eSecurity Planet

MAY 11, 2025

Technical support consultant using programming to upgrade artificial intelligence simulation model As AI tools boom in popularity, cyberthieves are exploiting the excitement with fake AI video editing platforms that lure users into downloading malware. The Noodlophile Stealer is a new malware strain.

Malware 102

Malware Scams Media Artificial Intelligence 102

Schneier on Security

FEBRUARY 7, 2023

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader.

Malware 285

Malware Phishing Cybercrime 285

Security Affairs

APRIL 21, 2025

Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. The phishing emails either led to malware delivery via GRAPELOADER or redirected to the Ministry’s real website to appear legitimate. The emails contained links that downloaded a malicious file (wine.zip).

Malware 106

Malware Phishing Encryption Hacking 106

Security Affairs

FEBRUARY 13, 2025

Valve removed a game from Steam because it contained malware, the company also warned affected users to reformat their operating systems. PCMag cited the case of a gamer who downloaded the game and reported that his accounts were hijacked using stolen cookies. SteamDB estimates that over 800 users may have downloaded the game.

Malware 110

Malware Antivirus Accountability Software 110

Krebs on Security

SEPTEMBER 13, 2023

The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold. In a post on the English language cybercrime forum BreachForums , USDoD leaked information on roughly 3,200 Airbus vendors, including names, addresses, phone numbers, and email addresses. But on Sept. But on Sept.

Cybercrime 344

Cybercrime Passwords Authentication Malware 344

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. WHO IS MEGATRAFFER?

Malware 314

Malware Cybercrime Software Accountability 314

Security Affairs

OCTOBER 3, 2023

Cybersecurity researchers spotted a new malware-as-a-service (MaaS) called BunnyLoader that’s appeared in the threat landscape. Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023.

Advertising 139

Advertising Cybercrime Malware Cryptocurrency 139

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. We’ve archived the leak and made it available for download on GitHub.”

Malware 143

Malware Cryptocurrency Encryption Passwords 143

Security Affairs

MAY 12, 2025

Morphisec researchers observed attackers exploiting AI hype to spread malware via fake AI tools promoted in viral posts and Facebook groups. Users seeking free AI video tools unknowingly download Noodlophile Stealer, a new malware that steals browser credentials, crypto wallets, and may install remote access trojans like XWorm.

Malware 111

Malware Media Cybercrime Scams 111

The Hacker News

OCTOBER 1, 2023

Cybersecurity experts have discovered yet another malware-as-a-service (MaaS) threat called BunnyLoader that's being advertised for sale on the cybercrime underground.

Cybercrime 139

Cybercrime Malware Advertising Cybersecurity 139

Security Affairs

JUNE 19, 2025

Java-based malware targets Minecraft users via fake cheat tools, utilizing the Stargazers Ghost Network distribution-as-a-service (DaaS). Check Point researchers found a multi-stage malware on GitHub targeting Minecraft users via Stargazers DaaS , using Java/.NET NET stealers disguised as cheat tools.

Malware 89

Malware VPN Cyber threats Hacking 89

Security Affairs

JANUARY 5, 2025

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. sys driver.

Malware 130

Malware Encryption Phishing Hacking 130

Malwarebytes

SEPTEMBER 18, 2023

In a public announcement , Free Download Manager has acknowledged that a specific web page on its site was compromised by a Ukrainian cybercrime group, exploiting it to distribute malware. Visitors from these IP addresses were always given the correct download link. of our visitors might have encountered this issue.”

Malware 123

Malware Cryptocurrency Cybercrime Software 123

Malwarebytes

APRIL 24, 2025

Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. The malware, which cybersecurity company Cleafy calls SuperCard X, uses a feature now found in most Android phones: near-field communication (NFC).

Malware 91

Malware Banking Software Social Engineering 91

Security Affairs

MARCH 15, 2025

Pirated software seekers are targeted by the new MassJacker clipper malware, according to CyberArk researchers. A new malware campaign spreading a new clipper malware dubbed MassJacker targets users searching for pirated software, Cyberark users warn. com) distributing pirated software that also spreads malware.

Software 117

Software Cryptocurrency Malware Encryption 117

Malwarebytes

FEBRUARY 19, 2025

These findings come from the 2025 State of Malware report. The threat of info stealers Info stealers are a type of malware that do exactly as they saythey steal information from peoples devices. But the variety of information that these pieces of malware can steal makes them particularly dangerous.

Malware 127

Malware Software Passwords Cryptocurrency 127

SecureWorld News

MARCH 27, 2025

In today's digital world, cybercrime is a threat to our private data and security. And with Americans owning an average of 24 electronic items in their homes , neglecting to dispose of these items correctly is putting individuals at significant risk of cybercrime. What is cybercrime? This allows them to steal the data they want.

Cybercrime 71

Cybercrime Computers and Electronics Passwords Firewall 71

Security Affairs

JUNE 9, 2025

malware has infected millions of IoT devices globally, creating a botnet used for cyber criminal activities, the FBI warns. The FBI published a Public Service Announcement (PSA) to warn that cybercriminals are using the BADBOX 2.0 3 ” reads the alert published by the FBI. ” BADBOX 2.0 Indicators of BADBOX 2.0

IoT 145

IoT Internet Internet Advertising 145

Krebs on Security

FEBRUARY 17, 2021

The Justice Department says those indicted were members of a DPRK-sponsored cybercrime group variously identified by the security community as the Lazarus Group and Advanced Persistent Threat 38 (APT 38). In reality, prosecutors say, the programs were malware or downloaded malware after the applications were installed.

Cryptocurrency 344

Cryptocurrency Financial Services Banking Government 344

Security Affairs

SEPTEMBER 11, 2023

Zscaler ThreatLabz detailed a new malware loader, named HijackLoader, which has grown in popularity over the past few months HijackLoader is a loader that is gaining popularity among the cybercriminal community. The HijackLoader is being used to load different malware families such as Danabot , SystemBC and RedLine Stealer.

Cybercrime 141

Cybercrime Malware Hacking Information Security 141

Security Affairs

MARCH 26, 2025

New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. The malware maintains persistence via a.plist file.

Malware 71

Malware Adware Antivirus Marketing 71

Krebs on Security

JANUARY 27, 2021

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. The following advertisement (translated into English by cybersecurity firm Intel 471 ) was posted by the NetWalker affiliate program manager last year to a top cybercrime forum.

Ransomware 349

Ransomware Cybercrime Antivirus Encryption 349

SecureList

FEBRUARY 5, 2025

In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources.

Malware 142

Malware Encryption Mobile Cryptocurrency 142

Security Affairs

JUNE 9, 2025

“The request contains a malicious command that is a single-line shell script which downloads and executes an ARM32 binary on the compromised machine.” The malware also includes anti-VM and anti-emulation checks by scanning running processes for signs of VMware or QEMU. ” reads the analysis.

IoT 137

IoT Firmware Malware Architecture 137

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023. Source: Reliaquest.com.

Hacking 315

Hacking Malware Ransomware Government 315

Krebs on Security

OCTOBER 8, 2020

But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. THE DOCTOR IS IN. ” WHO IS DR. SAMUIL?

Cybercrime 353

Cybercrime Malware Ransomware VPN 353

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption 116

Encryption Password Management Cryptocurrency Social Engineering 116

Krebs on Security

JUNE 16, 2021

Terabytes of documents and files stolen from victim organizations that have not paid a data ransom are now available for download from CLOP’s deep web site, including Stanford, UCLA and the University of Maryland. CLOP’s victim shaming blog on the deep web.

Ransomware 361

Ransomware Cybercrime Malware Encryption 361

Security Affairs

DECEMBER 21, 2024

” Recently, The Federal Office for Information Security (BSI) announced it had blocked communication between the 30,000 devices infected with the BadBox malware and the C2. Sinkholing isolates the malware and prevents it from executing commands or stealing data. ” concludes the report.

Firmware 142

Firmware Malware Internet Internet 142

Security Affairs

OCTOBER 22, 2023

Researchers linked Vietnamese threat actors to the string of DarkGate malware attacks on entities in the U.K., WithSecure researchers linked the recent attacks using the DarkGate malware to a Vietnamese cybercrime group previously known for the usage of Ducktail stealer. ” reads the report published by WithSecure.

Malware 135

Malware Cybercrime Hacking Information Security 135

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. “web shells”) that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers.

Hacking 363

Hacking Cybercrime DNS Antivirus 363

Security Affairs

APRIL 17, 2025

to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. to deploy malware, shifting from traditional scripts like Python or PHP. .” components.

Social Engineering 115

Social Engineering Malware Cryptocurrency Engineering 115

Security Affairs

JULY 14, 2024

A Dark Gate malware campaign from March-April 2024 demonstrates how attackers exploit legitimate tools and services to distribute malware. Palo Alto Networks Unit 42 researchers shared details about a DarkGate malware campaign from March-April 2024. The malware is considered a sophisticated threat and is continuously improved.

Malware 133

Malware Cybercrime Software Phishing 133

SecureList

JUNE 28, 2023

Introduction Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. Their campaign introduced several new malware families, such as YamaBot and MagicRat, but also updated versions of NukeSped and, of course, DTrack.

Malware 145

Malware Cybercrime Ransomware Phishing 145

Security Affairs

APRIL 30, 2025

.” Nebulous Mantis imitates trusted services like OneDrive to trick victims into downloading infected files, often hosted on Mediafire. Their campaigns involve multi-phase intrusions, initial access, privilege escalation, and data exfiltration, using modular malware, LOTL techniques, and evasive C2 infrastructure.

Encryption 101

Encryption Ransomware Malware Phishing 101

SecureList

DECEMBER 16, 2024

Review of last year’s predictions The number of services providing AV evasion for malware (cryptors) will increase We continuously monitor underground markets for the emergence of new “cryptors,” which are tools specifically designed to obfuscate the code within malware samples.

Marketing 105

Marketing Data breaches Cryptocurrency Malware 105

Security Affairs

APRIL 23, 2025

is the recommended library for integrating a JavaScript/TypeScript app with the XRP, it has more than 140.000 weekly downloads. Hundreds of thousands of applications and websites use this package, the package has been downloaded over 2.9 It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads.”

Cryptocurrency 108

Cryptocurrency Malware Hacking Risk 108