Tag: malware
-
Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem
esearch by:Alexey Bukhteyev Key Takeaways Introduction When we search Google for a popular piece of software, we usually click the first result, sometimes without even looking at the rest, because official project sites tend to rank highest and appear near the top of the results. After landing on a site with a professional design and…
-
China-Linked TA4922 Hackers Target UK, Europe With New SilentRunLoader Malware
Proofpoint says TA4922, a suspected China aligned cybercrime group, is targeting UK and European organisations with tax, payroll and benefits themed malware campaigns. First seen on hackread.com Jump to article: hackread.com/china-ta4922-hackers-uk-europe-silentrunloader-malware/
-
Russia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware
Russia’s FSB claims foreign intelligence planted malware on senior officials’ phones to intercept calls and activate cameras. No technical evidence, no country named. On June 2, 2026, Russia’s Federal Security Service (FSB) published a statement claiming it had uncovered and documented a large-scale foreign intelligence operation targeting the mobile devices of senior Russian officials. The…
-
Malware campaign targeting Minecraft users infects over 116,000 systems
A Malware-as-a-Service (MaaS) operation named WeedHack is targeting Minecraft users and allows threat actors to gain remote access to victims’ screens, webcams, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/weedhack-minecraft-malware-campaign/
-
Fake Purchase Orders Spread JS.MonoGlyphRAT in U.S. Enterprise Attacks
Hackers are using highly convincing fake purchase orders and sales documents to sneak a new JavaScript backdoor, JS.MonoGlyphRAT, into US enterprises, where it quietly establishes persistence and enables full remote control of infected systems. The malware arrives as a .js attachment masquerading as a purchase order, quotation, or business proposal, and it encourages staff in…
-
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims’ systems.The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active since January 2026 and impersonates Minecraft clients and mods to infect users. In all, 3820 First…
-
Hackers Spread WeedHack Malware via YouTube and SEO Poisoning
Hackers are increasingly abusing trusted platforms like YouTube and search engines to distribute malware, and a newly uncovered campaign targeting Minecraft players highlights how effective this tactic has become. Minecraft, originally released in 2011 by Mojang Studios, remains the best-selling video game globally with more than 350 million copies sold. Its open ecosystem, which supports…
-
Over 116,000 Minecraft systems infected in WeedHack malware campaign
Tags: malwareA large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-116-000-minecraft-systems-infected-in-weedhack-malware-campaign/
-
DriveSurge actor uses ClickFix and FakeUpdates to distribute malware via compromised websites
Tags: malwareFirst seen on scworld.com Jump to article: www.scworld.com/brief/drivesurge-actor-uses-clickfix-and-fakeupdates-to-distribute-malware-via-compromised-websites
-
Malware hides in Steam comments to infect WordPress sites
First seen on scworld.com Jump to article: www.scworld.com/brief/malware-hides-in-steam-comments-to-infect-wordpress-sites
-
Attackers use ChatGPT feature to spread malware
First seen on scworld.com Jump to article: www.scworld.com/brief/attackers-use-chatgpt-feature-to-spread-malware
-
Over 116,000 Mincraft systems infected in WeedHack malware campaign
Tags: malwareA large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-116-000-mincraft-systems-infected-in-weedhack-malware-campaign/
-
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation.Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used…
-
Fake ChatGPT Desktop App Ads Used to Push Password-Stealing Malware
Fake ChatGPT desktop app ads pushed password-stealing malware by abusing trusted AI links, hiding from scanners, and tricking users into downloads. First seen on hackread.com Jump to article: hackread.com/fake-chatgpt-desktop-app-ads-password-stealer-malware/
-
Fake Claude Code Installers Deliver Credential-Stealing Malware
Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data. The post Fake Claude Code Installers Deliver Credential-Stealing Malware appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-claude-code-install-sites-malware/
-
New WordPress Malware Uses Steam Profile Comments to Hide C2 Instructions
GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected. First seen on hackread.com Jump to article: hackread.com/wordpress-malware-steam-profile-comments-instructions/
-
Red Hat betroffen: Wurm kapert NPM-Pakete und sammelt Zugangsdaten
Eine neue Variante der Mini-Shai-Hulud-Malware schleust sich selbst in NPM-Pakete ein. Auch den Linux-Entwickler Red Hat hat es jetzt erwischt. First seen on golem.de Jump to article: www.golem.de/news/wurm-im-npm-oekosystem-mehrere-softwarepakete-von-red-hat-kompromittiert-2606-209295.html
-
Sophos uncovers AI-powered malware lab built for EDR evasion
A threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/02/ai-agents-edr-evasion-techniques/
-
Red Hat npm packages compromised in new Mini Shai-Hulud malware wave
Unknown attackers have compromised 30+ Red Hat Cloud Services npm packages with malware that goes after credentials stored in developers’ build environment. What the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/02/red-hat-npm-packages-compromised-mini-shai-hulud/
-
Wurm im NPM-Ökosystem: Mehrere Softwarepakete von Red Hat kompromittiert
Eine neue Variante der Mini-Shai-Hulud-Malware schleust sich selbst in NPM-Pakete ein. Auch den Linux-Entwickler Red Hat hat es jetzt erwischt. First seen on golem.de Jump to article: www.golem.de/news/wurm-im-npm-oekosystem-mehrere-softwarepakete-von-red-hat-kompromittiert-2606-209295.html
-
Hackers Use Spearphishing to Deploy AZUREVEIL Adaptix C2 Agent
Hackers are actively deploying a sophisticated malware framework dubbed AZUREVEIL, an Adaptix-based command-and-control (C2) agent, through a targeted spearphishing campaign aimed at government and enterprise sectors in the Czech Republic and Taiwan. The attack begins with a malicious ZIP archive delivered via spearphishing emails. The archive contains files disguised as official documents, including a shortcut file…
-
GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure
Malware on approximately 2,000 WordPress sites hid C2 instructions in Steam profile comments using invisible Unicode. GoDaddy researchers spotted a command-and-control infrastructure for a malware campaign abusing Valve’s Steam gaming platform. The experts discovered malware on approximately 1,980 WordPress sites that fetches its instructions by reading Steam Community profile comments, where the actual payload is…
-
GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure
Malware on approximately 2,000 WordPress sites hid C2 instructions in Steam profile comments using invisible Unicode. GoDaddy researchers spotted a command-and-control infrastructure for a malware campaign abusing Valve’s Steam gaming platform. The experts discovered malware on approximately 1,980 WordPress sites that fetches its instructions by reading Steam Community profile comments, where the actual payload is…
-
SolyxImmortal Malware Steals Passwords, Cookies, Files, and Keystrokes
A newly analyzed Python-based information stealer named SolyxImmortal is actively targeting sensitive user data, including browser credentials, cookies, documents, screenshots, and keystrokes. The malware uses common Python libraries and multi-threading techniques to run multiple surveillance and data theft operations simultaneously, making it efficient and difficult to detect during execution. Security researchers, including Cyfirma, report that…
-
PHANTOMPULSE RAT Uses UAC Bypass to Hijack Windows Systems
New technical details about PHANTOMPULSE, a sophisticated remote access trojan (RAT) used in multi-stage intrusions targeting Windows environments. The malware represents the final payload in an attack chain previously linked to Obsidian plugin abuse and in-memory loaders, but this latest analysis focuses on its advanced post-exploitation capabilities. PHANTOMPULSE stands out for combining multiple stealth techniques,…
-
Red Hat Cloud Services npm Packages Hijacked in Credential-Theft Malware Campaign
A large-scale software supply chain attack has compromised multiple official npm packages under the @redhat-cloud-services scope, exposing thousands of developers and CI/CD environments to credential theft. Security researchers at Aikido confirmed that 96 malicious versions across 32 packages were published on June 1, 2026, with combined weekly downloads exceeding 116,000. Red Hat Cloud Services npm…