Tag: malware
-
Microsoft Report Warns of AI-Powered Automation in Cyberattacks and Malware Creation
Tags: ai, automation, cyber, cyberattack, cybercrime, data, defense, incident, intelligence, malware, microsoft, phishing, vulnerabilityCybercriminals are weaponizing artificial intelligence to accelerate malware development, discover vulnerabilities faster, and create more sophisticated phishing campaigns, according to Microsoft’s latest Digital Defense Report covering trends from July 2024 through June 2025. In 80% of the cyber incidents Microsoft investigated last year, attackers sought to steal data primarily for profit rather than intelligence gathering.…
-
APT28 Deploys BeardShell and Covenant Modules via Weaponized Office Documents
Security researchers at Sekoia.io have uncovered a sophisticated cyberattack campaign orchestrated by APT28, the notorious Russian state-sponsored threat actor, targeting Ukrainian military personnel with weaponized Office documents that deliver advanced malware frameworks including BeardShell and Covenant modules. The operation represents a significant evolution in APT28’s tactics, leveraging legitimate cloud infrastructure and novel obfuscation techniques to…
-
North Korean Hackers Exploit EtherHiding to Spread Malware and Steal Crypto Assets
Tags: attack, blockchain, crypto, cyber, cybercrime, cybersecurity, exploit, hacker, malicious, malware, north-korea, technology, threatThe cybersecurity landscape has witnessed a significant evolution in attack techniques with North Korean threat actors adopting EtherHiding, a sophisticated method that leverages blockchain technology to distribute malware and facilitate cryptocurrency theft. EtherHiding represents a fundamental shift in how cybercriminals store and deliver malicious payloads by embedding malware code within smart contracts on public blockchains…
-
North Korean Hackers Exploit EtherHiding to Spread Malware and Steal Crypto Assets
Tags: attack, blockchain, crypto, cyber, cybercrime, cybersecurity, exploit, hacker, malicious, malware, north-korea, technology, threatThe cybersecurity landscape has witnessed a significant evolution in attack techniques with North Korean threat actors adopting EtherHiding, a sophisticated method that leverages blockchain technology to distribute malware and facilitate cryptocurrency theft. EtherHiding represents a fundamental shift in how cybercriminals store and deliver malicious payloads by embedding malware code within smart contracts on public blockchains…
-
Nation-state hackers deliver malware from “bulletproof” blockchains
Malicious payloads stored on Ethereum and BNB blockchains are immune to takedowns. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/10/hackers-bullet-proof-hosts-deliver-malware-from-blockchains/
-
NK’s Famous Chollima Use BeaverTail and OtterCookie Malware in Job Scam
North Korea’s Famous Chollima is back, merging BeaverTail and OtterCookie malware to target job seekers. Cisco Talos details the new threat. Keylogging, screen recording, and cryptocurrency wallet theft detected in an attack. First seen on hackread.com Jump to article: hackread.com/nk-famous-chollima-beavertail-ottercookie-malware/
-
Microsoft warns of a 32% surge in identity hacks, mainly driven by stolen passwords
Hackers are also increasingly turning to other methods to obtain credentials. Microsoft tracked surges in the use of infostealer malware by criminals and an increase of IT scams where cybercriminals call a company’s help desk and simply ask for password resets. First seen on therecord.media Jump to article: therecord.media/microsoft-warns-of-surge-identity-hacks-passwords
-
Microsoft warns of a 32% surge in identity hacks, mainly driven by stolen passwords
Hackers are also increasingly turning to other methods to obtain credentials. Microsoft tracked surges in the use of infostealer malware by criminals and an increase of IT scams where cybercriminals call a company’s help desk and simply ask for password resets. First seen on therecord.media Jump to article: therecord.media/microsoft-warns-of-surge-identity-hacks-passwords
-
NK’s Famous Chollima Use BeaverTail and OtterCookie Malware in Job Scam
North Korea’s Famous Chollima is back, merging BeaverTail and OtterCookie malware to target job seekers. Cisco Talos details the new threat. Keylogging, screen recording, and cryptocurrency wallet theft detected in an attack. First seen on hackread.com Jump to article: hackread.com/nk-famous-chollima-beavertail-ottercookie-malware/
-
North Korean hackers seen using blockchain to hide crypto-stealing malware
Google security researchers said on Thursday that they observed a Pyongyang-backed hacking group, tracked as UNC5342, deploying a method known as EtherHiding, a way of embedding malicious code inside smart contracts on decentralized networks such as Ethereum and BNB Smart Chain. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-using-blockchain-hiding-malware
-
Hackers Use Blockchain to Hide Malware in Plain Sight
Tags: attack, blockchain, google, group, hacker, hacking, intelligence, korea, malware, north-korea, threatState, Criminal Hackers Use Blockchain Technique to Evade Takedowns. Google’s Threat Intelligence Group found hacking groups like North Korea’s UNC5342 and criminal group UNC5142 using a public blockchain technique called EtherHiding to distribute malware. The method makes attacks tougher to trace, block or dismantle. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hackers-use-blockchain-to-hide-malware-in-plain-sight-a-29741
-
Hackers Use Blockchain to Hide Malware in Plain Sight
Tags: attack, blockchain, google, group, hacker, hacking, intelligence, korea, malware, north-korea, threatState, Criminal Hackers Use Blockchain Technique to Evade Takedowns. Google’s Threat Intelligence Group found hacking groups like North Korea’s UNC5342 and criminal group UNC5142 using a public blockchain technique called EtherHiding to distribute malware. The method makes attacks tougher to trace, block or dismantle. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hackers-use-blockchain-to-hide-malware-in-plain-sight-a-29741
-
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
Tags: blockchain, crypto, google, group, hacker, hacking, intelligence, korea, malware, north-korea, theft, threatA threat actor with ties to the Democratic People’s Republic of Korea (aka North Korea) has been observed leveraging the EtherHiding technique to distribute malware and enable cryptocurrency theft, marking the first time a state-sponsored hacking group has embraced the method.The activity has been attributed by Google Threat Intelligence Group (GTIG) to a threat cluster…
-
Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites
A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers such as Atomic (AMOS), Lumma, Rhadamanthys (aka RADTHIEF), and Vidar, targeting both Windows and Apple macOS systems.”UNC5142 is characterized by its use of compromised WordPress websites and ‘EtherHiding,’ a technique used…
-
Hackers Use Blockchain to Hide Malware in Plain Sight
Tags: attack, blockchain, google, group, hacker, hacking, intelligence, korea, malware, north-korea, threatState, Criminal Hackers Use Blockchain Technique to Evade Takedowns. Google’s Threat Intelligence Group found hacking groups like North Korea’s UNC5342 and criminal group UNC5142 using a public blockchain technique called EtherHiding to distribute malware. The method makes attacks tougher to trace, block or dismantle. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hackers-use-blockchain-to-hide-malware-in-plain-sight-a-29741
-
North Korean hackers use EtherHiding to hide malware on the blockchain
North Korean hackers were observed employing the ‘EtherHiding’ tactic to deliver malware, steal cryptocurrency, and perform espionage with stealth and resilience. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/
-
North Korean hackers use EtherHiding to hide malware on the blockchain
North Korean hackers were observed employing the ‘EtherHiding’ tactic to deliver malware, steal cryptocurrency, and perform espionage with stealth and resilience. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/
-
Machine learning meets malware: how AI-powered ransomware could destroy your business
How to avoid your business being felled by an AI-powered ransomware attack that costs less than a laptop. First seen on theregister.com Jump to article: www.theregister.com/2025/10/16/machine_learning_meets_malware/
-
Machine learning meets malware: how AI-powered ransomware could destroy your business
How to avoid your business being felled by an AI-powered ransomware attack that costs less than a laptop. First seen on theregister.com Jump to article: www.theregister.com/2025/10/16/machine_learning_meets_malware/
-
Phishing Alert: Fake ‘LastPass Hack’ Emails Spreading Malware
A new phishing campaign impersonating LastPass is circulating today, October 13, 2025, aiming to deceive users into downloading malicious desktop software. Emails purporting to come from “hello@lastpasspulse.blog” or “hello@lastpassgazette.blog” carry the alarming subject line “We Have Been Hacked Update Your LastPass Desktop App to Maintain Vault Security.” In reality, LastPass has not been compromised;…
-
Phishing Alert: Fake ‘LastPass Hack’ Emails Spreading Malware
A new phishing campaign impersonating LastPass is circulating today, October 13, 2025, aiming to deceive users into downloading malicious desktop software. Emails purporting to come from “hello@lastpasspulse.blog” or “hello@lastpassgazette.blog” carry the alarming subject line “We Have Been Hacked Update Your LastPass Desktop App to Maintain Vault Security.” In reality, LastPass has not been compromised;…
-
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task scheduler mechanism, all delivering a multi-stage malware payload designed to harvest sensitive intelligence from Chinese FinTech and cryptocurrency firms. Adversaries behind Operation Silk Lure…
-
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task scheduler mechanism, all delivering a multi-stage malware payload designed to harvest sensitive intelligence from Chinese FinTech and cryptocurrency firms. Adversaries behind Operation Silk Lure…
-
Qilin Ransomware Leverages Ghost Bulletproof Hosting for Global Attacks
Qilin ransomwarean increasingly prolific ransomware-as-a-service (RaaS) operationhas intensified its global extortion campaigns by exploiting a covert network of bulletproof hosting (BPH) providers. These rogue hosting services, often headquartered in secrecy-friendly jurisdictions and operated through labyrinthine shell-company structures, allow Qilin’s operators and affiliates to host malware, data leak sites, and command-and-control infrastructure with near impunity. In…
-
Mysterious Elephant APT Breach: Hackers Infiltrate Organization to Steal Sensitive Data
In a recently uncovered campaign, the Mysterious Elephant advanced persistent threat (APT) group has executed a sophisticated series of intrusions against government and foreign policy agencies across the Asia-Pacific region. The latest operations, active since early 2025, rely on custom-built malware modules and modified open-source utilities to target and siphon off documents, images, and archives…
-
Mysterious Elephant APT Breach: Hackers Infiltrate Organization to Steal Sensitive Data
In a recently uncovered campaign, the Mysterious Elephant advanced persistent threat (APT) group has executed a sophisticated series of intrusions against government and foreign policy agencies across the Asia-Pacific region. The latest operations, active since early 2025, rely on custom-built malware modules and modified open-source utilities to target and siphon off documents, images, and archives…
-
PhantomVAI Loader Launches Global Campaign to Distribute AsyncRAT, XWorm, FormBook, and DCRat
PhantomVAI Loader, a newly renamed multi-stage .NET loader tracked by Unit 42, is being used in widespread phishing campaigns to deliver a variety of information-stealing malware families. Initially identified as Katz Stealer Loader for its role in deploying the Katz Stealer infostealer, this loader now supports AsyncRAT, XWorm, FormBook and DCRat payloads through an evasive…
-
Malicious Ivanti VPN Client Sites in Google Search Deliver Malware, Users Warned
Cybersecurity researchers at Zscaler have uncovered a sophisticated malware campaign that exploits search engine optimization (SEO) poisoning to distribute a trojanized version of the Ivanti Pulse Secure VPN client, targeting unsuspecting users seeking legitimate software downloads. The Zscaler Threat Hunting team recently detected a surge in malicious activity leveraging SEO manipulation, primarily targeting Bing search…
-
PhantomVAI Loader Launches Global Campaign to Distribute AsyncRAT, XWorm, FormBook, and DCRat
PhantomVAI Loader, a newly renamed multi-stage .NET loader tracked by Unit 42, is being used in widespread phishing campaigns to deliver a variety of information-stealing malware families. Initially identified as Katz Stealer Loader for its role in deploying the Katz Stealer infostealer, this loader now supports AsyncRAT, XWorm, FormBook and DCRat payloads through an evasive…