Tag: malware
-
U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware
Tags: malwareThe U.S. Department of Justice (DoJ) this week announced the indictment of 54 individuals in connection with a multi-million dollar ATM jackpotting scheme.The large-scale conspiracy involved deploying malware named Ploutus to hack into automated teller machines (ATMs) across the U.S. and force them to dispense cash. The indicted members are alleged to be part of…
-
U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware
Tags: malwareThe U.S. Department of Justice (DoJ) this week announced the indictment of 54 individuals in connection with a multi-million dollar ATM jackpotting scheme.The large-scale conspiracy involved deploying malware named Ploutus to hack into automated teller machines (ATMs) across the U.S. and force them to dispense cash. The indicted members are alleged to be part of…
-
Iranian APT Prince of Persia returns with new malware and C2 infrastructure
A shift to Telegram: More recently, the researchers identified a new Tonnerre variant that’s advertised as v50, as well as an unknown new Foudre version that goes along with it. These versions use a new C2 server structure and, most importantly, can download a file from the server that enables Telegram communication via its API.The…
-
ATM jackpotting gang accused of unleashing Ploutus malware across US
Tags: malwareLatest charges join the mountain of indictments facing alleged Tren de Aragua members First seen on theregister.com Jump to article: www.theregister.com/2025/12/19/tren_de_aragua_atm/
-
Iranian APT Targeting Networks and Critical Infrastructure Organizations
Iranian state-sponsored threat actors, previously thought to have gone dormant, have resurfaced with sophisticated new malware campaigns targeting critical infrastructure organizations globally. A new research report released by SafeBreach Labs reveals that the >>Prince of Persia
-
DOJ charges gang for ATM hacks using Ploutus malware
Tags: malwareThe Justice Department unsealed two indictments charging 54 people for their alleged roles in a campaign to develop and deploy a variant of the Ploutus malware, allowing them to pilfer hundreds of thousands of dollars from ATMs across the U.S. First seen on therecord.media Jump to article: therecord.media/doj-charges-gang-malware-ploutus
-
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware
Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known as CountLoader.The campaign “uses CountLoader as the initial tool in a multistage attack for access, evasion, and delivery of additional malware families,” Cyderes Howler…
-
Frankreich ermittelt: Verdächtige auf 2.000-Personen-Fähre mit Malware erwischt
Tags: malwareZwei Angestellte sollen auf einer großen Personenfähre mit Fernzugriffs-Malware hantiert haben. Behörden sprechen von ausländischer Einmischung. First seen on golem.de Jump to article: www.golem.de/news/frankreich-ermittelt-hacking-versuch-auf-2-000-personen-faehre-2512-203434.html
-
Italian Ferry Malware Attack Sparks International Probe
French intelligence agencies uncovered what appears to be a coordinated foreign interference operation targeting the GNV Fantastic. The post Italian Ferry Malware Attack Sparks International Probe appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-italian-ferry-malware-attack/
-
Frankreich ermittelt: Männer mit Malware auf 2.000-Personen-Fähre erwischt
Tags: malwareZwei Angestellte sollen auf einer großen Personenfähre mit Fernzugriffs-Malware hantiert haben. Behörden sprechen von ausländischer Einmischung. First seen on golem.de Jump to article: www.golem.de/news/frankreich-ermittelt-hacking-versuch-auf-2-000-personen-faehre-2512-203434.html
-
Frankreich ermittelt: Hacking-Versuch auf 2.000-Personen-Fähre
Zwei Angestellte sollen auf einer großen Personenfähre mit Fernzugriffs-Malware hantiert haben. Behörden sprechen von ausländischer Einmischung. First seen on golem.de Jump to article: www.golem.de/news/frankreich-ermittelt-hacking-versuch-auf-2-000-personen-faehre-2512-203434.html
-
Targeted Phishing Attack Strikes HubSpot Users
Evalian’s Security Operations Centre has uncovered an active, sophisticated phishing campaign targeting HubSpot customers, combining business email compromise (BEC) tactics with website compromise to distribute a credential-stealing malware to unsuspecting users. The multi-layered attack demonstrates how modern threat actors are evolving their techniques to bypass traditional email security controls. The phishing campaign employs a deceptive…
-
Beyond Rules and Alerts: How Behavioral Threat Analytics Redefines Modern Cyber Defense
Executive Summary Modern cyber adversaries no longer depend on loud malware, obvious exploits, or easily identifiable indicators of compromise. Instead, they leverage legitimate credentials, trusted tools, and native system functions to operate silently within enterprise environments. These attacks are deliberately designed to resemble normal business activity, rendering traditional detection methods ineffective. Behavioral Threat Analytics (BTA)…
-
NuGet Malware Mimic: .NET Integration Library Steals Crypto Wallets and OAuth Tokens
ReversingLabs (RL) researchers have uncovered a sophisticated malware campaign targeting the .NET developer ecosystem via the NuGet package manager. The campaign, which began in July 2025, involves 14 malicious packages designed to mimic legitimate cryptocurrency libraries. These packages are engineered to steal crypto wallets, redirect funds, and exfiltrate Google Ads OAuth tokens, marking a significant…
-
GachiLoader Deploys Payloads Using Obfuscated Node.js Malware
Check Point Research has uncovered a sophisticated malware distribution campaign leveraging the YouTube Ghost Network to deploy GachiLoader, a novel, heavily obfuscated Node.js-based loader designed to deliver the Rhadamanthys infostealer to unsuspecting victims. The campaign, which commenced in December 2024, represents a significant evolution in malware delivery tactics and demonstrates how threat actors continue to…
-
GachiLoader Deploys Payloads Using Obfuscated Node.js Malware
Check Point Research has uncovered a sophisticated malware distribution campaign leveraging the YouTube Ghost Network to deploy GachiLoader, a novel, heavily obfuscated Node.js-based loader designed to deliver the Rhadamanthys infostealer to unsuspecting victims. The campaign, which commenced in December 2024, represents a significant evolution in malware delivery tactics and demonstrates how threat actors continue to…
-
New China-linked hacker group spies on governments in Southeast Asia, Japan
The group, LongNosedGoblin, has been active since at least September 2023 and was uncovered after researchers detected new malware strains inside the network of a Southeast Asian government last year. First seen on therecord.media Jump to article: therecord.media/china-linked-hacker-group-spied-on-asian-govs
-
New China-linked hacker group spies on governments in Southeast Asia, Japan
The group, LongNosedGoblin, has been active since at least September 2023 and was uncovered after researchers detected new malware strains inside the network of a Southeast Asian government last year. First seen on therecord.media Jump to article: therecord.media/china-linked-hacker-group-spied-on-asian-govs
-
NuGet Malware Mimic: .NET Integration Library Steals Crypto Wallets and OAuth Tokens
ReversingLabs (RL) researchers have uncovered a sophisticated malware campaign targeting the .NET developer ecosystem via the NuGet package manager. The campaign, which began in July 2025, involves 14 malicious packages designed to mimic legitimate cryptocurrency libraries. These packages are engineered to steal crypto wallets, redirect funds, and exfiltrate Google Ads OAuth tokens, marking a significant…
-
GachiLoader Deploys Payloads Using Obfuscated Node.js Malware
Check Point Research has uncovered a sophisticated malware distribution campaign leveraging the YouTube Ghost Network to deploy GachiLoader, a novel, heavily obfuscated Node.js-based loader designed to deliver the Rhadamanthys infostealer to unsuspecting victims. The campaign, which commenced in December 2024, represents a significant evolution in malware delivery tactics and demonstrates how threat actors continue to…
-
NuGet Malware Mimic: .NET Integration Library Steals Crypto Wallets and OAuth Tokens
ReversingLabs (RL) researchers have uncovered a sophisticated malware campaign targeting the .NET developer ecosystem via the NuGet package manager. The campaign, which began in July 2025, involves 14 malicious packages designed to mimic legitimate cryptocurrency libraries. These packages are engineered to steal crypto wallets, redirect funds, and exfiltrate Google Ads OAuth tokens, marking a significant…
-
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan.The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since at…
-
Iranian APT ‘Prince of Persia’ Resurfaces With New Tools and Targets
SafeBreach reports the resurgence of the Iranian APT group Prince of Persia (Infy). Discover how these state-sponsored hackers are now using Telegram bots and Thunder and Lightning malware to target victims globally across Europe, India, and Canada. First seen on hackread.com Jump to article: hackread.com/iran-apt-prince-of-persia-resurfaces/
-
Iranian APT ‘Prince of Persia’ Resurfaces With New Tools and Targets
SafeBreach reports the resurgence of the Iranian APT group Prince of Persia (Infy). Discover how these state-sponsored hackers are now using Telegram bots and Thunder and Lightning malware to target victims globally across Europe, India, and Canada. First seen on hackread.com Jump to article: hackread.com/iran-apt-prince-of-persia-resurfaces/
-
Raspberry Pi used in attempt to take over ferry
Tags: ceo, control, dns, Hardware, infrastructure, intelligence, malware, monitoring, network, phoneProceed with caution: Villanustre encouraged anyone discovering such a device to proceed cautiously. “Disconnecting the device could result in losing important forensic information if not careful. It’s not too hard to equip the device with a tiny battery or supercapacitor that would give it enough time to wipe itself out if disconnected from the network or…
-
France arrests Latvian for installing malware on Italian ferry
French authorities arrested two crew members of an Italian passenger ferry suspected of infecting the ship with malware that could have enabled them to remotely control the vessel. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/france-arrests-latvian-for-installing-malware-on-italian-ferry/
-
New BeaverTail Malware Variant Linked to Lazarus Group
A new variant of the BeaverTail malware linked to North Korean hackers has been identified targeting cryptocurrency traders and developers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/beavertail-variant-linked-lazarus/
-
Backdoors eingeschleust: Chinesische Hacker kapern seit Wochen Cisco-Systeme
Angreifer aus China schleusen über eine Zero-Day-Lücke in Cisco AsyncOS Malware auf anfällige Appliances. Ein Patch ist noch nicht in Sicht. First seen on golem.de Jump to article: www.golem.de/news/ungepatchte-sicherheitsluecke-cisco-systeme-werden-seit-wochen-attackiert-2512-203379.html
-
Group Policy abuse reveals China-aligned espionage group targeting governments
ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
-
Group Policy abuse reveals China-aligned espionage group targeting governments
ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/