Tag: malware
-
Banking-Trojaner: Neue Android-Malware liest verschlüsselte Chats mit
Egal ob Signal, Telegram oder Whatsapp – kein Chat kann sich vor dem Sturnus-Trojaner verstecken. Opfer bemerken den Datenklau nicht. First seen on golem.de Jump to article: www.golem.de/news/banking-trojaner-neue-android-malware-liest-verschluesselte-chats-mit-2511-202408.html
-
MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices
A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/20/macos-digitstealer-malware-poses-as-dynamiclake-targets-apple-silicon-m2-m3-devices/
-
Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices
SquareX warns Perplexity’s Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control. First seen on hackread.com Jump to article: hackread.com/comet-browser-flaw-hidden-api-commands-devices/
-
Fake-Softwareupdates: Cyberspione verteilen Malware über manipulierten DNS-Traffic
Eine APT-Gruppe leitet gezielt DNS-Traffic kompromittierter Router um, um Anwendern falsche Softwareupdates mit einer Backdoor unterzuschieben. First seen on golem.de Jump to article: www.golem.de/news/dns-traffic-umgeleitet-cyberspione-verbreiten-malware-ueber-manipulierte-updates-2511-202397.html
-
Multi-threat Android malware Sturnus steals Signal, WhatsApp messages
A new Android banking trojan named Sturnus can capture communication from end-to-end encrypted messaging platforms like Signal, WhatsApp, and Telegram, as well as take complete control of the device. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/multi-threat-android-malware-sturnus-steals-signal-whatsapp-messages/
-
Researchers Detail Rhadamanthys Loader’s Advanced Anti-Sandboxing and Anti-AV Emulation Techniques
Rhadamanthys, a sophisticated information-stealing malware active since 2022, has drawn renewed attention from security researchers who recently published an in-depth analysis of its native loader component. The loader’s significance lies not in its capabilities but in the advanced obfuscation and evasion techniques it employs to evade detection by security tools and analysis environments. The Rhadamanthys…
-
TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign
Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef.The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote access and control, per a new report from Acronis Threat Research Unit (TRU). The…
-
Cybersecurity Report zeigt: Malware-Angriffe sind 2025 um 131 % gestiegen
Malware-Angriffe per E-Mail nahmen im Vergleich zum Vorjahr um 131 % zu, begleitet von einem Anstieg von Betrugsversuchen (+ 35 %) und Phishing (+ 21 %). 77 % der CISOs identifizieren KI-generiertes Phishing als ernsthafte und zunehmende Bedrohung. 68 % der Unternehmen investierten 2025 in KI-gestützte Schutzmaßnahmen. Der jährliche Cybersecurity Report von Hornetsecurity zeigt:… First…
-
PlushDaemon Hackers Unleash New Malware in China-Aligned Spy Campaigns
The cyber espionage group uses a previously undocumented network implant to drop two downloaders, LittleDaemon and DaemonLogistics, which deliver a backdoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/plushdaemon-new-malware-china-spy/
-
EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates
The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks.EdgeStepper “redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used for software updates to attacker-controlled infrastructure First seen on thehackernews.com Jump to article: thehackernews.com/2025/11/edgestepper-implant-reroutes-dns.html
-
New .NET Malware Conceals Lokibot Inside PNG/BMP Files to Bypass Detection
Remote Access Trojans (RATs) and Trojan Stealers continue to dominate the threat landscape as some of the most prevalent malware families. To evade detection on compromised systems, these threats increasingly employ sophisticated crypters, loaders, and steganographic techniques that disguise malicious code within seemingly benign file formats such as images. Building on their August 2025 analysis…
-
New npm Malware Campaign Checks If Visitor Is a Victim or Researcher Before Initiating Infection
The Socket Threat Research Team has uncovered a sophisticated npm malware campaign orchestrated by the threat actor dino_reborn, who deployed 7 malicious packages designed to distinguish genuine targets from security researchers before executing their payloads. This nuanced approach represents a significant evolution in supply chain attacks, blending traffic cloaking, anti-analysis techniques, and deceptive UI elements…
-
Google Finds New Malware Backdoors Linked to Iran
Hacking Group Deploys Raft of Custom Malware Variants. An Iranian state hacking group with a history of targeting aerospace, aviation and defense industries across the Middle East has improved its tooling with multiple custom malware variants, warned Google. The group, tracked as UNC1549, is suspected of ties to the Iranian Revolutionary Guard Corps. First seen…
-
WhatsApp Screen-Sharing Scam Drains $700K in Minutes
WhatsApp scammers are using screen sharing and malware to rapidly steal accounts and money worldwide. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/whatsapp-screen-sharing-scam-drains-700k-in-minutes/
-
Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar
The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale.Push Security, in a report shared with The Hacker News, said it observed the…
-
Malicious Npm Packages Abuse Adspect Cloaking in Crypto Scam
A malware campaign presents fake websites that can check if a visitor is a potential victim or a security researcher, and then proceed accordingly to defraud or evade. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/malicious-npm-packages-adspect-cloaking-crypto-scam
-
New npm Malware Campaign Redirects Victims to Crypto Sites
A new malware campaign has been observed built on seven npm packages and using cloaking techniques and fake CAPTCHAs, operated by threat actor dino_reborn First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/npm-malware-campaign-redirects/
-
Contagious Interview campaign exploits JSON storage for malware deployment
First seen on scworld.com Jump to article: www.scworld.com/brief/contagious-interview-campaign-exploits-json-storage-for-malware-deployment
-
Contagious Interview campaign exploits JSON storage for malware deployment
First seen on scworld.com Jump to article: www.scworld.com/brief/contagious-interview-campaign-exploits-json-storage-for-malware-deployment
-
Contagious Interview campaign exploits JSON storage for malware deployment
First seen on scworld.com Jump to article: www.scworld.com/brief/contagious-interview-campaign-exploits-json-storage-for-malware-deployment
-
Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks
Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East.The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore or Subtle Snail), which was first documented…
-
Lazarus APT Group’s New ScoringMathTea RAT Enhances Remote Command Execution and More
The Lazarus APT Group, an advanced persistent threat (APT) attributed to North Korea, has deployed a sophisticated new Remote Access Trojan (RAT) called ScoringMathTea as part of its ongoing Operation DreamJob cyberespionage campaign. ScoringMathTea represents a significant evolution in Lazarus’s malware toolkit, implementing a modular architecture designed specifically to evade detection across both network and…
-
Lazarus APT Group’s New ScoringMathTea RAT Enhances Remote Command Execution and More
The Lazarus APT Group, an advanced persistent threat (APT) attributed to North Korea, has deployed a sophisticated new Remote Access Trojan (RAT) called ScoringMathTea as part of its ongoing Operation DreamJob cyberespionage campaign. ScoringMathTea represents a significant evolution in Lazarus’s malware toolkit, implementing a modular architecture designed specifically to evade detection across both network and…
-
RondoDox botnet malware now hacks servers using XWiki flaw
The RondoDox botnet malware is now exploiting a critical remote code execution (RCE) flaw in XWiki Platform tracked as CVE-2025-24893. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/rondodox-botnet-malware-now-hacks-servers-using-xwiki-flaw/
-
Hackers Weaponize XWiki Flaw to Build and Rent Out Botnet Networks
Tags: attack, botnet, crypto, cve, cyber, cybersecurity, exploit, flaw, hacker, intelligence, malware, network, threat, vulnerabilityCybersecurity researchers have observed a dramatic escalation in attacks exploiting a critical XWiki vulnerability, with multiple threat actors now leveraging CVE-2025-24893 to deploy botnets, cryptocurrency miners, and custom malware toolkits.”‹ The vulnerability, initially detected by VulnCheck’s Canary Intelligence system on October 28, 2025, has rapidly evolved from a single attacker’s exploit into a widespread multi-actor…
-
âš¡ Weekly Recap: Fortinet Exploited, China’s AI Hacks, PhaaS Empire Falls & More
This week showed just how fast things can go wrong when no one’s watching. Some attacks were silent and sneaky. Others used tools we trust every day, like AI, VPNs, or app stores, to cause damage without setting off alarms.It’s not just about hacking anymore. Criminals are building systems to make money, spy, or spread…

