Tag: malware
-
Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector
Hackers deployed a previously unknown wiper malware against Venezuela’s energy and utilities sector in an attack that appears to have been designed to destroy systems. First seen on therecord.media Jump to article: therecord.media/hackers-venezuela-wiper-malware-oil
-
Fake Google Antigravity Installer Can Steal Accounts in Minutes
Fake Antigravity downloads are enabling fast account takeovers using hidden malware and stolen session cookies. The post Fake Google Antigravity Installer Can Steal Accounts in Minutes appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-google-antigravity-downloads-steal-accounts-minutes/
-
Schatten-KI zwingt Sicherheitsverantwortliche zum Handeln
Der nächste große Sicherheitsvorfall beginnt möglicherweise nicht mit Malware oder einer Phishing-Mail. Er könnte mit einer Eingabeaufforderung starten und damit enden, dass ein KI-Agent Maßnahmen ergreift, die nie genehmigt wurden. Seit Jahren hält das Problem der Schatten-IT Sicherheitsverantwortliche auf Trab: Mitarbeitende setzen Cloud-Anwendungen ein, ohne dass diese von der IT-Abteilung genehmigt wurden. Die Schatten-KI folgt…
-
AI Tools Are Helping Mediocre North Korean Hackers Steal Millions
One group of hackers used AI for everything from vibe coding their malware to creating fake company websites”, and stole as much as $12 million in three months. First seen on wired.com Jump to article: www.wired.com/story/ai-tools-are-helping-mediocre-north-korean-hackers-steal-millions/
-
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
-
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
-
Malicious trading website drops malware that hands your browser to attackers
A fake TradingView AI agent site leads to malware that can take over your browser, steal your accounts and financial data, and open the door to further attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/malicious-trading-website-drops-malware-that-hands-your-browser-to-attackers/
-
New Mirai variants target routers and DVRs in parallel campaigns
Hidden inside newly discovered botnet malware is an unusual message from its creator: >>AI.NEEDS.TO.DIE<>tuxnokill<< by researchers at Akamai, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/new-mirai-variants-target-routers-and-dvrs-via-old-flaws/
-
109 Fake GitHub Repos Spread SmartLoader, StealC Malware
A coordinated malware operation is abusing fake GitHub repositories to distribute a LuaJIT-based loader, SmartLoader, and a follow-on StealC infostealer, with at least 109 malicious repos active across 103 accounts. The campaign blends cloned open source code, obfuscated Lua stages, and blockchain-backed C2 resolution to evade detection and keep infrastructure agile. Instead of relying on…
-
NFC tappay gets tapped by hackers
AI was likely used: ESET researchers also spotted something unusual in the malware’s internals. Some traces suggested generative AI may have played a role in its development.Specifically, the injected malicious code contains emoji markers in debug logs, something more commonly associated with AI-generated output than human-written malware. The researchers noted that this isn’t definitive proof…
-
Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026.Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector in Venezuela, per findings from Kaspersky.”Two batch scripts…
-
Neue NGate-Malware missbraucht HandyPay-App für NFC-Betrug
Sicherheitsforscher von ESET warnen vor einer Weiterentwicklung der NGate-Malware. Hacker nutzen eine manipulierte Version der seriösen App ‘HandyPay”, um kontaktlose Bezahldaten und PINs direkt von Android-Smartphones abzugreifen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ngate-malware-nfc-betrug
-
Lotus Wiper Hits Energy Sector in Destructive Cyberattack
Hackers have deployed a new destructive malware, dubbed Lotus Wiper , in a targeted cyberattack against energy and utilities organizations in Venezuela, aiming not to extort money but to destroy data and disrupt operations permanently. Artifacts from the Lotus Wiper attack chain were uploaded to a public malware-sharing resource in mid-December 2025 from a machine in Venezuela,…
-
New GoGra malware for Linux uses Microsoft Graph API for comms
A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-gogra-malware-for-linux-uses-microsoft-graph-api-for-comms/
-
26 gefälschte Krypto-Wallets im Apple App Store entdeckt
Die unter dem Namen ‘FakeWallet” bekannte Malware nutzt raffinierte Täuschungen, um sowohl digitale als auch physische Wallets im Apple App Store zu plündern. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apple-app-store-gefaelschte-wallets
-
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed via a theme related to India’s banking sector.”The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, and session management, indicating a continued espionage-focused capability set rather than First seen on thehackernews.com…
-
DinDoor Backdoor Exploits Deno and MSI Installers to Slip Past Detection
DinDoor is a newly documented backdoor that abuses the Deno JavaScript runtime and MSI installer files to execute attacker”‘controlled code while sidestepping traditional detection controls quietly. Hiding behind trusted runtimes and common Windows tooling gives threat actors a flexible way to deploy fileless or low”‘footprint malware into enterprise environments. Instead of shipping a conventional compiled…
-
Namastex npm Packages Spread TeamPCP-Style CanisterWorm Malware
Compromised Namastex npm packages are delivering a new TeamPCP-style CanisterWorm variant that targets developer secrets, browser and wallet data, and then attempts to spread across npm and PyPI ecosystems using canister-backed exfiltration infrastructure. The campaign closely mirrors the original CanisterWorm, reinforcing concerns that TeamPCP is continuing to refine its supply chain tooling against real-world development…
-
Hackers Tie Iranian Espionage to CastleRAT and ChainShell
A direct operational link between Iran’s MuddyWater espionage group and the Russian TAG-150 CastleRAT malware-as-a-service (MaaS) platform, showing how state and criminal ecosystems are now tightly intertwined. Investigators recovered 15 malware samples, including at least two CastleRAT “builds” and a PowerShell script named reset.ps1 that deploys a previously undocumented JavaScript/Node.js agent dubbed ChainShell. On this server, two native…
-
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
Threat actors associated with The Gentlemen ransomware”‘as”‘a”‘service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC.According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led to the discovery of a botnet of more than 1,570 victims.”SystemBC establishes SOCKS5 network tunnels within…
-
New Lotus data wiper used against Venezuelan energy, utility firms
A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-lotus-data-wiper-used-against-venezuelan-energy-utility-firms/
-
AI-Powered NGate Malware Evades Detection Inside NFC Payment Apps
A new NGate malware variant that hides inside a trojanized version of HandyPay, a legitimate NFC payment relay app for Android, to steal card data and PINs for ATM cash-outs and fraudulent payments. The injected code shows clear signs of being produced with generative AI, highlighting how low”‘skill actors can now weaponize NFC payment apps…
-
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
Cybersecurity researchers have discovered a new iteration of an Android malware family calledNGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate.”The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated,” ESET security researcher Lukáš…
-
NGate NFC malware targets Android users through trojanized payment app
NFC-based payment fraud is expanding geographically and operationally. A campaign active since November 2025 is targeting Android users in Brazil using a new variant of the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/21/android-ngate-nfc-malware/
-
NGate Android malware uses HandyPay NFC app to steal card data
A new variant of the NGate malware that steals NFC payment data is targeting Android users by hiding in a trojanized version of HandyPay, a legitimate mobile payments processing tool. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ngate-android-malware-uses-handypay-nfc-app-to-steal-card-data/
-
Vercel’s security breach started with malware disguised as Roblox cheats
The attack, which originated at Context.ai, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions. First seen on cyberscoop.com Jump to article: cyberscoop.com/vercel-security-breach-third-party-attack-context-ai-lumma-stealer/
-
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-gentlemen-ransomware-now-uses-systembc-for-bot-powered-attacks/
-
Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign
Four Android banking malware campaigns are targeting more than 800 apps by abusing overlays, Accessibility permissions, and sideloaded fake apps to steal PINs. The post Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
-
ZionSiphon Malware Targets Water Infrastructure Systems
ZionSiphon malware targets OT water systems with sabotage and ICS scanning capabilities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/zionsiphon-malware-water/