Tag: malware

Sieben Jahre Haft: Hafen-IT gehackt, um Drogen zu schmuggeln

Jan 12, 2026 3:02 PM

Tags: malware

Ein Niederländer soll die IT mehrerer Hafenanlagen mit Malware infiziert haben, um unbemerkt Drogen zu importieren. Verschlüsselte Chats verrieten ihn. First seen on golem.de Jump to article: www.golem.de/news/sieben-jahre-haft-hafen-it-gehackt-um-drogen-zu-schmuggeln-2601-204080.html
Sprunghafter Anstieg Web-Bedrohungen legen um 82 Prozent zu, Malware-Angriffe um 28 Prozent

Jan 12, 2026 1:02 PM

Tags: cyberattack, malware, update

Blockierte schädliche URLs wachsen um 82 Prozent auf über 25 Millionen. Malware-Angriffe um 28 Prozent gestiegen. Das aktuelle Acronis Cyberthreats Update für Dezember 2025 zeigt eine deutliche Verschärfung der Cyberbedrohungslage [1]. Während die Zahl erkannter Malware-Angriffe im November 2025 um 28 Prozent zum Vormonat anstieg, erreichte auch die Zahl blockierter schädlicher URLs mit über… First…
Iran-linked MuddyWater APT deploys Rust-based implant in latest campaign

Jan 12, 2026 12:02 PM

Tags: access, apt, attack, awareness, cctv, china, communications, computer, control, defense, detection, email, encryption, endpoint, espionage, framework, government, group, india, intelligence, iran, malware, military, network, phishing, russia, rust, threat, tool, training

Rust offers evasion advantages: CloudSEK researchers said RustyWater was developed in Rust, which they said is increasingly used by malware authors for its memory safety features and cross-platform capabilities, according to the blog post. Other state-sponsored groups, including Russia’s Gossamer Bear and China-linked actors, have also deployed Rust-based malware in recent campaigns, according to security…
ValleyRAT_S2: Stealth Intrusions Aimed at Financial Data Exfiltration

Jan 12, 2026 11:01 AM

Tags: access, china, cyber, data, espionage, finance, malware, threat, tool

A sophisticated second-stage malware payload known as ValleyRAT_S2 has emerged as a critical threat to organizations across Chinese-speaking regions, including mainland China, Hong Kong, Taiwan, and Southeast Asia. This Remote Access Trojan (RAT), written in C++, is a modular, highly evasive cyber-espionage tool designed to infiltrate systems, maintain persistent access, and extract sensitive financial and…
Fake Employee Performance Reports Deliver Guloader Malware

Jan 12, 2026 9:01 AM

Tags: cyber, email, malware, phishing, rat, threat

Organizations are being warned about a new phishing campaign that weaponizes fake employee performance reports to deploy the Guloader malware and ultimately install Remcos RAT on compromised systems. In the observed cases, threat actors send phishing emails that purport to share an employee performance report for October 2025. The email body claims that management is…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79

Jan 11, 2026 1:02 PM

Tags: botnet, detection, international, malicious, malware, risk, worm

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion A Broken System Fueling Botnets Malicious NPM Packages Deliver NodeCordRAT Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil CNCERT: Risk Warning Regarding…
Cybercriminals Exploit Maduro Arrest News to Spread Backdoor Malware

Jan 10, 2026 7:01 AM

Tags: attack, backdoor, cyber, cybercrime, email, exploit, malicious, malware, phishing, social-engineering, spear-phishing, threat

Cybercriminals are leveraging reports of Venezuelan President NicolÃ¡s Maduro’s arrest on January 3, 2025, to distribute backdoor malware through a sophisticated social engineering campaign. Security researchers at Darktrace have uncovered a malicious operation that exploits this high-profile geopolitical event to compromise unsuspecting victims. Attack Method The threat actors likely used spear-phishing emails containing a ZIP…
Ghost Tapped Turns Android Phones Into Fraud Payment Relays

Jan 9, 2026 10:01 PM

Tags: android, fraud, malware, nfc, phone

Ghost Tapped is Android malware that abuses NFC to enable remote payment fraud without physical card access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ghost-tapped-turns-android-phones-into-fraud-payment-relays/
xRAT Malware Targets Windows Users via Fake Adult Game

Jan 9, 2026 7:02 PM

Tags: cyber, intelligence, malicious, malware, service, threat, windows

AhnLab Security Intelligence Center (ASEC) has uncovered a dangerous distribution campaign targeting Windows users through Korean web hard services. Threat actors are leveraging xRAT (QuasarRAT) malware, disguising it as legitimate adult game content to deceive unsuspecting users into downloading and executing malicious files. Korean webhard services have become a prime vector for malware distribution, with…
Russia’s Fancy Bear APT Doubles Down on Global Secrets Theft

Jan 9, 2026 5:01 PM

Tags: apt, group, malware, russia, theft

The notorious Russian state-sponsored group relies on basic techniques that are highly effective, often delivering greater ROI than more complex malware-heavy operations. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/russian-apt-credentials-global-targets
Notorious Russian APT Nabs Credentials From Global Targets

Jan 9, 2026 4:01 PM

Tags: apt, credentials, malware, russia

Fancy Bear relies on basic techniques that are highly effective, often delivering greater ROI than more complex malware-heavy operations. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/russian-apt-credentials-global-targets
Welche Gefahren von geparkten Domains ausgehen

Jan 9, 2026 12:01 PM

Tags: malware, software

Die Forscher selbst schreiben, dass bei groß angelegten Experimenten Besucher einer geparkten Domain in über 90 Prozent der Fälle zu illegalen Inhalten, Betrugsversuchen, Scareware und Antiviren-Software-Abonnements oder Malware weitergeleitet wurden. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/welche-gefahren-von-geparkten-domains-ausgehen/a43311/
China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

Jan 9, 2026 12:01 PM

Tags: attack, china, espionage, malware, network, threat

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…
New “Ghost Tap” Attack Hijacks Android Phones to Drain Bank Accounts

Jan 9, 2026 7:01 AM

Tags: android, attack, china, cyber, cybercrime, finance, group, malware, nfc, phone, technology, threat, unauthorized

Chinese threat actors are weaponizing NFC technology to steal funds from victims’ bank remotely accounts through sophisticated Android malware campaigns, with security researchers identifying at least $355,000 in fraudulent transactions from a single operation. Group-IB researchers have uncovered a sprawling cybercrime ecosystem centered around NFC-enabled Android applications that enable criminals to conduct unauthorized tap-to-pay transactions…
New China-linked hackers breach telcos using edge device exploits

Jan 9, 2026 1:01 AM

Tags: breach, china, exploit, hacker, linux, malware, threat

A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-china-linked-hackers-breach-telcos-using-edge-device-exploits/
Astaroth Banking Trojan Targets Brazilians via WhatsApp Messages

Jan 8, 2026 11:01 PM

Tags: banking, malware, worm

Researchers at Acronis have discovered a new campaign called Boto Cor-de-Rosa, where the Astaroth banking malware spreads like a worm through WhatsApp Web to steal contact lists and banking credentials. First seen on hackread.com Jump to article: hackread.com/astaroth-banking-trojan-brazil-whatsapp-messages/
Astaroth banking Trojan spreads in Brazil via WhatsApp worm

Jan 8, 2026 10:02 PM

Tags: banking, malicious, malware, worm

A WhatsApp worm spread the Astaroth banking trojan across Brazil by automatically sending malicious messages to victims’ contacts. Astaroth, a long-running Brazilian banking malware, has evolved in a new campaign dubbed Boto Cor-de-Rosa by abusing WhatsApp Web for propagation. The malware harvests the victim’s WhatsApp contact list and automatically sends malicious messages to each contact,…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
New DocuSign-Themed Phishing Scam Delivers Stealth Malware to Windows Devices

Jan 8, 2026 7:02 PM

Tags: access, attack, cyber, email, malware, phishing, scam, windows

New research has uncovered asophisticated phishingcampaign that abusesDocuSign’sbrand to deliver Vidar malware and infect Windows systems. The operation uses a realistic phishing site, a fake signed installer, access-code checks, andtimebasedexecution barriers to evade both users and automated analysis. DocuSign-themed phishing setup The attack starts with a targeted phishing email that pretends to come fromDocuSignand urges…
WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

Jan 8, 2026 7:02 PM

Tags: attack, banking, cybersecurity, malicious, malware, threat, windows, worm

Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil.The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit.”The malware retrieves the victim’s WhatsApp contact list and automatically sends malicious messages to each contact to further…
China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

Jan 8, 2026 5:05 PM

Tags: attack, china, espionage, linux, malware, threat

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe.The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations before initiating attacks, ultimately leading to the deployment of malware families such as RushDrop First…
KI-Agenten, Malware-Mutationen und neue Interfaces – Vier Cybertrends prägen 2026 von KI-Agenten bis Hirn-Interfaces

Jan 8, 2026 5:05 PM

Tags: ai, malware

First seen on security-insider.de Jump to article: www.security-insider.de/cybertrends-2026-ki-agenten-bci-a-cf2856d5b3cd76a04233eacb1bc6b615/
Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Jan 8, 2026 1:01 PM

Tags: cybersecurity, malicious, malware

Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT.The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.”bitcoin-main-lib (2,300 Downloads)bitcoin-lib-js (193 Downloads)bip40 (970 Downloads)”The First seen on thehackernews.com Jump…
Passwords are where PCI DSS compliance often breaks down

Jan 8, 2026 7:01 AM

Tags: compliance, credentials, login, malware, password, PCI

Most PCI DSS failures do not start with malware or a targeted attack. They start with everyday behavior. Reused passwords. Credentials stored in spreadsheets. Shared logins … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/08/passwords-pci-dds-compliance/
New GoBruteforcer attack wave targets crypto, blockchain projects

Jan 8, 2026 1:01 AM

Tags: ai, attack, blockchain, botnet, crypto, data-breach, malware

A new wave of GoBruteforcer botnet malware attacks is targeting databases of cryptocurrency and blockchain projects on exposed servers believed to be configured using AI-generated examples. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-gobruteforcer-attack-wave-targets-crypto-blockchain-projects/
IBM’s AI agent Bob easily duped to run malware, researchers show

Jan 8, 2026 12:01 AM

Tags: ai, ibm, injection, malware

Prompt injection lets risky commands slip past guardrails First seen on theregister.com Jump to article: www.theregister.com/2026/01/07/ibm_bob_vulnerability/
ToddyCat Malware Exploits ProxyLogon to Compromise Microsoft Exchange Servers

Jan 7, 2026 10:02 PM

Tags: cyber, espionage, exploit, group, malware, microsoft, risk, threat

ToddyCat, a sophisticated cyber-espionage threat group also known as Websiic and Storm-0247, has emerged as a significant risk to organizations across Europe and Asia. The group’s operations, which began in December 2020 by targeting Microsoft Exchange servers in Taiwan and Vietnam, have since evolved into complex, multi-stage campaigns that leverage advanced evasion techniques and specialized…
Windows Packer pkr_mtsi Powers Widespread Malvertising Campaigns with Multiple Malware

Jan 7, 2026 10:02 PM

Tags: cyber, malware, windows

A custom Windows packer dubbed pkr_mtsi is fueling large-scale malvertising and SEO”‘poisoning campaigns that deliver a broad range of information”‘stealing and remote”‘access malware, according to new research. First observed in the wild on April 24, 2025, the packer remains active and has continuously evolved over the past eight months, while retaining a stable behavioral core that makes it…
CrazyHunter Ransomware Targets Healthcare Sector Using Sophisticated Evasion Tactics

Jan 7, 2026 10:02 PM

Tags: cyber, cybercrime, healthcare, malware, network, ransomware, tactics, threat

A sophisticated new ransomware variant, CrazyHunter, has emerged as a critical threat to the healthcare sector, employing advanced anti-malware evasion techniques and rapid network propagation that have security researchers deeply concerned. Trellix, which has been actively tracking this threat since its initial appearance, reports that the ransomware represents a significant evolution in cybercriminal tactics targeting…