Tag: malware
-
BlackSanta Malware Targets HR Staff with Fake CV Downloads
Aryaka researchers have identified a new threat from a Russian-speaking group using ‘BlackSanta’ malware. By disguising attacks as job applications, hackers are bypassing security to target recruitment workflows. First seen on hackread.com Jump to article: hackread.com/blacksanta-malware-hr-staff-fake-cv-downloads/
-
Header-Manipulationstechnik: Zombie Zip trickst fast alle Antivirus-Tools aus
Angreifer können Zip-verpackte Malware leicht an gängigen Antivirus-Lösungen vorbeischleusen. Eset-Nutzer kennen das Problem seit über 20 Jahren. First seen on golem.de Jump to article: www.golem.de/news/header-manipulationstechnik-zombie-zip-trickst-fast-alle-antivirus-tools-aus-2603-206357.html
-
KadNap bot compromises 14,000+ devices to route malicious traffic
KadNap malware infects 14,000+ edge devices, mainly Asus routers, turning them into a stealth proxy botnet used to route malicious internet traffic. KadNap malware infects more than 14,000 edge devices, mainly ASUS routers, and turns them into a proxy botnet used to route malicious traffic. First detected in August 2025, the campaign heavily targets the…
-
Google Warns of AI”‘Driven Adaptive Malware Rewriting Its Own Code
The cybersecurity landscape experienced a major shift in 2025 as threat actors transitioned from experimenting with artificial intelligence to fully integrating it into real-world cyber operations. According to new insights from the Google Threat Intelligence Group (GTIG) and Mandiant, attackers are now deploying adaptive malware and autonomous AI agents that dynamically modify their behavior during…
-
BeatBanker Trojan Spreads via Phishing, Deploys Crypto Miner and RAT on Targeted Devices
BeatBanker is a new Android malware campaign targeting users in Brazil, combining banking fraud, crypto”‘mining, and, in its latest wave, full device takeover via a RAT. It spreads almost entirely through phishing pages that mimic the Google Play Store and trick victims into installing weaponized APKs disguised as legitimate apps and updates. The operation starts…
-
Malvertising: Herbert Grönemeyer und Hasso Plattner werden missbraucht
Aktuell weltweite Kampagne mit russischem cyberkriminellem Hintergrund. 310 koordinierte Kampagnen für digitalen Betrug in 25 Ländern auf sechs Kontinenten. Phishing-Mails mit aggressivem telefonischem Nachsetzen. Fake-Anzeigen als Ausgangspunkt für Anlagenbetrug. Depot-Empfehlungen von Herbert Grönemeyer oder vermeintliche Krypto-Tipps von SAP”‘Gründer Hasso Plattner sind derzeit Teil einer groß angelegten internationalen Betrugskampagne. Dahinter steckt ein global agierendes Netzwerk… First…
-
HR Departments Targeted by Multi-Layered BlackSanta EDR Killer Malware
Threat actors are increasingly targeting human resources (HR) departments by disguising malware as job application documents. The attack begins with what appears to be a legitimate job application. HR professionals receive a resume hosted on a well-known cloud storage platform, making the file seem trustworthy. The candidate profile looks realistic and relevant to open positions,…
-
PhantomRaven Malware Resurfaces, Targets npm Supply Chain to Steal Developer Secrets
A large-scale malware campaign known as PhantomRaven has resurfaced, targeting the npm software supply chain and attempting to steal sensitive developer credentials. The newly identified packages belong to three new phases of the campaign Wave 2, Wave 3, and Wave 4 distributed between November 2025 and February 2026. Despite the discovery and reporting of the…
-
PhantomRaven Malware Resurfaces, Targets npm Supply Chain to Steal Developer Secrets
A large-scale malware campaign known as PhantomRaven has resurfaced, targeting the npm software supply chain and attempting to steal sensitive developer credentials. The newly identified packages belong to three new phases of the campaign Wave 2, Wave 3, and Wave 4 distributed between November 2025 and February 2026. Despite the discovery and reporting of the…
-
PhantomRaven Malware Resurfaces, Targets npm Supply Chain to Steal Developer Secrets
A large-scale malware campaign known as PhantomRaven has resurfaced, targeting the npm software supply chain and attempting to steal sensitive developer credentials. The newly identified packages belong to three new phases of the campaign Wave 2, Wave 3, and Wave 4 distributed between November 2025 and February 2026. Despite the discovery and reporting of the…
-
Hackers Pose as IT Staff in Microsoft Teams to Install Malware
Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to corporate networks. The post Hackers Pose as IT Staff in Microsoft Teams to Install Malware appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-teams-it-impersonation-malware-attack/
-
New ‘BlackSanta’ EDR killer spotted targeting HR departments
For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-blacksanta-edr-killer-spotted-targeting-hr-departments/
-
Fake OpenClaw npm Package Installs GhostClaw Malware
A malicious npm package disguised as OpenClaw installs GhostClaw malware to steal developer credentials and sensitive data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fake-openclaw-npm-package-installs-ghostclaw-malware/
-
New BeatBanker Android malware poses as Starlink app to hijack devices
A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-beatbanker-android-malware-poses-as-starlink-app-to-hijack-devices/
-
New ‘Zombie ZIP’ technique lets malware slip past security tools
A new technique dubbed “Zombie ZIP” helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-zombie-zip-technique-lets-malware-slip-past-security-tools/
-
Russian Threat Actor Sednit Resurfaces With Sophisticated Toolkit
After several years of using simple implants, the Russia-affiliated actor is back with two new sophisticated malware tools. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/sednit-resurfaces-with-sophisticated-new-toolkit
-
Cybercrime isn’t just a cover for Iran’s government goons – it’s a key part of their operations
Ransomware, malware-as-a-service, infostealers benefit MOIS, too First seen on theregister.com Jump to article: www.theregister.com/2026/03/10/cybercrime_iran_mois/
-
China-Linked Hackers Hit Qatar with Backdoor Disguised as War News
China-linked hackers targeted Qatar using fake war news lures to spread PlugX backdoor malware and spy on military and energy sectors. First seen on hackread.com Jump to article: hackread.com/china-hackers-qatar-backdoor-fake-war-news/
-
Fake Claude Code Spreads Malware to Windows, macOS Users
Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows and macOS systems. The post Fake Claude Code Spreads Malware to Windows, macOS Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-claude-code-install-pages-malware-windows-macos/
-
APT28 conducts long-term espionage on Ukrainian forces using custom malware
APT28 used BEARDSHELL and COVENANT malware to spy on Ukrainian military personnel, enabling long-term surveillance since April 2024. The Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has used BEARDSHELL and COVENANT malware to conduct long-term surveillance of Ukrainian military personnel. According to ESET, the campaign began in April 2024 and relies on…
-
KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
Cybersecurity researchers have discovered a new malware called KadNap that’s primarily targeting Asus routers to enlist them into a botnet for proxying malicious traffic.The malware, first detected in the wild in August 2025, has expanded to over 14,000 infected devices, with more than 60% of victims located in the U.S., according to the Black Lotus…
-
New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
A newly discovered botnet malware called KadNap is targeting ASUS routers and other edge networking devices to turn them into proxies for malicious traffic. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-kadnap-botnet-hijacks-asus-routers-to-fuel-cybercrime-proxy-network/
-
‘BlackSanta’ EDR Killer Targets HR Workflows
A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/blacksanta-edr-killer-hr-workflows
-
Fake job applications pack malware that kills EDR before stealing data
Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses First seen on theregister.com Jump to article: www.theregister.com/2026/03/10/malware_targeting_hr/
-
Fake Claude Code Install Pages Spread Infostealer Malware
Fake Claude Code install pages are spreading infostealer malware through malicious search ads. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/fake-claude-code-install-pages-spread-infostealer-malware/
-
HR, recruiters targeted in year-long malware campaign
An attack campaign targeting HR departments and job recruiters has been stealthily compromising systems, Aryaka researchers have discovered. By avoiding analysis environments … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/10/hr-recruiters-malware-resume/