SecureList

MAY 28, 2025

Once these permissions are granted, the malware gains extensive capabilities that allow its operators to steal the user’s banking data and credentials, as well as perform remote actions and control the device without the user’s knowledge. Join us in this blogpost as we take a closer look at the malware’s evolution over time.

Banking 107

Banking Malware Energy and Utilities Encryption 107

SecureList

DECEMBER 19, 2024

After looking into the attack, we were able to uncover a complex infection chain that included multiple types of malware, such as a downloader, loader, and backdoor, demonstrating the group’s evolved delivery and improved persistence methods. CookieTime still in use Another piece of malware found on the infected hosts was CookieTime.

Malware 140

Malware Encryption Software Cryptocurrency 140

Security Affairs

NOVEMBER 17, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 116

Malware Antivirus Encryption Education 116

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. The code is now available on GitHub. concludes the report.

Malware 144

Malware Cryptocurrency Encryption Passwords 144

Security Affairs

MAY 29, 2025

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. Google warns that China-linked APT41 used TOUGHPROGRESS malware with Google Calendar as C2, targeting various government entities via a compromised website. ” reads the report published by Google.

Malware 118

Malware Government Encryption Hacking 118

Security Affairs

APRIL 21, 2025

Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. The phishing emails either led to malware delivery via GRAPELOADER or redirected to the Ministry’s real website to appear legitimate. The malware is highly targeted and leaves no traces of the next-stage payload.

Malware 107

Malware Phishing Encryption Hacking 107

SecureList

DECEMBER 6, 2024

Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. Total number of registered vulnerabilities and number of critical ones, Q3 2023 and Q3 2024 ( download ) Q3 2024 preserved the upward trend in the number of vulnerabilities detected and registered.

Authentication 109

Authentication Software Wireless Internet 109

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malware authors claimed it can steal a broad range of data from compromised systems, including browser data, cryptocurrency wallets, and around 100 browser extensions.

Malware 122

Malware Advertising Antivirus Cybercrime 122

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 18, 2024, the City of Columbus, Ohio, suffered a cyber attack that impacted the City’s services. The city added that the attack was successfully thwarted, and no systems were encrypted.

Ransomware 116

Ransomware Identity Theft Data breaches Cyber threats 116

Security Affairs

APRIL 13, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by Chinas APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack (..)

Malware 75

Malware Spyware Government Ransomware 75

Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. ShrinkLocker ransomware was first discovered in May 2024 by researchers from Kaspersky. Then, it re-encrypts the system using a randomly generated password.

Ransomware 124

Ransomware Encryption Passwords Backups 124

Security Affairs

FEBRUARY 9, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 73

Malware Scams Banking Ransomware 73

Security Affairs

JANUARY 12, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 60

Malware Scams Phishing Encryption 60

Security Affairs

APRIL 10, 2025

At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat , has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security. ” states the report.

Malware 80

Malware Software Encryption Hacking 80

Security Affairs

NOVEMBER 9, 2024

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 134

Backups Ransomware VPN Accountability 134

Security Affairs

NOVEMBER 18, 2024

On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024. The experts believe that the attackers also copied some of those files.

Ransomware 126

Ransomware Insurance Encryption Healthcare 126

SecureList

FEBRUARY 5, 2025

In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources.

Malware 142

Malware Encryption Mobile Cryptocurrency 142

Security Affairs

MARCH 23, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer PlaybookThen a Second Hacker Strikes ClearFakes (..)

Malware 66

Malware Threat Detection Cryptocurrency Ransomware 66

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. The researchers observed threat actors exploiting CVE-2024-36401 in attacks aimed at IT service providers in India, technology companies in the U.S., ” concludes the report.

Malware 136

Malware Telecommunications Encryption DDOS 136

Security Affairs

MARCH 10, 2025

In May 2024, Microsoft observed the North Korea-linked group “Moonstone Sleet” (Previously tracked as Storm-1789) using known and novel techniques like fake companies, trojanized tools, a malicious game, and custom ransomware for financial gain and espionage. ” Microsoft wrote on X.

Ransomware 120

Ransomware Healthcare VPN Malware 120

Security Affairs

OCTOBER 20, 2024

CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical infrastructure organizations macOS HM Surf flaw in TCC allows bypass Safari privacy settings Two Sudanese (..)

Data breaches 119

Data breaches Cybercrime Cyber Insurance Marketing 119

Security Affairs

MARCH 9, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 67

Malware DDOS Hacking Ransomware 67

Security Affairs

FEBRUARY 20, 2025

NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features. This launches the malware routine.”

Healthcare 87

Healthcare Ransomware VPN Malware 87

SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The introduction of LOSTKEYS signifies a strategic shift towards deploying malware for direct data exfiltration.

Malware 87

Malware Social Engineering Engineering Government 87

Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. During the attack in late 2024, the attacker deployed a distinct toolset that had previously been used by a China-linked actor in classic espionage attacks.” ” reads the report published by Broadcom. .

Ransomware 120

Ransomware Software Cybercrime Encryption 120

Security Affairs

NOVEMBER 17, 2024

CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices China-linked threat actors compromised multiple telecos and spied on a limited number of U.S.

Cryptocurrency 112

Cryptocurrency Malware Hacking Data breaches 112

Security Affairs

NOVEMBER 25, 2024

Russia-linked threat actors TAG-110 employed custom malware HATVIBE and CHERRYSPY to target organizations in Asia and Europe. Insikt Group researchers uncovered an ongoing cyber-espionage campaign by Russia-linked threat actor TAG-110 that employed custom malware tools HATVIBE and CHERRYSPY. HATVIBE uses obfuscation (e.g.,

Malware 121

Malware Encryption Phishing Government 121

Security Affairs

MAY 27, 2025

Sophos states that DragonForce ransomware operators chainedthe three vulnerabilities, tracked as CVE-2024-57727 , CVE-2024-57728 , and CVE-2024-57726 , for initial access. It enables technicians to remotely connect to and control computers for troubleshooting, maintenance, and support purposes.

Ransomware 106

Ransomware Software Retail Data breaches 106

SecureList

APRIL 23, 2025

We found that the malware was running in the memory of a legitimate SyncHost. Although the exact method by which Cross EX was exploited to deliver malware remains unclear, we believe that the attackers escalated their privileges during the exploitation process as we confirmed the process was executed with high integrity level in most cases.

Malware 143

Malware Software Encryption Internet 143

Security Affairs

JUNE 6, 2025

Recently, actors linked to Play have also exploited a new SimpleHelp vulnerability ( CVE-2024-57727 ) to remotely execute malicious code, expanding their attack methods and reach in 2025. By stealing credentials with Mimikatz and escalating privileges with WinPEAS, they spread malware via Group Policy Objects.

Ransomware 97

Ransomware Encryption Antivirus Malware 97

Security Affairs

APRIL 25, 2025

The campaign has been active since at least November 2024, Lazarus Group is targeting South Korean organizations using watering hole tactics and exploiting software vulnerabilities. The attackers used multiple hacking tools and malware, including ThreatNeedle , Agamemnon downloader, wAgent , SIGNBT, and COPPERHEDGE.

Malware 94

Malware Software Encryption Hacking 94

Security Affairs

MARCH 18, 2025

In November 2024, Microsoft researchers discovered StilachiRAT, a sophisticated remote access trojan (RAT) designed for stealth, persistence, and data theft. dll module revealed that the malware supports sophisticated functionalities to steal credentials from browsers, digital wallet data, clipboard content, and system information.

Malware 114

Malware Cryptocurrency Encryption Passwords 114

Security Affairs

MAY 5, 2025

MintsLoader is a malware loader delivering the GhostWeaver RAT via a multi-stage chain using obfuscated JavaScript and PowerShell. The malware supports sandbox and virtual machine evasion techniques, a domain generation algorithm (DGA), and HTTP-based command-and-control (C2) communications.

Malware 128

Malware Phishing Threat Reports Encryption 128

Security Affairs

DECEMBER 26, 2024

The experts pointed out that this Mirai variant has been modified to use improved encryption algorithms. “Further investigation into this campaign revealed a new botnet that calls itself the Hail C**k Botnet thats been active since at least September 2024.” ” reads the analysis published by Akamai. in newer ones.

Manufacturing 90

Manufacturing Malware Firmware IoT 90

SecureList

NOVEMBER 6, 2024

Introduction In August 2024, our team identified a new crimeware bundle, which we named “SteelFox” Delivered via sophisticated execution chains including shellcoding, this threat abuses Windows services and drivers. Its parameters are also encrypted — they are decrypted once dropped by the first stage. SteelFox.*.

Software 124

Software Cryptocurrency Malware DNS 124

SecureList

OCTOBER 21, 2024

This changed in February this year when we discovered a new Kral stealer, which we believe is part of the same malware family as the downloader due to certain code similarities. Also, they both use the same key for string encryption. In June 2024, we discovered a new domain delivering this malware.

Passwords 127

Passwords Malware Encryption Cryptocurrency 127

Security Affairs

NOVEMBER 19, 2024

Ptitsyn reportedly sold the ransomware on darknet forums under aliases like “derxan” and “zimmermanx,” enabling other criminals to encrypt data and demand ransom. Ptitsyn and his conspirators used a ransomware-as-a-service (RaaS) model to distribute their malware to a network of affiliates.

Cybercrime 117

Cybercrime Ransomware Healthcare Education 117