Tag: malware
-
New China-linked hackers breach telcos using edge device exploits
A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-china-linked-hackers-breach-telcos-using-edge-device-exploits/
-
Astaroth Banking Trojan Targets Brazilians via WhatsApp Messages
Researchers at Acronis have discovered a new campaign called Boto Cor-de-Rosa, where the Astaroth banking malware spreads like a worm through WhatsApp Web to steal contact lists and banking credentials. First seen on hackread.com Jump to article: hackread.com/astaroth-banking-trojan-brazil-whatsapp-messages/
-
Astaroth banking Trojan spreads in Brazil via WhatsApp worm
A WhatsApp worm spread the Astaroth banking trojan across Brazil by automatically sending malicious messages to victims’ contacts. Astaroth, a long-running Brazilian banking malware, has evolved in a new campaign dubbed Boto Cor-de-Rosa by abusing WhatsApp Web for propagation. The malware harvests the victim’s WhatsApp contact list and automatically sends malicious messages to each contact,…
-
New DocuSign-Themed Phishing Scam Delivers Stealth Malware to Windows Devices
New research has uncovered asophisticated phishingcampaign that abusesDocuSign’sbrand to deliver Vidar malware and infect Windows systems. The operation uses a realistic phishing site, a fake signed installer, access-code checks, andtimebasedexecution barriers to evade both users and automated analysis. DocuSign-themed phishing setup The attack starts with a targeted phishing email that pretends to come fromDocuSignand urges…
-
WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging
Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil.The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit.”The malware retrieves the victim’s WhatsApp contact list and automatically sends malicious messages to each contact to further…
-
China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes
A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe.The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations before initiating attacks, ultimately leading to the deployment of malware families such as RushDrop First…
-
KI-Agenten, Malware-Mutationen und neue Interfaces – Vier Cybertrends prägen 2026 von KI-Agenten bis Hirn-Interfaces
First seen on security-insider.de Jump to article: www.security-insider.de/cybertrends-2026-ki-agenten-bci-a-cf2856d5b3cd76a04233eacb1bc6b615/
-
Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages
Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT.The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.”bitcoin-main-lib (2,300 Downloads)bitcoin-lib-js (193 Downloads)bip40 (970 Downloads)”The First seen on thehackernews.com Jump…
-
Passwords are where PCI DSS compliance often breaks down
Most PCI DSS failures do not start with malware or a targeted attack. They start with everyday behavior. Reused passwords. Credentials stored in spreadsheets. Shared logins … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/08/passwords-pci-dds-compliance/
-
New GoBruteforcer attack wave targets crypto, blockchain projects
A new wave of GoBruteforcer botnet malware attacks is targeting databases of cryptocurrency and blockchain projects on exposed servers believed to be configured using AI-generated examples. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-gobruteforcer-attack-wave-targets-crypto-blockchain-projects/
-
IBM’s AI agent Bob easily duped to run malware, researchers show
Prompt injection lets risky commands slip past guardrails First seen on theregister.com Jump to article: www.theregister.com/2026/01/07/ibm_bob_vulnerability/
-
ToddyCat Malware Exploits ProxyLogon to Compromise Microsoft Exchange Servers
ToddyCat, a sophisticated cyber-espionage threat group also known as Websiic and Storm-0247, has emerged as a significant risk to organizations across Europe and Asia. The group’s operations, which began in December 2020 by targeting Microsoft Exchange servers in Taiwan and Vietnam, have since evolved into complex, multi-stage campaigns that leverage advanced evasion techniques and specialized…
-
Windows Packer pkr_mtsi Powers Widespread Malvertising Campaigns with Multiple Malware
A custom Windows packer dubbed pkr_mtsi is fueling large-scale malvertising and SEO”‘poisoning campaigns that deliver a broad range of information”‘stealing and remote”‘access malware, according to new research. First observed in the wild on April 24, 2025, the packer remains active and has continuously evolved over the past eight months, while retaining a stable behavioral core that makes it…
-
CrazyHunter Ransomware Targets Healthcare Sector Using Sophisticated Evasion Tactics
A sophisticated new ransomware variant, CrazyHunter, has emerged as a critical threat to the healthcare sector, employing advanced anti-malware evasion techniques and rapid network propagation that have security researchers deeply concerned. Trellix, which has been actively tracking this threat since its initial appearance, reports that the ransomware represents a significant evolution in cybercriminal tactics targeting…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches
A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data.According to a report published by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) and…
-
Versatile Malware Loader pkr_mtsi Delivers Diverse Payloads
Malicious Windows packer named pkr_mtsi used as a flexible malware loader in malvertising campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-loader-pkrmtsi-payloads/
-
Botnetze in Deutschland: BSI meldet Millionen von Malware-Aktivitäten an Provider
Das Cert-Bund des BSI hat im vergangenen Jahr in Deutschland täglich über 66.000 Malware-Aktivitäten erfasst. Provider sind informiert worden. First seen on golem.de Jump to article: www.golem.de/news/cert-bund-24-3-millionen-malware-meldungen-an-deutsche-provider-2601-203895.html
-
Cert-Bund: 24,3 Millionen Malware-Meldungen an deutsche Provider
Das Cert-Bund des BSI hat im vergangenen Jahr in Deutschland täglich über 66.000 Malware-Aktivitäten erfasst. Provider sind informiert worden. First seen on golem.de Jump to article: www.golem.de/news/cert-bund-24-3-millionen-malware-meldungen-an-deutsche-provider-2601-203895.html
-
Cert-Bund: 24,3 Millionen Malware-Meldungen an deutsche Provider
Das Cert-Bund des BSI hat im vergangenen Jahr in Deutschland täglich über 66.000 Malware-Aktivitäten erfasst. Provider sind informiert worden. First seen on golem.de Jump to article: www.golem.de/news/cert-bund-24-3-millionen-malware-meldungen-an-deutsche-provider-2601-203895.html
-
Cursor, Windsurf und Co.: Vibe-Coding-Tools können Usern Malware empfehlen
First seen on t3n.de Jump to article: t3n.de/news/cursor-windsurf-vibe-coding-tools-empfehlen-usern-malware-1724004/
-
Missing MFA Strikes Again: Hacker Hits Collaboration Tools
Terabytes of Data Stolen From Cloud-Based Collaboration Tools, Researchers Warn. Dozens of organizations that use real-time content collaboration platforms appear to have lost not only credentials but also terabytes of hosted data to information-stealing malware being wielded by an initial access broker with a sideline in auctioning large volumes of stolen data. First seen on…
-
Kimwolf Android botnet abuses residential proxies to infect internal devices
The Kimwolf botnet, an Android variant of the Aisuru malware, has grown to more than two million hosts, most of them infected by exploiting vulnerabilities in residential proxy networks to target devices on internal networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kimwolf-android-botnet-abuses-residential-proxies-to-infect-internal-devices/