Tag: malware
-
New PixRevolution Malware Steals Brazil’s PIX Transfers in Real Time
Researchers have discovered PixRevolution, a new Android banking trojan targeting Brazil’s PIX system. Unlike automated scams, this malware uses live operators to watch your screen and divert funds instantly. First seen on hackread.com Jump to article: hackread.com/pixrevolution-malware-steals-brazil-pix-transfers/
-
North Korean fake IT worker tradecraft exposed
Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
-
North Korean fake IT worker tradecraft exposed
Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
-
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud.The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT.PixRevolution, according to First seen on thehackernews.com Jump to…
-
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud.The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT.PixRevolution, according to First seen on thehackernews.com Jump to…
-
Iran Claim Massive Cyber-Attack on MedTech Firm Stryker
The pro-Iran Handala group claims to have wiped 200,000 systems in destructive wiper malware attack on US firm Stryker First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-massive-wiper-attack-medtech/
-
Cyberkriminelle verteilen Malware über GitHub: Wie du die Angriffe erkennst und dich davor schützt
First seen on t3n.de Jump to article: t3n.de/news/cyberkriminelle-malware-github-1733437/
-
BlackSanta Malware Shuts Down Protections, Targets HR and Recruiting Operations
Russian threat actors for more than a year have targeted HR and recruiting operations in a sophisticated phishing and infostealing campaign that includes a component, dubbed BlackSanta, that can shut down antivirus tools and EDR protections before deploying the malware that exfiltrates data, Aryaka researchers say. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/blacksanta-malware-shuts-down-protections-targets-hr-and-recruiting-operations/
-
Medtech giant Stryker offline after Iran-linked wiper malware attack
Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/medtech-giant-stryker-offline-after-iran-linked-wiper-malware-attack/
-
Vermeintlich von Google gesponserte Online-Anzeigen für Anthropics Claude-Code bereiten den Weg für Malware
Cyberkriminelle springen aktuell auf die hohe Nachfrage und Aufmerksamkeit rund um Claude-Code, den KI-gestützten Codierassistenten von Anthropic, auf. Davor warnen die Experten der Bitdefender Labs in einer aktuellen Analyse. Die angeblich von Google gesponserten Suchergebnisse erwecken Vertrauen. Wahrscheinlich kompromittierten die Kriminellen ein offizielles Anzeigenkonto eines Unternehmens und nutzen den korrekten Markenauftritt für ihre Glaubwürdigkeit. In…
-
BlackSanta EDR-Killer Targets HR Teams in CV-Themed Campaign
BlackSanta malware targets HR staff with fake resumes, kills EDR and steals system data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/blacksanta-edr-killer-targets-hr/
-
Fake job applications pack malware that kills endpoint detection before stealing data
Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses First seen on theregister.com Jump to article: www.theregister.com/2026/03/10/malware_targeting_hr/
-
BlackSanta Malware Targets HR Staff with Fake CV Downloads
Aryaka researchers have identified a new threat from a Russian-speaking group using ‘BlackSanta’ malware. By disguising attacks as job applications, hackers are bypassing security to target recruitment workflows. First seen on hackread.com Jump to article: hackread.com/blacksanta-malware-hr-staff-fake-cv-downloads/
-
Header-Manipulationstechnik: Zombie Zip trickst fast alle Antivirus-Tools aus
Angreifer können Zip-verpackte Malware leicht an gängigen Antivirus-Lösungen vorbeischleusen. Eset-Nutzer kennen das Problem seit über 20 Jahren. First seen on golem.de Jump to article: www.golem.de/news/header-manipulationstechnik-zombie-zip-trickst-fast-alle-antivirus-tools-aus-2603-206357.html
-
KadNap bot compromises 14,000+ devices to route malicious traffic
KadNap malware infects 14,000+ edge devices, mainly Asus routers, turning them into a stealth proxy botnet used to route malicious internet traffic. KadNap malware infects more than 14,000 edge devices, mainly ASUS routers, and turns them into a proxy botnet used to route malicious traffic. First detected in August 2025, the campaign heavily targets the…
-
Google Warns of AI”‘Driven Adaptive Malware Rewriting Its Own Code
The cybersecurity landscape experienced a major shift in 2025 as threat actors transitioned from experimenting with artificial intelligence to fully integrating it into real-world cyber operations. According to new insights from the Google Threat Intelligence Group (GTIG) and Mandiant, attackers are now deploying adaptive malware and autonomous AI agents that dynamically modify their behavior during…
-
BeatBanker Trojan Spreads via Phishing, Deploys Crypto Miner and RAT on Targeted Devices
BeatBanker is a new Android malware campaign targeting users in Brazil, combining banking fraud, crypto”‘mining, and, in its latest wave, full device takeover via a RAT. It spreads almost entirely through phishing pages that mimic the Google Play Store and trick victims into installing weaponized APKs disguised as legitimate apps and updates. The operation starts…
-
Malvertising: Herbert Grönemeyer und Hasso Plattner werden missbraucht
Aktuell weltweite Kampagne mit russischem cyberkriminellem Hintergrund. 310 koordinierte Kampagnen für digitalen Betrug in 25 Ländern auf sechs Kontinenten. Phishing-Mails mit aggressivem telefonischem Nachsetzen. Fake-Anzeigen als Ausgangspunkt für Anlagenbetrug. Depot-Empfehlungen von Herbert Grönemeyer oder vermeintliche Krypto-Tipps von SAP”‘Gründer Hasso Plattner sind derzeit Teil einer groß angelegten internationalen Betrugskampagne. Dahinter steckt ein global agierendes Netzwerk… First…
-
HR Departments Targeted by Multi-Layered BlackSanta EDR Killer Malware
Threat actors are increasingly targeting human resources (HR) departments by disguising malware as job application documents. The attack begins with what appears to be a legitimate job application. HR professionals receive a resume hosted on a well-known cloud storage platform, making the file seem trustworthy. The candidate profile looks realistic and relevant to open positions,…
-
PhantomRaven Malware Resurfaces, Targets npm Supply Chain to Steal Developer Secrets
A large-scale malware campaign known as PhantomRaven has resurfaced, targeting the npm software supply chain and attempting to steal sensitive developer credentials. The newly identified packages belong to three new phases of the campaign Wave 2, Wave 3, and Wave 4 distributed between November 2025 and February 2026. Despite the discovery and reporting of the…
-
PhantomRaven Malware Resurfaces, Targets npm Supply Chain to Steal Developer Secrets
A large-scale malware campaign known as PhantomRaven has resurfaced, targeting the npm software supply chain and attempting to steal sensitive developer credentials. The newly identified packages belong to three new phases of the campaign Wave 2, Wave 3, and Wave 4 distributed between November 2025 and February 2026. Despite the discovery and reporting of the…
-
PhantomRaven Malware Resurfaces, Targets npm Supply Chain to Steal Developer Secrets
A large-scale malware campaign known as PhantomRaven has resurfaced, targeting the npm software supply chain and attempting to steal sensitive developer credentials. The newly identified packages belong to three new phases of the campaign Wave 2, Wave 3, and Wave 4 distributed between November 2025 and February 2026. Despite the discovery and reporting of the…
-
Hackers Pose as IT Staff in Microsoft Teams to Install Malware
Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to corporate networks. The post Hackers Pose as IT Staff in Microsoft Teams to Install Malware appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-teams-it-impersonation-malware-attack/
-
New ‘BlackSanta’ EDR killer spotted targeting HR departments
For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-blacksanta-edr-killer-spotted-targeting-hr-departments/
-
Fake OpenClaw npm Package Installs GhostClaw Malware
A malicious npm package disguised as OpenClaw installs GhostClaw malware to steal developer credentials and sensitive data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fake-openclaw-npm-package-installs-ghostclaw-malware/
-
New BeatBanker Android malware poses as Starlink app to hijack devices
A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-beatbanker-android-malware-poses-as-starlink-app-to-hijack-devices/
-
New ‘Zombie ZIP’ technique lets malware slip past security tools
A new technique dubbed “Zombie ZIP” helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-zombie-zip-technique-lets-malware-slip-past-security-tools/