Anti-Malware Research

Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows 2026-05-19 at 16:58 By Janos Gergo SZELES Bitdefender security researchers have discovered that attackers continue to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems that can execute VBScript and JavaScript from local or remote files. This article is […]

Windsurf IDE Extension Drops Malware via Solana Blockchain 2026-03-18 at 15:24 By Raul Vasile BUCUR Bitdefender researchers have discovered a malicious Windsurf IDE (integrated development environment) extension that deploys a multi-stage NodeJS stealer by using the Solana blockchain as the payload infrastructure. This article is an excerpt from Bitdefender Labs View Original Source

Windows and macOS Malware Spreads via Fake “Claude Code” Google Ads 2026-03-11 at 18:31 By Silviu STAHIE Bitdefender’s security researchers have discovered a malicious Google Ads campaign targeting anyone searching for downloads related to Claude, the large language model developed by Anthropic. This article is an excerpt from Bitdefender Labs View Original Source

LummaStealer Is Getting a Second Life Alongside CastleLoader 2026-02-11 at 16:00 By Bogdan Ionut Lazar Bitdefender researchers have discovered a surge in LummaStealer activity, showing how one of the world’s most prolific information-stealing malware operations managed to survive despite being almost brought down by law enforcement less than a year ago. LummaStealer is a highly

Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap 2026-02-05 at 19:43 By Andrei ANTON-AANEI With hundreds of malicious OpenClaw skills blending in among legitimate ones, manually reviewing every script or command isn’t realistic — especially when skills are designed to look helpful and familiar. That’s why Bitdefender offers

Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery 2026-01-29 at 17:29 By Alecsandru Cătălin DAJ Bitdefender researchers have discovered an Android RAT (remote access trojan) campaign that combines social engineering, the resources of the Hugging Face online platform as staging, and extensive use of Accessibility Services to compromise devices. This article is

Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain 2025-12-10 at 16:01 By Raul Vasile BUCUR After noticing a spike in detections involving what looked like a movie torrent for One Battle After Another, Bitdefender researchers started an investigation and discovered that it was a complex infection chain. The film, Leonardo DiCaprio’s

Fake Battlefield 6 Pirated Versions and Game Trainers Used to Deploy Stealers and C2 Agents 2025-11-25 at 17:04 By Silviu STAHIE Bitdefender Labs has identified malware campaigns exploiting the popularity of EA’s Battlefield 6 first-person shooter, distributed via supposedly pirated versions, game installers, and fake game trainers across torrent trackers and other easily found websites.

The Scam That Won’t Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube 2025-09-25 at 16:11 By Alin MOLOCE Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads, promising “free access” to TradingView Premium and other trading or financial platforms. According to

Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide 2025-08-28 at 16:35 By Ionut Alexandru BALTARIU Many people believe that smartphones are somehow less of a target for threat actors. They couldn’t be more wrong. Bitdefender Labs warns that cybercriminals are doubling down on spreading malware through Meta’s advertising system.

Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands 2025-05-08 at 16:11 By Ionut Alexandru BALTARIU A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying

Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease 2025-03-18 at 15:34 By Alecsandru Cătălin DAJ Bitdefender’s security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even

Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam 2025-02-05 at 16:03 By Ionut Alexandru BALTARIU Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers. LinkedIn may be a vital tool for job seekers and professionals, but it

Inside Bitdefender Labs’ Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users 2024-11-19 at 12:33 By Andrei ANTON-AANEI Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps

Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages 2024-10-30 at 15:33 By Ionut Alexandru BALTARIU In a digital world where advertising is king, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by

When Stealers Converge: New Variant of Atomic Stealer in the Wild 2024-02-27 at 16:03 By Andrei LAPUSNEANU Here at Bitdefender, we’re constantly working on improving detection capabilities for our macOS cyber-security products; part of this effort involves revisiting old (or digging up new) samples from our mawlware zoo. During routine verifications, we were able to