Tag: malware
-
New Detection Methods Uncovered for Outlook NotDoor Backdoor Malware
Cybersecurity researchers have unveiled comprehensive detection methodologies for NotDoor, a sophisticated backdoor malware that leverages Microsoft Outlook macros for covert command and control operations. The malware, attributed to the Russian state-sponsored threat group APT28 (Fancy Bear), represents an evolution in email-based persistence techniques that can evade traditional security controls. NotDoor was first identified by Lab52,…
-
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes
Developers remain a high-value target: Researchers highlighted that the campaign specifically targets developers involved in crypto and Web3 projects, using realistic-sounding personas and demo applications (real estate, DeFi, game forks) to lower suspicion. The state-linked actors’ shift from direct payload hosting to abusing legitimate JSON storage services suggests that even benign developer-centric platforms are now…
-
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes
Developers remain a high-value target: Researchers highlighted that the campaign specifically targets developers involved in crypto and Web3 projects, using realistic-sounding personas and demo applications (real estate, DeFi, game forks) to lower suspicion. The state-linked actors’ shift from direct payload hosting to abusing legitimate JSON storage services suggests that even benign developer-centric platforms are now…
-
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. >>NVISO…
-
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. >>NVISO…
-
Spam flooding npm registry with token stealers still isn’t under control
Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, spam, supply-chain, threat, tool, wormCSO that number has now grown to 153,000.And while this payload merely steals tokens, other threat actors are paying attention, said Sonatype CTO Brian Fox.When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person.With the swollen numbers reported this week,…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 71
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter 9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads GlassWorm Returns: New Wave Strikes as We Expose Attacker Infrastructure Gootloader Returns: What Goodies Did They Bring? Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector…
-
Decades-old ‘Finger’ protocol abused in ClickFix malware attacks
The decades-old “finger” command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/decades-old-finger-protocol-abused-in-clickfix-malware-attacks/
-
RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet
The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution.The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug that could allow any guest user to perform arbitrary remote code execution through a request to…
-
Malware, Betrug, Scams und Datendiebstahl: Massive Sicherheitslücken
Cybersicherheitsverhalten, KI-Bedenken und Risiken von Verbrauchern weltweit. 14 Prozent der Befragten fielen im letzten Jahr digitalem Betrug zum Opfer. Soziale Medien überholen E-Mail als bevorzugten Angriffsvektor von Cyberkriminellen. KI-Betrug wird zur wachsenden Sorge der Verbraucher. Die neue 2025 Consumer Cybersecurity Survey von Bitdefender gibt Einblicke in zentrale Verhaltensweisen, Praktiken und Bedenken im Bereich der… First…
-
Worm flooding npm registry with token stealers still isn’t under control
Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, supply-chain, threat, tool, wormCSO that number has now grown to 153,000.”It’s unfortunate that the worm isn’t under control yet,” said Sonatype CTO Brian Fox.And while this payload merely steals tokens, other threat actors are paying attention, he predicted.”I’m sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride…
-
New Security Tools Target Growing macOS Threats
A public dataset and platform-agnostic analysis tool aim to help organizations in the fight against Apple-targeted malware, which researchers say has lacked proper attention. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/new-security-tools-target-growing-macos-threats
-
Crims poison 150K+ npm packages with token-farming malware
Tags: malwareAmazon spilled the TEA First seen on theregister.com Jump to article: www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/
-
North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels
The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads.”The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo, and npoint.io to host and deliver malware from trojanized code projects, with the lure,” NVISO researchers…
-
Millions of sites at risk from Imunify360 critical flaw exploit
A vulnerability affecting Imunify360 lets attackers run code via malicious file uploads, risking millions of websites. A vulnerability in ImunifyAV/Imunify360 allows attackers to upload malicious files to shared servers and execute arbitrary code, potentially exposing millions of websites, cybersecurity firm Patchstack warns. The flaw in Imunify360 AV before v32.7.4.0 lets attacker”‘supplied malware trigger dangerous PHP…
-
Cybersecurity Snapshot: Refresh Your Akira Defenses Now, CISA Says, as OWASP Revamps Its App Sec Top 10 Risks
Tags: access, advisory, ai, antivirus, application-security, attack, authentication, backup, business, chatgpt, cisa, ciso, cloud, compliance, control, corporate, cve, cyber, cybersecurity, data, defense, detection, encryption, endpoint, exploit, finance, firewall, flaw, framework, germany, group, guide, healthcare, infrastructure, injection, Internet, iot, law, malware, mfa, mitigation, phishing, privacy, programming, ransomware, resilience, risk, service, soc, software, supply-chain, tactics, technology, threat, tool, update, vulnerabilityLearn why you should revise your Akira ransomware protection plans. Plus, find out what’s new in OWASP’s revamped Top 10 Web Application Risks list. Also, find out about agentic AI’s cognitive degradation risk. And get the latest on AI security trends and CISO compensation. Key takeaways CISA and other agencies are urging organizations, especially in…
-
Cybersecurity Snapshot: Refresh Your Akira Defenses Now, CISA Says, as OWASP Revamps Its App Sec Top 10 Risks
Tags: access, advisory, ai, antivirus, application-security, attack, authentication, backup, business, chatgpt, cisa, ciso, cloud, compliance, control, corporate, cve, cyber, cybersecurity, data, defense, detection, encryption, endpoint, exploit, finance, firewall, flaw, framework, germany, group, guide, healthcare, infrastructure, injection, Internet, iot, law, malware, mfa, mitigation, phishing, privacy, programming, ransomware, resilience, risk, service, soc, software, supply-chain, tactics, technology, threat, tool, update, vulnerabilityLearn why you should revise your Akira ransomware protection plans. Plus, find out what’s new in OWASP’s revamped Top 10 Web Application Risks list. Also, find out about agentic AI’s cognitive degradation risk. And get the latest on AI security trends and CISO compensation. Key takeaways CISA and other agencies are urging organizations, especially in…
-
Cybercriminals Use Fake Invoices to Deploy XWorm and Steal Login Credentials
Cybercriminals are deploying sophisticated phishing campaigns that weaponize seemingly legitimate invoice emails to distribute Backdoor.XWorm is a dangerous remote-access trojan (RAT) capable of stealing sensitive credentials, recording keystrokes, and installing ransomware. Security researchers have uncovered an active malware distribution operation using Visual Basic Script attachments disguised as routine business correspondence, representing a dangerous evolution of social…
-
Cybercriminals Use Fake Invoices to Deploy XWorm and Steal Login Credentials
Cybercriminals are deploying sophisticated phishing campaigns that weaponize seemingly legitimate invoice emails to distribute Backdoor.XWorm is a dangerous remote-access trojan (RAT) capable of stealing sensitive credentials, recording keystrokes, and installing ransomware. Security researchers have uncovered an active malware distribution operation using Visual Basic Script attachments disguised as routine business correspondence, representing a dangerous evolution of social…
-
Cybercriminals Use Fake Invoices to Deploy XWorm and Steal Login Credentials
Cybercriminals are deploying sophisticated phishing campaigns that weaponize seemingly legitimate invoice emails to distribute Backdoor.XWorm is a dangerous remote-access trojan (RAT) capable of stealing sensitive credentials, recording keystrokes, and installing ransomware. Security researchers have uncovered an active malware distribution operation using Visual Basic Script attachments disguised as routine business correspondence, representing a dangerous evolution of social…
-
Formbook Malware Campaign Uses Malicious ZIP Files and Layered Scripting Techniques
A new campaign leveraging Formbook malware has emerged, showcasing sophisticated multi-stage infection tactics that underscore the importance of analyzing more than just executable files during malware investigations. When teaching malware reverse-engineering in courses like SANS FOR610, it’s critical to addressed that reverse engineering applies to every component in the infection chain, not just PE or…
-
Check Point deckt Malvertising-Netzwerk ‘Payroll Pirates” auf
Check Point hat seine Lösung SmartPhish bereits aktualisiert, um Meta-bezogene Phishing-Angriffe dieser Art zuverlässig zu erkennen und zu stoppen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-deckt-malvertising-netzwerk-payroll-pirates-auf/a42825/
-
Android Photo Frame App Infects Devices With Malware, Allows Full Remote Takeover
A recent investigation has uncovered alarming security vulnerabilities in Android-powered digital photo frames, turning what should be a simple home or office gadget into a potent tool for cybercriminals. The findings reveal that apps preinstalled on these smart photo frames not only download and execute malware automatically but can also hand over complete device control…
-
Malvertising-Netzwerk namens Payroll Pirates entdeckt
Ein Forschungsteam von Check Point Software Technologies hat ein weit verzweigtes Cybercrime-Netzwerk aufgedeckt, das legitime Online-Werbeplattformen gezielt missbraucht. Die Gruppe, die unter dem Namen ‘Payroll Pirates” bekannt ist, hat sich seit Mitte 2023 darauf spezialisiert, Gehalts- und Finanzsysteme zu manipulieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/malvertising-netzwerk-payroll-pirates
-
Malvertising-Netzwerk namens Payroll Pirates entdeckt
Ein Forschungsteam von Check Point Software Technologies hat ein weit verzweigtes Cybercrime-Netzwerk aufgedeckt, das legitime Online-Werbeplattformen gezielt missbraucht. Die Gruppe, die unter dem Namen ‘Payroll Pirates” bekannt ist, hat sich seit Mitte 2023 darauf spezialisiert, Gehalts- und Finanzsysteme zu manipulieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/malvertising-netzwerk-payroll-pirates
-
Operation Endgame Disrupts More Malware
Rhadamanthys, VenomRAT and Elysium Targeted in Operation. A multinational law enforcement operation resulted in the arrest of a remote access Trojan operator and the seizure of over 1,000 info stealer and botnet servers. Authorities took down 1,025 servers associated with the Rhadamanthys infostealer, the Venom RAT and a botnet dubbed Elysium. First seen on govinfosecurity.com…
-
Operation Endgame Dismantles 1,025 Malware Servers
Europol and Eurojust dismantled major criminal infrastructure powering widespread infostealer, RAT, and botnet operations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/operation-endgame-dismantles-1025-malware-servers/
-
RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk
The ImunifyAV malware scanner for Linux server, used by tens of millions of websites, is vulnerable to a remote code execution vulnerability that could be exploited to compromise the hosting environment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk/
-
Operation Endgame Hits Rhadamanthys, VenomRAT, Elysium Malware, seize 1025 servers
Europol-led Operation Endgame seizes 1,025 servers and arrests a key suspect in Greece, disrupting three major global malware and hacking tools, including Rhadamanthys, VenomRAT and Elysium botnet. First seen on hackread.com Jump to article: hackread.com/operation-endgame-rhadamanthys-venomrat-elysium-malware/
-
Operation Endgame targets malware networks in global crackdown
Rhadamanthys, VenomRAT, and the Elysium botnet were targeted in the takedowns. First seen on cyberscoop.com Jump to article: cyberscoop.com/operation-endgame-disrupts-global-malware-networks-rhadamanthys-venomrat-elysium/

