cyber espionage tactics with a sophisticated new attack method, combining PDF lures with ClickOnce technology to deploy StealerBot malware against diplomatic targets across South Asia. SideWinder orchestrated a carefully planned phishing operation throughout 2025, deploying customized lures designed for specific diplomatic institutions. The campaign’s…
-
New Malware Toolkit from MuddyWater Delivers Phoenix Backdoor to Global Targets
Group-IB Threat Intelligence has uncovered a sophisticated phishing campaign orchestrated by the Iran-linked Advanced Persistent Threat group MuddyWater, targeting international organizations worldwide to gather foreign intelligence. The campaign demonstrates the threat actor’s evolving tactics and enhanced operational maturity in exploiting trusted communication channels to infiltrate high-value targets. MuddyWater launched the operation by accessing a compromised…
-
PhantomCaptcha RAT Uses Weaponized PDFs and “ClickFix” Cloudflare CAPTCHA Pages to Deliver Malware
A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare captcha pages to deploy a custom remote access trojan. The PhantomCaptcha campaign, launched on October 8th, 2025, specifically targeted individual members of the International Committee of the Red Cross, United Nations Children’s Fund (UNICEF) Ukraine…
-
PhantomCaptcha RAT Uses Weaponized PDFs and “ClickFix” Cloudflare CAPTCHA Pages to Deliver Malware
A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare captcha pages to deploy a custom remote access trojan. The PhantomCaptcha campaign, launched on October 8th, 2025, specifically targeted individual members of the International Committee of the Red Cross, United Nations Children’s Fund (UNICEF) Ukraine…
-
Russia’s Coldriver Ramps Up Malware Development After LostKeys Exposure
Google threat researchers in May publicized the Russian-based threat group Coldriver’s LostKeys credential-stealing malware. However, five days later, the bad actors launched three new malware families that they developed rapidly and used aggressively in their campaigns. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/russias-coldriver-ramps-up-malware-development-after-lostkeys-exposure/
-
Russia’s Coldriver Ramps Up Malware Development After LostKeys Exposure
Google threat researchers in May publicized the Russian-based threat group Coldriver’s LostKeys credential-stealing malware. However, five days later, the bad actors launched three new malware families that they developed rapidly and used aggressively in their campaigns. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/russias-coldriver-ramps-up-malware-development-after-lostkeys-exposure/
-
Cybercriminals turn on each other: the story of Lumma Stealer’s collapse
Normally when we write about a malware operation being disrupted, it’s because it has been shut down by law enforcement. But in the case of Lumma Stealer, a notorious malware-as-a-service (MaaS) operation used to steal passwords and sensitive data, it appears to have been sabotaged by other cybercriminals. First seen on fortra.com Jump to article:…
-
Rival Hackers Dox Alleged Operators of Lumma Stealer
Rival hackers expose the alleged operators behind Lumma Stealer, a major data-theft malware, causing leaks and internal chaos that have slowed its growth. First seen on hackread.com Jump to article: hackread.com/rival-hackers-dox-lumma-stealer-operators/
-
40 Prozent mehr Evasive-Malware über verschlüsselte Verbindungen
Der Anstieg von schwer zu erkennender, hochentwickelter Malware um 40 Prozent ist sicher eines der prägnantesten Ergebnisse des aktuellen Internet-Security-Reports von Watchguard Technologies. In der vierteljährlich erscheinenden Analyse listen die Forscher des Watchguard-Threat-Labs regelmäßig und detailliert die wichtigsten Malware-Trends sowie Netzwerk- und Endpunkt-Bedrohungen auf. In der gerade veröffentlichten Auswertung für das zweite Quartal 2025 fällt erneut…
-
SocGholish Malware Using Compromised Sites to Deliver Ransomware
New research on SocGholish (FakeUpdates) reveals how this MaaS platform is used by threat actors like Evil Corp and RansomHub to compromise websites, steal data, and launch high-impact attacks on healthcare and businesses worldwide. First seen on hackread.com Jump to article: hackread.com/socgholish-malware-compromised-sites-ransomware/
-
‘I am not a robot’: Russian hackers use fake CAPTCHA lures to deploy espionage tools
Tags: access, attack, authentication, awareness, captcha, ceo, communications, control, credentials, cyber, cybersecurity, data, defense, detection, edr, email, endpoint, espionage, exploit, group, hacker, incident response, least-privilege, login, malicious, malware, mfa, monitoring, network, phishing, powershell, russia, strategy, tactics, theft, threat, tool, training, update, vulnerability, vulnerability-management, zero-trustEvolving tactics and strategies: Analysts said ColdRiver, which for years focused on credential theft and email account compromise, is shifting toward multi-stage intrusions that rely on users to execute malicious code.By using ClickFix pages that mimic CAPTCHA verification screens, the group can bypass email security filters and deliver malware directly to victims’ devices, increasing the…
-
SharkStealer Adopts EtherHiding Technique for C2 Communication Evasion
SharkStealer, a Golang-based information stealer, has been observed leveraging the Binance Smart Chain (BSC) Testnet as a covert dead-drop mechanism for command-and-control (C2) communications. By adopting an “EtherHiding” pattern, the malware retrieves encrypted C2 details from smart contracts through Ethereum RPC calls, decrypts the payload in memory, and initiates contact”, all while blending in with…
-
Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky.The cyber espionage activity was first flagged by the Russian cybersecurity vendor in November 2024, when it disclosed a set of attacks aimed at government entities in Latin America and…
-
Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky.The cyber espionage activity was first flagged by the Russian cybersecurity vendor in November 2024, when it disclosed a set of attacks aimed at government entities in Latin America and…