Latest Malware news

Cracked macOS apps drain wallets using scripts fetched from DNS records

Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts.
- Bill Toulas
- January 22, 2024
- 05:27 PM
- 0
Google: Russian FSB hackers deploy new Spica backdoor malware

Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool.
- Sergiu Gatlan
- January 18, 2024
- 09:00 AM
- 0
Microsoft: Iranian hackers target researchers with new MediaPl malware

Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware.
- Sergiu Gatlan
- January 17, 2024
- 03:39 PM
- 0
Bigpanzi botnet infects 170,000 Android TV boxes with malware

A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015.
- Bill Toulas
- January 17, 2024
- 01:54 PM
- 0
iShutdown scripts can help detect iOS spyware on your iPhone

Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events.
- Bill Toulas
- January 17, 2024
- 01:03 PM
- 1
MacOS info-stealers quickly evolve to evade XProtect detection

Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently.
- Bill Toulas
- January 16, 2024
- 04:29 PM
- 1
FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials

CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads.
- Sergiu Gatlan
- January 16, 2024
- 12:34 PM
- 0
Windows SmartScreen flaw exploited to drop Phemedrone malware

A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files.
- Bill Toulas
- January 15, 2024
- 01:32 PM
- 0
Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts

Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
- Bill Toulas
- December 29, 2023
- 11:13 AM
- 5
Steam game mod breached to push password-stealing malware

Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system.
- Sergiu Gatlan
- December 28, 2023
- 04:19 PM
- 0
Microsoft disables MSIX protocol handler abused in malware attacks

Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware.
- Sergiu Gatlan
- December 28, 2023
- 02:04 PM
- 2
New Xamalicious Android malware installed 330k times on Google Play

A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store.
- Bill Toulas
- December 27, 2023
- 10:54 AM
- 0
Fake VPN Chrome extensions force-installed 1.5 million times

Three malicious Chrome extensions posing as VPN (Virtual Private Networks) infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers.
- Bill Toulas
- December 22, 2023
- 08:30 AM
- 0
Microsoft: Hackers target defense firms with new FalseFont malware

Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide.
- Sergiu Gatlan
- December 21, 2023
- 03:28 PM
- 0
New Web injections campaign steals banking data from 50,000 people

A new malware campaign that emerged in March 2023 used JavaScript web injections to try to steal the banking data of over 50,000 users of 40 banks in North America, South America, Europe, and Japan.
- Bill Toulas
- December 19, 2023
- 03:36 PM
- 0
Rhadamanthys Stealer malware evolves with more powerful features

The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion.
- Bill Toulas
- December 17, 2023
- 12:12 PM
- 0
Qbot malware returns in campaign targeting hospitality industry

The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer.
- Lawrence Abrams
- December 17, 2023
- 10:09 AM
- 0
QNAP VioStor NVR vulnerability actively exploited by malware botnet

A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution (RCE) vulnerability in QNAP VioStor NVR (Network Video Recorder) devices to hijack and make them part of its DDoS (distributed denial of service) swarm.
- Bill Toulas
- December 16, 2023
- 11:17 AM
- 0
New NKAbuse malware abuses NKN blockchain for stealthy comms

A new Go-based multi-platform malware identified as 'NKAbuse' is the first malware abusing NKN (New Kind of Network) technology for data exchange, making it a stealthy threat.
- Bill Toulas
- December 14, 2023
- 05:15 PM
- 0
Ten new Android banking trojans targeted 985 bank apps in 2023

This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries.
- Bill Toulas
- December 14, 2023
- 02:40 PM
- 0