Tag: malware

Fighting Fire with Fire: AI-Assisted Microsegmentation to Combat AI-Enabled Hackers

Mar 10, 2026 3:48 PM

Tags: ai, cyberattack, deep-fake, hacker, malware, phishing, service, social-engineering

Thanks to GenAI, cyberattacks are coming faster and harder than ever before. The IC3 consortium at MIT Sloan warns that: “AI is being used regularly in cyberattacks to create malware, phishing campaigns, and deepfake-driven social engineering, such as fake customer service calls. Large language models are being employed to generate code and phishing content. There……
Depot-Empfehlungen von Herbert Grönemeyer und Hasso Plattners Krypto-Tipps sind Teil globalen Malvertisings

Mar 10, 2026 2:47 PM

Tags: crypto, malware

Malvertising erreicht immer größere Dimensionen. Das zeigt eine aktuelle Analyse von 310 koordinierten Malvertisement-Kampagnen der Bitdefender Labs. In 25 Ländern auf sechs Kontinenten und in mehr als fünfzehn Sprachen spielen mindestens zwei bis drei cyberkriminelle Gruppen ihr Betrugsschema über mehr als 26.000 bezahlte Facebook-Anzeigen aus. Russischsprachige Metadaten in den Infrastrukturparametern belegen einen russischen Ursprung. Hinweise…
Devs looking for OpenClaw get served a GhostClaw RAT

Mar 10, 2026 1:47 PM

Tags: access, apple, credentials, crypto, data, detection, email, malware, password, rat, service, theft, tool

From password theft to persistence: The second stage malware, internally referred to as “GhostLoader,” is a large JavaScript bundle implementing both an infostealer and a remote access framework. Once launched, GhostLoader installs itself into a hidden directory disguised as an npm telemetry service and sets up persistence mechanisms which include shell configuration hooks that automatically…
Russian military hackers revive advanced malware to spy on Ukraine, researchers say

Mar 10, 2026 1:47 PM

Tags: cyber, cybersecurity, espionage, group, hacker, malware, military, russia, spy, ukraine

Russian state hacker group APT28 has revived a sophisticated cyber-espionage toolkit to spy on Ukrainian targets, including military personnel, according to a report published Tuesday by cybersecurity firm ESET. First seen on therecord.media Jump to article: therecord.media/russia-apt-28-revives-malware-to-spy-on-ukraine
APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

Mar 10, 2026 1:47 PM

Tags: group, hacker, hacking, malware, military, russia, spy, ukraine

The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long”‘term surveillance of Ukrainian military personnel.The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News.APT28, also tracked as Blue Athena,…
SurxRAT Android Malware Uses LLMs for Phishing and Data Theft

Mar 10, 2026 9:48 AM

Tags: access, android, control, credentials, cyber, cybercrime, data, LLM, malware, phishing, ransomware, theft

A new Android Remote Access Trojan (RAT) named SurxRAT, which is being sold as a commercial malware platform through a Telegram-based malware”‘as”‘a”‘service (MaaS) ecosystem. The malware, marketed under the SURXRAT V5 branding, enables cybercriminals to create customized Android malware builds capable of surveillance, credential theft, remote device control, and ransomware-style device locking. The malware appears…
When AI safety constrains defenders more than attackers

Mar 10, 2026 8:47 AM

Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerability

The attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
When AI safety constrains defenders more than attackers

Mar 10, 2026 8:47 AM

Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerability

The attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
Signed malware posing as Teams and Zoom apps drops RMM backdoors

Mar 10, 2026 8:47 AM

Tags: access, adobe, backdoor, cyber, malware, microsoft, monitoring, phishing, threat

A wave of phishing campaigns that used signed malware posing as popular workplace apps like Microsoft Teams, Zoom, and Adobe Reader to deploy remote monitoring and management (RMM) backdoors. The activity, attributed to an as-yet unidentified threat actor, highlights how trusted branding and valid-looking digital signatures can be abused to gain stealthy, long-term access in…
Neue Malware-as-a-Service tarnt sich als RMM-Tool – Malware für 300 Dollar im Monat mieten

Mar 10, 2026 8:47 AM

Tags: malware, service, tool

First seen on security-insider.de Jump to article: www.security-insider.de/trustconnect-malware-as-a-service-300-dollar-a-7f2c6fa4d2d3ec946877c63c5a5bf01a/
Hackers Use Microsoft Teams to Manipulate Employees Into Allowing Remote Access

Mar 10, 2026 6:47 AM

Tags: access, cyber, cybersecurity, email, finance, group, hacker, healthcare, malware, microsoft, threat, tool

A newly discovered malware operation is targeting employees at finance and healthcare organizations by posing as internal IT support. Once inside, the attackers deploy a stealthy new tool called the A0Backdoor. Cybersecurity researchers at BlueVoyant have identified a threat group, known as Blitz Brigantine or Storm-1811, using email bombing and Microsoft Teams messages to trick…
My Really Fun RSA 2026 Presentations!

Mar 10, 2026 5:47 AM

Tags: ai, apt, automation, cyber, cybersecurity, data, detection, google, governance, guide, lessons-learned, malware, soc, strategy, threat

This blog is perhaps a little bit more like an ad, so if you don’t want to check the ads, consider not reading it. a very cyber image (Gemini) But this year at RSA 2026, I’m speaking on three topics: securing AI, using AI for SOC, and sharing lessons about how Google applies AI and other technologies…
Ambivalenz: Malware-Erkennungen gesunken blockierte schädliche URLs zugenommen

Mar 10, 2026 1:48 AM

Tags: malware

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/ambivalenz-malware-erkennung-abnahme-blockierung-schad-urls-zunahme
Microsoft Teams phishing targets employees with A0Backdoor malware

Mar 10, 2026 1:48 AM

Tags: access, hacker, healthcare, malware, microsoft, phishing

Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-teams-phishing-targets-employees-with-backdoors/
Microsoft Teams phishing targets employees with A0Backdoor malware

Mar 10, 2026 1:48 AM

Tags: access, hacker, healthcare, malware, microsoft, phishing

Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-teams-phishing-targets-employees-with-backdoors/
Microsoft Teams phishing targets employees with backdoors

Mar 10, 2026 12:47 AM

Tags: access, backdoor, hacker, healthcare, malware, microsoft, phishing

Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-teams-phishing-targets-employees-with-backdoors/
‘InstallFix’ Attacks Spread Fake Claude Code Sites

Mar 9, 2026 10:47 PM

Tags: ai, attack, cyberattack, malware

A fresh cyberattack campaign blends malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/installfix-attacks-fake-claude-code
CleanMyMac Imposter Site Installs SHub Stealer on Macs

Mar 9, 2026 8:48 PM

Tags: credentials, crypto, macOS, malware

A fake CleanMyMac site tricks macOS users into installing SHub Stealer malware that steals credentials and crypto wallets. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cleanmymac-imposter-site-installs-shub-stealer-on-macs/
Chinese Cyber Threat Lurks In Critical Asian Sectors for Years

Mar 9, 2026 4:46 PM

Tags: china, cyber, linux, malware, open-source, threat, tool, windows

An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows and Linux, likely for spying. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-cyber-threat-critical-asian-sectors
âš¡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Mar 9, 2026 4:46 PM

Tags: attack, exploit, malware, zero-day

Another week in cybersecurity. Another week of “you’ve got to be kidding me.”Attackers were busy. Defenders were busy. And somewhere in the middle, a whole lot of people had a very bad Monday morning. That’s kind of just how it goes now.The good news? There were some actual wins this week. Real ones. The kind…
Iran’s MuddyWater Hackers Target US Firms with New Dindoor Backdoor

Mar 9, 2026 3:48 PM

Tags: backdoor, cyber, hacker, iran, malware, software

Researchers say Iran’s MuddyWater hackers targeted US companies and an Israeli software firm’s department in a cyber campaign using the Dindoor malware – All this amid the ongoing conflict. First seen on hackread.com Jump to article: hackread.com/iran-muddywater-hackers-us-dindoor-backdoor/
BoryptGrab Malware Abuses GitHub to Steal Browser and Crypto Wallet Data

Mar 9, 2026 2:46 PM

Tags: crypto, cyber, data, github, malware, tool, windows

A new Windows stealer dubbed BoryptGrab is being distributed through a large, ongoing campaign abusing fake GitHub repositories that pose as free tools, game cheats, and popular utilities. The malware focuses on stealing browser data, cryptocurrency wallet information, and system details, while also grabbing screenshots, common files, Telegram data, Discord tokens, and stored passwords. Attackers created more…
Cyber Espionage Group CL-UNK-1068 Linked to China Targets Asian Infrastructure

Mar 9, 2026 1:47 PM

Tags: china, cyber, espionage, government, group, infrastructure, law, malware, open-source, technology, threat

A highly sophisticated cyber espionage group, designated as CL-UNK-1068, has been actively targeting critical infrastructure across South, Southeast, and East Asia since at least 2020. Originating from China, the threat actors focus on high-value sectors, including aviation, energy, government, law enforcement, technology, and telecommunications. The attackers use a versatile mix of custom malware, open-source utilities,…
Fake Claude Code install pages highlight rise of >>InstallFix<< attacks

Mar 9, 2026 12:47 PM

Tags: ai, attack, malware, tool

Users looking for Anthropic’s Claude Code agentic AI coding tool are being tricked via fake Claude Code install pages into running malware, Push Security researchers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/09/fake-claude-code-install-pages-installfix-attacks/
Fake Claude Code install pages highlight rise of >>InstallFix<< attacks

Mar 9, 2026 12:47 PM

Tags: ai, attack, malware, tool

Users looking for Anthropic’s Claude Code agentic AI coding tool are being tricked via fake Claude Code install pages into running malware, Push Security researchers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/09/fake-claude-code-install-pages-installfix-attacks/
MaaS VIP Keylogger Campaign Uses Steganography to Steal Credentials at Scale

Mar 9, 2026 12:47 PM

Tags: credentials, cyber, defense, email, malware, phishing, service, spear-phishing

A large-scale spear-phishing campaign distributing aVIP Keyloggervariant sold as Malware-as-a-Service (MaaS). The campaign employs steganography, in-memory execution, and modular payload design to evade defenses while harvesting credentials across browsers, email clients, and collaboration tools. Researchers observed fraudulent purchase-order emails that encouraged victims to open an attached RAR file. The compressed archive contained an executable disguised…
ClipXDaemon Malware Targets Crypto Users in Linux X11 Sessions

Mar 9, 2026 12:47 PM

Tags: crypto, cyber, data, finance, framework, linux, malware

ClipXDaemon is a new Linux malware family that hijacks cryptocurrency clipboard data in X11 sessions, operating fully offline without any command”‘and”‘control (C2) infrastructure. It reuses a ShadowHS-style loader built with the public bincrypter framework but delivers a completely different, autonomous financial payload. ShadowHS used an obfuscated shell loader to deploy an in”‘memory hackshell for long”‘term…
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Mar 9, 2026 12:47 PM

Tags: browser, chrome, data, google, injection, malicious, malware, theft

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data.The extensions in question, both originally associated with a developer named “akshayanuonline@gmail.com” (BuildMelon), are listed below -QuickLens – Search Screen with First…
Rogues gallery: 15 worst ransomware groups active today

Mar 9, 2026 10:47 AM

Tags: access, ai, alphv, apt, attack, backup, breach, cloud, cyber, cybercrime, dark-web, data, data-breach, defense, detection, email, encryption, endpoint, exploit, extortion, finance, government, group, healthcare, infrastructure, insurance, intelligence, korea, law, leak, linux, lockbit, malicious, malware, moveIT, network, north-korea, organized, phishing, ransom, ransomware, russia, service, social-engineering, software, strategy, threat, tool, usa, vmware, vpn, vulnerability, windows, zero-day

Black Basta: History: Black Basta appeared on the ransomware scene in early 2022 and is believed to be a spin-off from Conti, a group notorious for attacking major organizations.How it works: Black Basta usually deploys malware through exploitation of known vulnerabilities and social engineering campaigns. “Employees in the target environment are email bombed and then…
ClipXDaemon Malware, a Stealthy Cryptocurrency Clipboard Hijacker on Linux

Mar 9, 2026 9:47 AM

Tags: crypto, linux, malware, threat

Security researchers have identified a new Linux malware strain called ClipXDaemon, a stealthy threat designed to target cryptocurrency users by manipulating copied wallet addresses. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/clipxdaemon-linux-malware/