Tag: malware
-
Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse
Tags: ai, blockchain, control, exploit, infrastructure, malicious, malware, software, supply-chain, tool, updateThe evolving GlassWorm: Earlier research into the GlassWorm operation has revealed techniques such as heavy code obfuscation, the use of Unicode characters to hide malicious logic, and infrastructure that retrieves command-and-control servers through blockchain transactions, making the campaign more resilient to takedowns.The latest wave also mimics widely used developer tools to maximise installation chances. “The…
-
FBI Calls for Help to Track Steam Malware Campaign
Tags: malwareThe FBI wants to hear from gamers who have downloaded Steam titles containing malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-calls-help-track-steam-malware/
-
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo’s LAB52 threat intelligence team.The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed…
-
Advanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services
Android 17 will block non-accessibility apps from using the Accessibility API under Advanced Protection Mode to reduce malware abuse. Android 17 introduces a new security feature in Advanced Protection Mode (AAPM) that blocks apps without accessibility functions from accessing the Accessibility API. The change, first reported by Android Authority and included in Android 17 Beta…
-
IBM Discovers ‘Slopoly’ AI-Generated Malware Linked to Hive0163 Ransomware
Ransomware group Hive0163 is experimenting with a likely AI-generated malware framework, dubbed “Slopoly,” marking a visible shift toward AI-assisted tooling in attacks. While the malware itself is simple, its use shows how quickly threat actors can now generate and iterate on custom command-and-control clients using large language models (LLMs). Hive0163 is a financially motivated cluster…
-
45,000 malicious IP addresses taken down, 94 suspects arrested
An international law enforcement operation has taken down more than 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware activity. The action … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/16/interpol-operation-synergia-iii-cybercrime-infrastructure-takedown/
-
Konni Hijacks KakaoTalk Accounts in Spear-Phishing Malware Campaign
Konni APT recently ran a multi-stage malware operation that hijacked KakaoTalk accounts to spread remote access trojans (RATs) through highly targeted spear”‘phishing.”‹ The message used contextual content aligned with the victim’s role to build trust and trick them into opening an attached archive. That archive contained a malicious LNK shortcut masquerading as a document; once…
-
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API.The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week.AAPM was introduced by Google in Android 16, released last year. When enabled, it…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 88
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit From JavaScript ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered via Bincrypter-Based Loader New A0Backdoor Linked to…
-
Week in review: AiTM phishing kit used to hijack AWS accounts, year-long malware campaign targets HR
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Turning expertise into opportunity for women in cybersecurity Speaker … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/15/week-in-review-aitm-phishing-kit-used-to-hijack-aws-accounts-year-long-malware-campaign-targets-hr/
-
Interpol Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide
INTERPOL dismantled 45,000 malicious IPs and servers and arrested 94 suspects in a global cybercrime operation. INTERPOL announced a global cybercrime operation (codenamed Operation Synergia III) involving 72 countries that dismantled 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware. The international law enforcement operation led to 94 arrests, 110 ongoing investigations,…
-
GlassWorm Spreads via 72 Malicious Open VSX Extensions Hidden in Transitive Dependencies
The GlassWorm malware campaign has evolved, significantly escalating its attacks on software developers. Instead of embedding malware directly into initial releases, the threat actors are now using transitive dependencies to sneak malicious code into developer environments. This stealthy approach allows a seemingly safe package to pull in a separate, infected extension only after establishing trust.…
-
Global Authorities Take Down 45,000 Malicious IPs Used in Ransomware Campaigns
Tags: cyber, cybercrime, infrastructure, international, interpol, law, malicious, malware, phishing, ransomwareAn unprecedented international law enforcement effort has successfully dismantled a massive cybercrime network. Coordinated by INTERPOL, the initiative targeted critical infrastructure used in phishing, malware, and ransomware campaigns worldwide. Operation Synergia III Dubbed >>Operation Synergia III,<< the global crackdown took place between July 18, 2025, and January 31, 2026. The operation brought together law enforcement…
-
FBI seeks victims of Steam games used to spread malware
The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-seeks-victims-of-steam-games-used-to-spread-malware/
-
INTERPOL Operation Synergia III Shuts Down 45,000 Malicious IPs, 94 Arrested
INTERPOL’s Operation Synergia III led to 94 arrests and the takedown of 45,000 malicious IPs in 72 countries targeting phishing, malware, and fraud networks. First seen on hackread.com Jump to article: hackread.com/interpol-operation-synergia-iii-malicious-ip-94-arrest/
-
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020.Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers to cluster, and STA stands for state-backed motivation.”The activity demonstrated strategic operational patience and…
-
Even primitive AI-coded malware helps hackers move faster, thwart attribution
IBM researchers discovered an autonomously coded backdoor that they called unsophisticated but nonetheless ominous. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-ransomware-backdoor-ibm-attribution/814671/
-
The FBI is investigating malware hidden inside games hosted on Steam
Tags: malwareThe FBI believes a series of video games published on Steam in the last two years were embedded with malware by the same hacker. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/13/valve-steam-malware-games-fbi/
-
INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
Tags: cybercrime, international, interpol, law, malicious, malware, network, phishing, ransomware, threatINTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency’s ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams.The effort is part of an international law enforcement operation that involved 72 countries and…
-
Iran Claims Massive Cyber-Attack on MedTech Firm Stryker
The pro-Iran Handala group claims to have wiped 200,000 systems in destructive wiper malware attack on US firm Stryker First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-massive-wiper-attack-medtech/
-
Real-Time Banking Trojan Strikes Brazil’s Pix Users
The latest banking Trojan campaign to hit Brazil combines classic malware with a real-time human operator, waiting for the perfect moment to strike. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/real-time-banking-trojan-strikes-brazils-pix-users
-
AI-assisted Slopoly malware powers Hive0163’s ransomware campaigns
The Hive0163 group used AI-assisted malware called Slopoly to maintain persistent access in ransomware attacks. IBM X-Force researchers report that the financially motivated group Hive0163 is using AI-assisted malware named Slopoly to maintain persistent access during ransomware attacks, showing how threat actors can quickly build new malware frameworks using AI. Hive0163 is a threat actor…
-
Authorities Shut Down Proxy Service Linked to Malware Campaign Targeting Thousands of Users
A coordinated international law enforcement operation successfully dismantled SocksEscort, a massive malicious residential proxy network. Led by the U.S. Justice Department alongside several European allies, the operation disrupted a sophisticated infrastructure that compromised thousands of residential and small business routers globally. By executing seizure warrants against dozens of U.S.-registered domains, authorities effectively halted a criminal…
-
Storm-2561 Uses SEO Poisoning, Fake Signed VPN Apps to Steal Enterprise Credentials
A financially motivated threat actor tracked as Storm-2561 is running a credential theft campaign that abuses SEO poisoning and fake, signed VPN installers to steal enterprise VPN credentials. Active since May 2025, Storm-2561 continues to exploit user trust in search results, known VPN brands, and code-signing certificates to distribute malware disguised as legitimate remote access…
-
Fake Temu Coin airdrop uses ClickFix trick to install stealthy malware
A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fake-temu-coin-airdrop-uses-clickfix-trick-to-install-stealthy-malware/
-
The Cyber Express Weekly Roundup: Global Cyberattacks, Espionage, Malware, and Critical Security Updates
This week’s The Cyber Express weekly roundup highlights major cybersecurity developments affecting organizations, governments, and individuals worldwide. Key stories include destructive cyberattacks, such as system-wide wipes and targeted breaches, as well as state-backed cyber espionage targeting technology and research sectors. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/the-cyber-express-weekly-roundup-march/
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Iran War Bait Fuels TA453, TA473 Phishing Campaigns
Tags: cloud, credentials, cyber, espionage, exploit, government, iran, malware, middle-east, phishing, service, theft, threatTA453, TA473, and several emerging threat clusters are exploiting breaking news about the Iran war to run highly targeted phishing campaigns against governments and policy organizations across the Middle East and beyond. These operations blend traditional espionage with opportunistic credential theft and malware delivery, often abusing compromised government accounts and trusted cloud services to increase…
-
Proxy-Netzwerk zerschlagen: 370.000 Router und IoT-Geräte von Hackern missbraucht
Mit Socksescort haben Cyberkriminelle durch mit Malware infizierte Router und IoT-Geräte ihren Traffic verschleiert. Damit ist jetzt Schluss. First seen on golem.de Jump to article: www.golem.de/news/proxy-netzwerk-zerschlagen-370-000-router-und-iot-geraete-von-hackern-missbraucht-2603-206455.html