Tag: malware
-
Google disrupts IPIDEA residential proxy networks fueled by malware
IPIDEA, one of the largest residential proxy networks used by threat actors, was disrupted earlier this week by Google Threat Intelligence Group (GTIG) in collaboration with industry partners. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-disrupts-ipidea-residential-proxy-networks-fueled-by-malware/
-
Not a Kids Game: From Roblox Mod to Compromising Your Company
Seemingly harmless game mods can hide infostealer malware that quietly steals identities. Flare shows how Roblox mods can turn a home PC infection into corporate compromise. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/not-a-kids-game-from-roblox-mod-to-compromising-your-company/
-
Fake “Mac Cleaner” Campaign Uses Google Ads to Redirect Users to Malware
Cybercriminals are exploiting Google Search Ads to distribute malware through deceptive landing pages that impersonate Apple’s official website design. The malicious ads appear prominently in Google Search results when users search for >>mac cleaner,<< displaying trusted domains such as docs.google.com and business.google.com as landing pages. However, clicking these ads redirects users to Google Apps Script…
-
eScan Antivirus Update Server Breached to Deliver Malicious Software Updates
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer endpoints worldwide. Security researchers immediately alerted the vendor, which isolated the affected infrastructure within one hour and took its global update system offline…
-
Python-Based PyRAT Emerges as Cross-Platform Threat With Advanced Remote Access Capabilities
In the evolving landscape of cyber threats, attackers increasingly leverage Python to develop sophisticated Remote Access Trojans (RATs) that evade traditional security controls. Python’s widespread adoption and cross-platform compatibility make it an attractive development platform for threat actors seeking to maximize their reach. Unlike compiled binaries, Python-based malware compiled into ELF and PE formats poses…
-
Matanbuchus Malware Evolves to Bypass AV Defenses by Swapping Core Components
Matanbuchus is a malicious C++-based downloader that has been sold as Malware-as-a-Service (MaaS) since 2020. Initially known as a simple loader for second-stage payloads, it has steadily evolved into a flexible backdoor platform that is increasingly tied to ransomware operations. In July 2025, researchers observed Matanbuchus version 3.0 in the wild, featuring redesigned components, stronger…
-
Virenschutz ade: Malware über Update-Server von Antivirus-Tool verteilt
Angreifer haben über das Antivirus-Tool eScan Malware auf Nutzersysteme geschleust. Ein Update-Server des Anbieters war kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/von-wegen-virenschutz-malware-ueber-update-server-von-antivirus-tool-verteilt-2601-204754.html
-
Dissecting UAT-8099: New persistence mechanisms and regional focus
Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-8099-new-persistence-mechanisms-and-regional-focus/
-
Von wegen Virenschutz: Malware über Update-Server von Antivirus-Tool verteilt
Angreifer haben über das Antivirus-Tool eScan Malware auf Nutzersysteme geschleust. Ein Update-Server des Anbieters war kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/von-wegen-virenschutz-malware-ueber-update-server-von-antivirus-tool-verteilt-2601-204754.html
-
Open-source malware zeroes in on developer environments
Open source malware activity during 2025 concentrated on a single objective: executing code inside developer environments, according to Sonatype. The focus reflected a broader … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/report-open-source-malware-activity/
-
31 More Charged in Massive ATM Jackpotting Scheme Linked to Tren de Aragua Gang
The DOJ indicted 31 people accused of participating in an ATM jackpotting scheme in which the venerable Ploutus malware was used to help steal more than $5 million from machines around the United States. In total, 87 people have been charged, with many connected to the Tren de Aragua Venezuelan crime syndicate. First seen on…
-
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims to be a free artificial intelligence (AI) coding assistant, but stealthily drops a malicious payload on compromised hosts.The extension, named “ClawdBot Agent – AI Coding Assistant” (“clawdbot.clawdbot-agent”) First seen on…
-
FBI seizes RAMP cybercrime forum used by ransomware gangs
The FBI has seized the notorious RAMP cybercrime forum, a platform used to advertise a wide range of malware and hacking services, and one of the few remaining forums that openly allowed the promotion of ransomware operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-seizes-ramp-cybercrime-forum-used-by-ransomware-gangs/
-
Hackers Still Using Patched WinRAR Flaw for Malware Drops, Warns Google
The Google Threat Intelligence Group (GTIG) warns that nation-state actors and financially motivated threat actors are exploiting a… First seen on hackread.com Jump to article: hackread.com/hackers-patch-winrar-flaw-malware-google/
-
Massives Datenleck bedroht rund 150 Millionen Benutzer
Tags: credentials, credit-card, crypto, cyberattack, data-breach, finance, fraud, login, mail, malware, password, phishing, riskDie offengelegten Zugangsdaten stellen ein erhebliches Sicherheitsrisiko dar.Der Cybersicherheitsforscher Jeremiah Fowler deckte kürzlich ein Datenleck mit 149 Millionen Login-Daten auf. Zu den Opfern zählen vor allem Nutzer großer Tech-und Streaming-Anbieter. Aber auch Finanzdienstleistungskonten, Krypto-Wallets oder Handelskonten, Bank- und Kreditkarten-Logins tauchten in den offengelegten Datensätzen auf. Laut Forschungsbericht enthält die Datenbank jedoch nicht nur Benutzernamen und…
-
Cybercriminals Leverage AI-Generated Malicious Job Offers to Spread PureRAT Malware
A Vietnamese threat actor is using AI-authored code to power a phishing campaign that delivers the PureRAT malware and related payloads, leveraging realistic job-themed lures to compromise corporate systems. The campaign, first documented by Trend Micro in December 2025, initially used malicious ZIP and RAR attachments posing as job opportunity documents. More recent activity observed…
-
Emojis in PureRAT’s Code Point to AI-Generated Malware Campaign
Researchers discover that PureRAT’s code now contains emojis indicating it has been written by AI based-on comments ripped from social media. First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/emojis-in-purerats-code/
-
Betrügerische Immobilienangebote: BSI warnt vor Malware bei Kleinanzeigen
Angreifer haben es mal wieder auf Kleinanzeigen-Nutzer abgesehen. Sie verbreiten Malware und ködern sie mit Onlinebesichtigungen für Immobilien. First seen on golem.de Jump to article: www.golem.de/news/kleinanzeigen-verlockende-immobilienangebote-mit-malware-im-schlepptau-2601-204714.html
-
Sicarii ransomware locks your data and throws away the keys
Tags: ai, business, communications, compliance, credentials, data, encryption, extortion, finance, malware, network, ransomware, risk, vulnerabilityUnusual technical profile hints at vibe-coding: One possible explanation for Sicarii’s broken encryption flow is immature or poorly implemented development practices. The ransomware’s failure to retain usable keys is inconsistent with established ransomware design and suggests it may have been assembled without rigorous testing or a clear understanding of operational consequences, or even vibe-coded.”Halcyon assesses…
-
Kleinanzeigen: Verlockende Immobilienangebote mit Malware im Schlepptau
Tags: malwareAngreifer haben es mal wieder auf Kleinanzeigen-Nutzer abgesehen. Sie verbreiten Malware und ködern sie mit Onlinebesichtigungen für Immobilien. First seen on golem.de Jump to article: www.golem.de/news/kleinanzeigen-verlockende-immobilienangebote-mit-malware-im-schlepptau-2601-204714.html
-
Phantom Malware in Android Game Mods Hijacks Devices for Ad Fraud
Another day, another Android malware strain. This time, Phantom malware (aka Android.Phantom) is targeting users who install third-party gaming apps from unofficial sources. First seen on hackread.com Jump to article: hackread.com/phantom-malware-android-game-mods-ad-fraud/
-
Password Reuse in Disguise: An Often-Missed Risky Workaround
When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of the most persistent and underestimated risks to organizational security remains far more ordinary.Near-identical password reuse continues to slip past security controls, often First seen…
-
Sicherheitslücke: Mehrere Hackergruppen attackieren Winrar-Nutzer seit Monaten
Cyberakteure aus mehreren Ländern nutzen seit Mitte 2025 eine bekannte Winrar-Lücke aus. Sie schleusen Trojaner und andere Malware ein. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-mehrere-hackergruppen-attackieren-winrar-nutzer-seit-monaten-2601-204699.html
-
Another Credential Leak, Another Dollar
A 149M-credential breach shows why encryption alone isn’t enough. Infostealer malware bypasses cloud security by stealing passwords at the endpoint”, where encryption offers no protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/another-credential-leak-another-dollar/
-
Another Credential Leak, Another Dollar
A 149M-credential breach shows why encryption alone isn’t enough. Infostealer malware bypasses cloud security by stealing passwords at the endpoint”, where encryption offers no protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/another-credential-leak-another-dollar/
-
Another Credential Leak, Another Dollar
A 149M-credential breach shows why encryption alone isn’t enough. Infostealer malware bypasses cloud security by stealing passwords at the endpoint”, where encryption offers no protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/another-credential-leak-another-dollar/
-
‘Stanley’ Toolkit Turns Chrome Into Undetectable Phishing Vector
The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/stanley-toolkit-chrome-undetectable-phishing
-
Android Adds ‘Accountability Layer’ to Third-Party Apps
Android is adding new verification steps to sideloaded apps, introducing friction for advanced users while aiming to reduce malware, fraud, and scams. The post Android Adds ‘Accountability Layer’ to Third-Party Apps appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-android-sideloading-verification-update/
-
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP – Part 2
Tags: access, ai, api, apt, attack, backdoor, backup, cloud, control, credentials, data, dns, email, exploit, github, google, government, group, india, infection, infrastructure, Internet, linux, malicious, malware, microsoft, monitoring, network, phishing, powershell, programming, service, tactics, threat, tool, update, windowsThis is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP, used to power the Sheet Attack campaign. In Part 2 of this series, ThreatLabz will…