Document and Malware - Cyber Security Informer

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” reads the alert.

Malware

Malware Scams Identity Theft Antivirus

Oops: DanaBot Malware Devs Infected Their Own PCs

Krebs on Security

MAY 22, 2025

government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot , a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. DanaBot’s features, as promoted on its support site. DanaBot’s features, as promoted on its support site.

Malware

Malware Cybercrime Government Banking

ClickFix: How to Infect Your PC in Three Easy Steps

Krebs on Security

MARCH 14, 2025

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. This particular scam usually starts with a website popup that looks something like this: This malware attack pretends to be a CAPTCHA intended to separate humans from bots. HTML files containing ClickFix instructions.

Phishing

Phishing Malware Scams Passwords

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of infected computers worldwide as part of a multi-month law enforcement operation.

Malware

Malware Government Hacking Cybersecurity

CEO of cybersecurity firm charged with installing malware on hospital systems

Security Affairs

APRIL 26, 2025

Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma’s Computer Crimes Act. The man is accused of having installed the malware on the hospital computers on August 6, 2024. Anthony Hospital. One of those computers was for employees only.” ” St.

Malware

Malware Cybersecurity Healthcare Media

Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters

Tech Republic Security

MARCH 19, 2025

FBI warns computer users to keep an eye out for malware, including ransomware, distributed through working document converters.

Malware

Malware Scams Ransomware Identity Theft

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The trouble is, these EDRs largely bypass any official review and do not require the requester to supply any court-approved documents. Others simply sell access to hacked government or police email accounts, and leave it up to the buyer to forge any needed documents. “Unlimited Emergency Data Requests. . Reset as you please.

Hacking

Hacking Accountability Government Social Engineering

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Security Affairs

MAY 11, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape iClicker site hack targeted students with malware via fake CAPTCHA New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms Backdoor found in popular ecommerce components Stealthy Linux backdoor leveraging (..)

Malware

Malware eCommerce Hacking Ransomware

Malware Delivered through Google Search

Schneier on Security

FEBRUARY 7, 2023

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader.

Malware

Malware Phishing Cybercrime

Zanubis in motion: Tracing the active evolution of the Android banking malware

SecureList

MAY 28, 2025

Once these permissions are granted, the malware gains extensive capabilities that allow its operators to steal the user’s banking data and credentials, as well as perform remote actions and control the device without the user’s knowledge. Join us in this blogpost as we take a closer look at the malware’s evolution over time.

Banking

Banking Malware Energy and Utilities Encryption

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems. It didn’t dawn on Doug until days later that the missed meeting with Mr. Lee might have been a malware attack. MacOS computers include X-Protect , Apple’s built-in antivirus technology.

Malware

Malware Cryptocurrency Software Phishing

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware

Malware Phishing Telecommunications Retail

Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

The Hacker News

MAY 14, 2025

Cybersecurity researchers have discovered a new phishing campaign that's being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina.

Phishing

Phishing Malware Cybersecurity

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware

Malware Cybercrime Software Accountability

Russia's COLDRIVER Targets Western Entities with 'LOSTKEYS' Malware

SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The introduction of LOSTKEYS signifies a strategic shift towards deploying malware for direct data exfiltration.

Malware

Malware Social Engineering Engineering Government

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.

Malware

Malware Identity Theft Cybercrime Accountability

North Korea actors use OtterCookie malware in Contagious Interview campaign

Security Affairs

DECEMBER 27, 2024

North Korea-linked threat actors were spotted using new malware called OtterCookie as part of the Contagious Interview campaign that targets software developer community with fake job offers. Since November 2024, threat actors employed the malware OtterCookie, alongside BeaverTail and InvisibleFerret, in the campaign.

Malware

Malware Cryptocurrency Software Hacking

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware

Malware Cryptocurrency Engineering Encryption

SideWinder targets the maritime and nuclear sectors with an updated toolset

SecureList

MARCH 10, 2025

We continued to monitor the group throughout the rest of the year, observing intense activity that included updates to SideWinder’s toolset and the creation of a massive new infrastructure to spread malware and control compromised systems. The documents used various themes to deceive victims into believing they are legitimate.

Energy and Utilities

Energy and Utilities Malware Government Phishing

New ReaderUpdate malware variants target macOS users

Security Affairs

MARCH 26, 2025

New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. The malware maintains persistence via a.plist file.

Malware

Malware Adware Antivirus Marketing

Russia-linked ColdRiver used LostKeys malware in recent attacks

Security Affairs

MAY 9, 2025

Since early 2025, Russia-linked ColdRiver has used LostKeys malware to steal files in espionage attacks on Western governments and organizations. Google’s Threat Intelligence Group discovered LOSTKEYS, a new malware used by Russia-linked APT COLDRIVER , in recent attacks to steal files and gather system info.

Malware

Malware Government Hacking Phishing

Hackers Hijack JFK File Release: Malware & Phishing Surge

Security Boulevard

FEBRUARY 2, 2025

Attackers are capitalizing on public interest in these historical documents to launch potential malware campaigns, phishing schemes, and exploit attempts. The post Hackers Hijack JFK File Release: Malware & Phishing Surge appeared first on Security Boulevard.

Phishing

Phishing Malware Cyber threats

‘Golden Chickens’ Resurfaces with Two Dangerous Malware Tools Targeting Passwords and Crypto Wallets

eSecurity Planet

MAY 5, 2025

Cybersecurity analysts at Recorded Futures Insikt Group have identified the fresh threats as TerraStealerV2 and TerraLogger, two malware strains believed to be the latest additions to Golden Chickens growing Malware-as-a-Service (MaaS) arsenal. TerraLoader : a malware loader. TerraCrypt : ransomware.

Passwords

Passwords Malware Cryptocurrency Cybercrime

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

Shefel asserts he and his team were responsible for developing the card-stealing malware that Golubov’s hackers installed on Target and Home Depot payment terminals, and that at the time he was technical director of a long-running Russian cybercrime community called Lampeduza. “I’m also godfather of his second son.”

Retail

Retail Advertising Cryptocurrency Marketing

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware

Malware Passwords Accountability Advertising

Operation SyncHole: Lazarus APT goes back to the well

SecureList

APRIL 23, 2025

We found that the malware was running in the memory of a legitimate SyncHost. Although the exact method by which Cross EX was exploited to deliver malware remains unclear, we believe that the attackers escalated their privileges during the exploitation process as we confirmed the process was executed with high integrity level in most cases.

Malware

Malware Software Encryption Internet

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

AUGUST 14, 2020

The “RCM” portion of its name refers to “revenue cycle management,” an industry which tracks profits throughout the life cycle of each patient, including patient registration, insurance and benefit verification, medical treatment documentation, and bill preparation and collection from patients.

Ransomware

Ransomware Healthcare Insurance Phishing

Deep Learning to Find Malicious Email Attachments

Schneier on Security

FEBRUARY 28, 2020

It's challenging to tell the difference between legitimate documents in all their infinite variations and those that have specifically been manipulated to conceal something dangerous. Google says that 63 percent of the malicious documents it blocks each day are different than the ones its systems flagged the day before.

Phishing

Phishing Malware

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

The Hacker News

JANUARY 28, 2025

The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE.

Cyber Attacks

Cyber Attacks Malware

Sealed U.S. Court Records Exposed in SolarWinds Breach

Krebs on Security

JANUARY 7, 2021

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. These sealed documents will not be uploaded to CM/ECF.

Computers and Electronics

Computers and Electronics Software Engineering Accountability

Police Have Disrupted the Emotet Botnet

Schneier on Security

JANUARY 28, 2021

A coordinated effort has captured the command-and-control servers of the Emotet botnet: Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware.

Malware

Malware Phishing Ransomware Cybercrime

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware

Malware Software Technology Accountability

CryWiper Data Wiper Targeting Russian Sites

Schneier on Security

DECEMBER 6, 2022

The malware focuses on databases, archives, and user documents. The Trojan corrupts any data that’s not vital for the functioning of the operating system. It doesn’t affect files with extensions.exe,dll,lnk,sys or.msi, and ignores several system folders in the C:Windows directory.

Ransomware

Ransomware Government Malware

184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online

Malwarebytes

MAY 27, 2025

More likely, it was amassed by infostealersmalicious software (malware) that are designed specifically to gather sensitive information from infected devices. These malware variants silently extract credentials stored in browsers, email clients, messaging apps, and even crypto wallets. Use unique, complex passwords for every service.

Identity Theft

Identity Theft Passwords Accountability Phishing

7-Zip bug could allow a bypass of a Windows security feature. Update now

Malwarebytes

JANUARY 22, 2025

The MotW is what triggers warnings that opening or running such files could lead to potentially dangerous behavior, including installing malware on their devices. Make sure you are using an updated anti-malware solution that is capable of scanning inside archives, and you have that setting enabled.

Internet

Internet Internet Malware Risk

Computer Repair Technicians Are Stealing Your Data

Schneier on Security

NOVEMBER 28, 2022

Devices belonging to females were more likely to be snooped on, and that snooping tended to seek more sensitive data, including both sexually revealing and non-sexual pictures, documents, and financial information. […]. ” The researchers received no explanation in the other case. […]. A few notes.

Antivirus

Antivirus Cryptocurrency Accountability Malware

Threat landscape for industrial automation systems in Q1 2025

SecureList

MAY 15, 2025

Percentage of ICS computers on which denylisted internet resources were blocked, Jan 2022Mar 2025 Changes in the percentage of ICS computers on which initial-infection malware was blocked lead to changes in the percentage of next-stage malware. times more than in the previous quarter) and malicious documents (1.1

Spyware

Spyware Phishing Internet Internet

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Krebs on Security

NOVEMBER 28, 2022

But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. ” wherein Shmakov acknowledged writing the malware as a freelance project.

Mobile

Mobile Malware Technology Government

Node.js malvertising campaign targets crypto users

Security Affairs

APRIL 17, 2025

to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. to deploy malware, shifting from traditional scripts like Python or PHP. Microsoft has observed Node.js

Social Engineering

Social Engineering Malware Cryptocurrency Engineering

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Security Affairs

FEBRUARY 2, 2025

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite). reads the court document.

Spyware

Spyware Hacking Surveillance Malware

Iranian Government Hacking Android

Schneier on Security

SEPTEMBER 24, 2020

The hackers also have created malware disguised as Android applications, the reports said. It looks like the standard technique of getting the victim to open a document or application. Both are popular messaging tools in Iran.

Government

Government Hacking Mobile Encryption

April’s Patch Tuesday Brings Record Number of Fixes

Krebs on Security

APRIL 9, 2024

Only three of April’s vulnerabilities earned Microsoft’s most-dire “critical” rating, meaning they can be abused by malware or malcontents to take remote control over unpatched systems with no help from users. Tempering the sheer volume of this month’s patches is the middling severity of many of the bugs.

DNS

DNS Social Engineering Malware Media

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

Stolen files allegedly include contracts, insurance, and financial documents. The malware targets multiple platforms, including Windows, Linux, macOS, ESXi, and Android. Ransomhub claimed to have stolen 313 gigabytes of data from the Mexican government office. ” reported the Associated Press. Knight, also known as Cyclops 2.0,

Government

Government Hacking Ransomware Insurance

FBI warns of malicious free online document converters spreading malware

Oops: DanaBot Malware Devs Infected Their Own PCs

Trending Sources

ClickFix: How to Infect Your PC in Three Easy Steps

FBI deleted China-linked PlugX malware from over 4,200 US computers

CEO of cybersecurity firm charged with installing malware on hospital systems

Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters

FBI: Spike in Hacked Police Emails, Fake Subpoenas

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Malware Delivered through Google Search

Zanubis in motion: Tracing the active evolution of the Android banking malware

Calendar Meeting Links Used to Spread Mac Malware

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Russia's COLDRIVER Targets Western Entities with 'LOSTKEYS' Malware

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

North Korea actors use OtterCookie malware in Contagious Interview campaign

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

SideWinder targets the maritime and nuclear sectors with an updated toolset

New ReaderUpdate malware variants target macOS users

Russia-linked ColdRiver used LostKeys malware in recent attacks

Hackers Hijack JFK File Release: Malware & Phishing Surge

‘Golden Chickens’ Resurfaces with Two Dangerous Malware Tools Targeting Passwords and Crypto Wallets

An Interview With the Target & Home Depot Hacker

Giving a Face to the Malware Proxy Service ‘Faceless’

Operation SyncHole: Lazarus APT goes back to the well

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Deep Learning to Find Malicious Email Attachments

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

Sealed U.S. Court Records Exposed in SolarWinds Breach

Police Have Disrupted the Emotet Botnet

3CX Breach Was a Double Supply Chain Compromise

CryWiper Data Wiper Targeting Russian Sites

184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online

7-Zip bug could allow a bypass of a Windows security feature. Update now

Computer Repair Technicians Are Stealing Your Data

Threat landscape for industrial automation systems in Q1 2025

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Node.js malvertising campaign targets crypto users

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Iranian Government Hacking Android

April’s Patch Tuesday Brings Record Number of Fixes

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Stay Connected