Tag: malware
-
Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan.”Previously, users received ‘pure’ Trojan APKs that acted as malware immediately upon installation,” Group-IB said in an analysis published last week. “Now, adversaries increasingly deploy First seen on…
-
Podcast: Die IT-Tops und -Flops 2025
Tags: ai, cio, jobs, malware, microsoft, nis-2, open-source, ransomware, software, vulnerability-managementDie Redaktion von Computerwoche, CIO und CSO sieht das IT-Jahr 2025 mit gemischten Gefühlen zu Ende gehen.Ein turbulentes Jahr 2025 neigt sich dem Ende zu. Es war geprägt von wirtschaftlicher Unsicherheit, geopolitischen Spannungen und dem ungebremsten Siegeszug der Künstlichen Intelligenz. Grund genug für die Redaktion von Computerwoche, CIO und CSO, in der letzten TechTalk-Podcast-Folge des…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter CyberVolk – A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks Operation MoneyMount-ISO, Deploying Phantom Stealer via ISO-Mounted Executables Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users […]…
-
Top 10 CERT-In Empanelled Auditors in India in 2026
Organisations today are increasingly exposed to cyber risks originating from unchecked network scanning and unpatched vulnerabilities. At the same time, the rise of malicious large language models like WormGPT and FraudGPT has lowered the barrier for hackers, enabling even less-skilled actors to launch phishing campaigns, create malware, and exploit security gaps with alarming ease. For……
-
Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence
Threat hunters have discerned new activity associated with an Iranian threat actor known as Infy (aka Prince of Persia), nearly five years after the hacking group was observed targeting victims in Sweden, the Netherlands, and Turkey.”The scale of Prince of Persia’s activity is more significant than we originally anticipated,” Tomer Bar, vice president of security…
-
U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware
Tags: malwareThe U.S. Department of Justice (DoJ) this week announced the indictment of 54 individuals in connection with a multi-million dollar ATM jackpotting scheme.The large-scale conspiracy involved deploying malware named Ploutus to hack into automated teller machines (ATMs) across the U.S. and force them to dispense cash. The indicted members are alleged to be part of…
-
U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware
Tags: malwareThe U.S. Department of Justice (DoJ) this week announced the indictment of 54 individuals in connection with a multi-million dollar ATM jackpotting scheme.The large-scale conspiracy involved deploying malware named Ploutus to hack into automated teller machines (ATMs) across the U.S. and force them to dispense cash. The indicted members are alleged to be part of…
-
Iranian APT Prince of Persia returns with new malware and C2 infrastructure
A shift to Telegram: More recently, the researchers identified a new Tonnerre variant that’s advertised as v50, as well as an unknown new Foudre version that goes along with it. These versions use a new C2 server structure and, most importantly, can download a file from the server that enables Telegram communication via its API.The…
-
ATM jackpotting gang accused of unleashing Ploutus malware across US
Tags: malwareLatest charges join the mountain of indictments facing alleged Tren de Aragua members First seen on theregister.com Jump to article: www.theregister.com/2025/12/19/tren_de_aragua_atm/
-
Iranian APT Targeting Networks and Critical Infrastructure Organizations
Iranian state-sponsored threat actors, previously thought to have gone dormant, have resurfaced with sophisticated new malware campaigns targeting critical infrastructure organizations globally. A new research report released by SafeBreach Labs reveals that the >>Prince of Persia
-
DOJ charges gang for ATM hacks using Ploutus malware
Tags: malwareThe Justice Department unsealed two indictments charging 54 people for their alleged roles in a campaign to develop and deploy a variant of the Ploutus malware, allowing them to pilfer hundreds of thousands of dollars from ATMs across the U.S. First seen on therecord.media Jump to article: therecord.media/doj-charges-gang-malware-ploutus
-
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware
Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known as CountLoader.The campaign “uses CountLoader as the initial tool in a multistage attack for access, evasion, and delivery of additional malware families,” Cyderes Howler…
-
Frankreich ermittelt: Verdächtige auf 2.000-Personen-Fähre mit Malware erwischt
Tags: malwareZwei Angestellte sollen auf einer großen Personenfähre mit Fernzugriffs-Malware hantiert haben. Behörden sprechen von ausländischer Einmischung. First seen on golem.de Jump to article: www.golem.de/news/frankreich-ermittelt-hacking-versuch-auf-2-000-personen-faehre-2512-203434.html
-
Italian Ferry Malware Attack Sparks International Probe
French intelligence agencies uncovered what appears to be a coordinated foreign interference operation targeting the GNV Fantastic. The post Italian Ferry Malware Attack Sparks International Probe appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-italian-ferry-malware-attack/
-
Frankreich ermittelt: Männer mit Malware auf 2.000-Personen-Fähre erwischt
Tags: malwareZwei Angestellte sollen auf einer großen Personenfähre mit Fernzugriffs-Malware hantiert haben. Behörden sprechen von ausländischer Einmischung. First seen on golem.de Jump to article: www.golem.de/news/frankreich-ermittelt-hacking-versuch-auf-2-000-personen-faehre-2512-203434.html
-
Frankreich ermittelt: Hacking-Versuch auf 2.000-Personen-Fähre
Zwei Angestellte sollen auf einer großen Personenfähre mit Fernzugriffs-Malware hantiert haben. Behörden sprechen von ausländischer Einmischung. First seen on golem.de Jump to article: www.golem.de/news/frankreich-ermittelt-hacking-versuch-auf-2-000-personen-faehre-2512-203434.html
-
Targeted Phishing Attack Strikes HubSpot Users
Evalian’s Security Operations Centre has uncovered an active, sophisticated phishing campaign targeting HubSpot customers, combining business email compromise (BEC) tactics with website compromise to distribute a credential-stealing malware to unsuspecting users. The multi-layered attack demonstrates how modern threat actors are evolving their techniques to bypass traditional email security controls. The phishing campaign employs a deceptive…
-
Beyond Rules and Alerts: How Behavioral Threat Analytics Redefines Modern Cyber Defense
Executive Summary Modern cyber adversaries no longer depend on loud malware, obvious exploits, or easily identifiable indicators of compromise. Instead, they leverage legitimate credentials, trusted tools, and native system functions to operate silently within enterprise environments. These attacks are deliberately designed to resemble normal business activity, rendering traditional detection methods ineffective. Behavioral Threat Analytics (BTA)…
-
NuGet Malware Mimic: .NET Integration Library Steals Crypto Wallets and OAuth Tokens
ReversingLabs (RL) researchers have uncovered a sophisticated malware campaign targeting the .NET developer ecosystem via the NuGet package manager. The campaign, which began in July 2025, involves 14 malicious packages designed to mimic legitimate cryptocurrency libraries. These packages are engineered to steal crypto wallets, redirect funds, and exfiltrate Google Ads OAuth tokens, marking a significant…
-
GachiLoader Deploys Payloads Using Obfuscated Node.js Malware
Check Point Research has uncovered a sophisticated malware distribution campaign leveraging the YouTube Ghost Network to deploy GachiLoader, a novel, heavily obfuscated Node.js-based loader designed to deliver the Rhadamanthys infostealer to unsuspecting victims. The campaign, which commenced in December 2024, represents a significant evolution in malware delivery tactics and demonstrates how threat actors continue to…
-
NuGet Malware Mimic: .NET Integration Library Steals Crypto Wallets and OAuth Tokens
ReversingLabs (RL) researchers have uncovered a sophisticated malware campaign targeting the .NET developer ecosystem via the NuGet package manager. The campaign, which began in July 2025, involves 14 malicious packages designed to mimic legitimate cryptocurrency libraries. These packages are engineered to steal crypto wallets, redirect funds, and exfiltrate Google Ads OAuth tokens, marking a significant…
-
NuGet Malware Mimic: .NET Integration Library Steals Crypto Wallets and OAuth Tokens
ReversingLabs (RL) researchers have uncovered a sophisticated malware campaign targeting the .NET developer ecosystem via the NuGet package manager. The campaign, which began in July 2025, involves 14 malicious packages designed to mimic legitimate cryptocurrency libraries. These packages are engineered to steal crypto wallets, redirect funds, and exfiltrate Google Ads OAuth tokens, marking a significant…
-
GachiLoader Deploys Payloads Using Obfuscated Node.js Malware
Check Point Research has uncovered a sophisticated malware distribution campaign leveraging the YouTube Ghost Network to deploy GachiLoader, a novel, heavily obfuscated Node.js-based loader designed to deliver the Rhadamanthys infostealer to unsuspecting victims. The campaign, which commenced in December 2024, represents a significant evolution in malware delivery tactics and demonstrates how threat actors continue to…
-
GachiLoader Deploys Payloads Using Obfuscated Node.js Malware
Check Point Research has uncovered a sophisticated malware distribution campaign leveraging the YouTube Ghost Network to deploy GachiLoader, a novel, heavily obfuscated Node.js-based loader designed to deliver the Rhadamanthys infostealer to unsuspecting victims. The campaign, which commenced in December 2024, represents a significant evolution in malware delivery tactics and demonstrates how threat actors continue to…
-
New China-linked hacker group spies on governments in Southeast Asia, Japan
The group, LongNosedGoblin, has been active since at least September 2023 and was uncovered after researchers detected new malware strains inside the network of a Southeast Asian government last year. First seen on therecord.media Jump to article: therecord.media/china-linked-hacker-group-spied-on-asian-govs
-
New China-linked hacker group spies on governments in Southeast Asia, Japan
The group, LongNosedGoblin, has been active since at least September 2023 and was uncovered after researchers detected new malware strains inside the network of a Southeast Asian government last year. First seen on therecord.media Jump to article: therecord.media/china-linked-hacker-group-spied-on-asian-govs
-
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan.The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since at…
-
Iranian APT ‘Prince of Persia’ Resurfaces With New Tools and Targets
SafeBreach reports the resurgence of the Iranian APT group Prince of Persia (Infy). Discover how these state-sponsored hackers are now using Telegram bots and Thunder and Lightning malware to target victims globally across Europe, India, and Canada. First seen on hackread.com Jump to article: hackread.com/iran-apt-prince-of-persia-resurfaces/
-
Iranian APT ‘Prince of Persia’ Resurfaces With New Tools and Targets
SafeBreach reports the resurgence of the Iranian APT group Prince of Persia (Infy). Discover how these state-sponsored hackers are now using Telegram bots and Thunder and Lightning malware to target victims globally across Europe, India, and Canada. First seen on hackread.com Jump to article: hackread.com/iran-apt-prince-of-persia-resurfaces/