Tag: malware
-
Evasive Panda APT: Malware Delivery via AitM and DNS Poisoning
Evasive Panda, a sophisticated threat actor known by the aliases Bronze Highland, Daggerfly, and StormBamboo, has escalated its offensive capabilities through a two-year campaign that has deployed advanced attack techniques,, including adversary-in-the-middle (AitM) attacks and DNS poisoning. According to June 2025 research, the group maintained persistent operations between November 2022 and November 2024, targeting victims…
-
NtKiller Malware Advertised on Dark Web With Claims of Antivirus and EDR Bypass
A new and sophisticated defensive evasion tool dubbed >>NtKillerAlphaGhoul.
-
Webrat turns GitHub PoCs into a malware trap
The malicious payload and behavior: Beneath the polished README, the attackers dumped a password-protected ZIP linked in the repository. The archive password was hidden in file names, something easily missable by unsuspecting eyes. Inside, the key components include a decoy DLL, a batch file to launch the malware, and the primary executable (like rasmanesc.exe) capable…
-
Interpol sweep takes down cybercrooks in 19 countries
Tags: access, antivirus, attack, botnet, business, china, cyber, cyberattack, cybercrime, cybersecurity, data, defense, email, encryption, finance, fraud, group, incident response, infrastructure, intelligence, international, interpol, law, malicious, malware, microsoft, ransomware, russia, scam, service, theft, threatA ‘very good thing’: The fact that the same operation broke ransomware operations and a business email compromise (BEC) operation is “unique,” said DiMaggio, because most people think of Africa as the source of BEC and fraud scams.The fact that authorities are working to disrupt ransomware operations in Africa before they grow to the size…
-
>>Casting Call<< for Malware: APT37 Poses as TV Writers to Hack Targets
Tags: malwareThe post >>Casting Call
-
Indian Tax Phishing Campaign Delivers Persistent RAT Malware
A tax-themed phishing campaign is impersonating India’s Income Tax Department to deliver persistent RAT malware to businesses. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/indian-tax-phishing-campaign-delivers-persistent-rat-malware/
-
Indian Tax Phishing Campaign Delivers Persistent RAT Malware
A tax-themed phishing campaign is impersonating India’s Income Tax Department to deliver persistent RAT malware to businesses. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/indian-tax-phishing-campaign-delivers-persistent-rat-malware/
-
WebRAT malware spread via fake vulnerability exploits on GitHub
The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webrat-malware-spread-via-fake-vulnerability-exploits-on-github/
-
Reworked MacSync Stealer Adopts Quieter Installation Process
A newly discovered macOS malware mimics legitimate apps code-signed and notarized by Apple First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/signed-variant-macsync-stealer/
-
Uzbek Users Under Attack by Android SMS-Stealers
Telegram users in Uzbekistan are being targeted with Android SMS-stealer malware, and what’s worse, the attackers are improving their methods. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/uzbek-users-android-sms-stealers
-
Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits
Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/23/fake-poc-exploits-webrat-malware/
-
Indian Income TaxLure Campaign Deploying Multi-Stage Malware Against Businesses
Tax-themed phishing campaigns have intensified in recent months, capitalizing on the heightened awareness surrounding India’s Income Tax Return (ITR) filing season. Public discussions about refund timelines and compliance deadlines create an ideal backdrop for attackers to craft credible lures. Recent analysis of emails impersonating the Indian Income Tax Department reveals a sophisticated operation far more…
-
MacSync Stealer Malware Targets macOS Users Through Digitally Signed Apps
Jamf Threat Labs has uncovered a new MacSync Stealer campaign that significantly raises the bar for macOS malware delivery by abusing Apple’s own trust mechanisms. The latest variant is delivered as a fully code”‘signed and notarized Swift application, allowing it to masquerade as legitimate software while executing a stealthy, multi”‘stage infostealing routine in the background.…
-
Malicious NPM Package Hits 56K Downloads, Steals WhatsApp Messages
A sophisticated malware campaign has compromised the npm registry through a malicious package that perfectly mimics legitimate WhatsApp API functionality while silently exfiltrating authentication credentials, messages, contacts, and media files from unsuspecting developers. The lotusbail package, addressed over 56,000 times during its six-month presence on npm, represents a dangerous evolution in supply chain attacks where…
-
WhatsApp API worked exactly as promised, and stole everything
Tags: access, api, attack, backdoor, encryption, endpoint, github, malicious, malware, metric, monitoring, supply-chain, threat, tool, updateBackdoor sticks around even after package removal: Koi said the most significant component of the attack was its persistence. WhatsApp allows users to link multiple devices to a single account through a pairing process involving an 8-character code. The malicious lotusbail package hijacked this mechanism by embedding a hardcoded pairing code that effectively added the…
-
Wenn jeder Zugang ein Risiko ist: Insider-Bedrohungen im Zeitalter der Cloud
Das wirft eine entscheidende Frage auf: Wenn ein Gerät durch Malware übernommen wird und der Angreifer dieselben Rechte wie ein legitimer User hat, ist das dann ein Insider-Angriff? Aus Sicht des Zugriffs eindeutig ja. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-jeder-zugang-ein-risiko-ist-insider-bedrohungen-im-zeitalter-der-cloud/a43259/
-
Iranian >>Prince of Persia<< APT Resurfaces with Telegram-Controlled Stealth Malware
The post Iranian >>Prince of Persia
-
DIG AI: A Dark Web AI Powering Cybercrime and Extremism
DIG AI is an uncensored Dark Web AI that allows cybercriminals to scale malware, fraud, and illicit content creation. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/dig-ai-a-dark-web-ai-powering-cybercrime-and-extremism/
-
New MacSync malware dropper evades macOS Gatekeeper checks
The latest variant of the MacSync information stealer targeting macOS systems is delivered through a digitally signed, notarized Swift application. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-macsync-malware-dropper-evades-macos-gatekeeper-checks/
-
Uzbek Users Under Attack by Android SMS Stealers
Telegram users in Uzbekistan are being targeted with Android SMS stealer malware, and what’s worse, the attackers are improving their methods. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/uzbek-users-android-sms-stealers
-
CISA warns of continued threat activity linked to Brickstorm malware
Officials provided additional evidence showing its ability to maintain persistence and evade defenses. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-warns-of-continued-threat-activity-linked-to-brickstorm-malware/808499/
-
Frogblight Malware Targets Android Users With Fake Court and Aid Apps
Kaspersky warns of ‘Frogblight,’ a new Android malware draining bank accounts in Turkiye. Learn how this ‘court case’ scam steals your data and how to stay safe. First seen on hackread.com Jump to article: hackread.com/frogblight-malware-android-fake-court-aid-apps/
-
Stealka Stealer: Fake-Roblox-Mods und Cheats plündern Krypto-Wallets
Stealka Stealer ist eine neue Windows-Malware, die sich als Roblox-Mod oder Cheat tarnt und Browserdaten sowie Krypto-Wallets plündert. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/malware/stealka-stealer-fake-roblox-mods-und-cheats-pluendern-krypto-wallets-324529.html
-
Arcane Werewolf Hacker Group Expands Arsenal with Loki 2.1 Malware Toolkit
The cyber espionage group known as Arcane Werewolf (also tracked as Mythic Likho) has significantly upgraded its offensive capabilities, targeting Russian manufacturing enterprises with a new iteration of its custom malware. According to a report by BI.ZONE Threat Intelligence: campaigns observed in October and November 2025 reveal that the group has transitioned from the Loki…
-
Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan.”Previously, users received ‘pure’ Trojan APKs that acted as malware immediately upon installation,” Group-IB said in an analysis published last week. “Now, adversaries increasingly deploy First seen on…
-
Podcast: Die IT-Tops und -Flops 2025
Tags: ai, cio, jobs, malware, microsoft, nis-2, open-source, ransomware, software, vulnerability-managementDie Redaktion von Computerwoche, CIO und CSO sieht das IT-Jahr 2025 mit gemischten Gefühlen zu Ende gehen.Ein turbulentes Jahr 2025 neigt sich dem Ende zu. Es war geprägt von wirtschaftlicher Unsicherheit, geopolitischen Spannungen und dem ungebremsten Siegeszug der Künstlichen Intelligenz. Grund genug für die Redaktion von Computerwoche, CIO und CSO, in der letzten TechTalk-Podcast-Folge des…