Malware

New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages

New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages 2025-11-20 at 17:56 By Eduard Kovacs The Android malware is in development and appears to be mainly aimed at users in Europe. The post New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original […]

New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages Read More »

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices 2025-11-20 at 15:03 By Zeljka Zorz A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. Multi-stage delivery Dubbed DigitStealer by Jamf researchers, this threat is unusually sophisticated. Before

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices Read More »

Rhadamanthys infostealer operation disrupted by law enforcement

Rhadamanthys infostealer operation disrupted by law enforcement 2025-11-13 at 14:05 By Zeljka Zorz The rumors were true: Operation Endgame, a joint effort between law enforcement and judicial authorities of several European countries, Australia, Canada, the UK and the US, has disrupted the infrastructure supporting the operation of the Rhadamanthys infostealer. “Between 10 and 14 November

Rhadamanthys infostealer operation disrupted by law enforcement Read More »

GlassWorm Malware Returns to Open VSX, Emerges on GitHub

GlassWorm Malware Returns to Open VSX, Emerges on GitHub 2025-11-10 at 14:46 By Ionut Arghire Three more VS Code extensions were infected last week and the malware has emerged in GitHub repositories as well. The post GlassWorm Malware Returns to Open VSX, Emerges on GitHub appeared first on SecurityWeek. This article is an excerpt from

GlassWorm Malware Returns to Open VSX, Emerges on GitHub Read More »

Attackers upgrade ClickFix with tricks used by online stores

Attackers upgrade ClickFix with tricks used by online stores 2025-11-07 at 15:42 By Zeljka Zorz Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware infection. Push Security has spotted one of these pages, showing an embedded tutorial

Attackers upgrade ClickFix with tricks used by online stores Read More »

Google uncovers malware using LLMs to operate and evade detection

Google uncovers malware using LLMs to operate and evade detection 2025-11-05 at 20:53 By Zeljka Zorz PromptLock, the AI-powered proof-of-concept ransomware developed by researchers at NYU Tandon and initially mistaken for an active threat by ESET, is no longer an isolated example: Google’s latest report shows attackers are now creating and deploying other malware that

Google uncovers malware using LLMs to operate and evade detection Read More »

Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns

Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns 2025-11-05 at 17:25 By Eduard Kovacs Google has released a report describing the novel ways in which malware has been using AI to adapt and evade detection. The post Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns

Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns Read More »

Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks

Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks 2025-11-03 at 12:28 By Ionut Arghire PowerShell and .NET variants of the malware abuse AirWatch’s MDM API to establish a C&C communication channel. The post Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks Read More »

Open VSX Downplays Impact From GlassWorm Campaign

Open VSX Downplays Impact From GlassWorm Campaign 2025-10-31 at 19:32 By Ionut Arghire Open VSX fully contained the GlassWorm attacks and says it was not a self-replicating worm in the traditional sense. The post Open VSX Downplays Impact From GlassWorm Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Open VSX Downplays Impact From GlassWorm Campaign Read More »

Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks

Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks 2025-10-31 at 12:37 By Ionut Arghire The Windows shortcut vulnerability has been seen in attacks conducted by Mustang Panda to drop the PlugX malware. The post Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks Read More »

Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287)

Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287) 2025-10-30 at 15:46 By Zeljka Zorz Attackers have been spotted exploiting the recently patched WSUS vulnerability (CVE-2025-59287) to deploy infostealer malware on unpatched Windows servers. An out-of-band update Last week’s release of an emergency fix for CVE-2025-59287, a Windows Server Update Services (WSUS) remote code execution vulnerability,

Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287) Read More »

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times 2025-10-30 at 12:59 By Ionut Arghire The packages deployed malicious code harvesting system information, credentials, tokens, API keys, and other sensitive information. The post 136 NPM Packages Delivering Infostealers Downloaded 100,000 Times appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times Read More »

Researchers expose large-scale YouTube malware distribution network

Researchers expose large-scale YouTube malware distribution network 2025-10-23 at 17:37 By Zeljka Zorz Check Point researchers have uncovered, mapped and helped set back a stealthy, large-scale malware distribution operation on YouTube they dubbed the “YouTube Ghost Network.” The network published more than 3,000 videos across compromised or fake channels, luring viewers with game cheats, cracked

Researchers expose large-scale YouTube malware distribution network Read More »

How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector

How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector 2025-10-23 at 09:23 By Sinisa Markovic ESET researchers have uncovered a fresh wave of Operation DreamJob, a long-running campaign linked to North Korea’s Lazarus Group. This latest activity targeted several European defense contractors, including firms deeply involved in drone and

How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector Read More »

Russian APT Switches to New Backdoor After Malware Exposed by Researchers

Russian APT Switches to New Backdoor After Malware Exposed by Researchers 2025-10-22 at 15:03 By Ionut Arghire Star Blizzard started using the NoRobot (BaitSwitch) and MaybeRobot (SimpleFix) malware after public reporting on the LostKeys malware. The post Russian APT Switches to New Backdoor After Malware Exposed by Researchers appeared first on SecurityWeek. This article is

Russian APT Switches to New Backdoor After Malware Exposed by Researchers Read More »

Attackers don’t linger, they strike and move on

Attackers don’t linger, they strike and move on 2025-10-13 at 07:26 By Anamarija Pogorelec Cyber attacks are happening faster than ever. Intrusions that once took weeks or months now unfold in minutes, leaving little time to react. Attackers move quickly once they gain access, aiming to run their payloads and get results before defenders can

Attackers don’t linger, they strike and move on Read More »

Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks

Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks 2025-10-10 at 10:46 By Eduard Kovacs Google researchers believe exploitation may have started as early as July 10 and the campaign hit dozens of organizations. The post Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks Read More »

ProSpy and ToSpy: New spyware families impersonating secure messaging apps

ProSpy and ToSpy: New spyware families impersonating secure messaging apps 2025-10-02 at 12:04 By Anamarija Pogorelec ESET researchers have found two Android spyware campaigns aimed at people looking for secure messaging apps such as Signal and ToTok. The attackers spread the spyware through fake websites and social engineering. Researchers identified two previously unknown spyware families.

ProSpy and ToSpy: New spyware families impersonating secure messaging apps Read More »

Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware

Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware 2025-10-01 at 16:33 By Ionut Arghire Focused on espionage, the threat actor shares infrastructure with Chinese APTs, but uses different TTPs in attacks. The post Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware Read More »

Scroll to Top