Schneier on Security

FEBRUARY 7, 2025

Based on their assessment, infected Google Play apps have been downloaded more than 242,000 times. The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. ” That’s a tactic I have not heard of before.

Malware 252

Malware Spyware 252

Malwarebytes

MARCH 26, 2025

A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. Here’s how it works: Cybercriminals send a fake Booking.com email to a hotels email address, asking them to confirm a booking.

Phishing 115

Phishing Malware Passwords Password Management 115

Krebs on Security

FEBRUARY 6, 2025

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. As of this writing, DeepSeek is the third most-downloaded “free” app on the Apple store, and #1 on Google Play.

Risk 303

Risk Artificial Intelligence Mobile Encryption 303

The Hacker News

MAY 19, 2025

The names of the Python packages are below - checker-SaGaF (2,605 downloads) steinlurks (1,049 downloads) sinnercore (3,300 downloads) All three packages are no longer available on PyPI.

Accountability 126

Accountability Cybersecurity 126

SecureList

DECEMBER 23, 2024

Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor ( CVE-2018-0802 ) to download and execute malware code. It contains a formula editor exploit that downloads and runs an HTML Application (HTA) file hosted on the same C2 server.

Encryption 135

Encryption Penetration Testing Malware Phishing 135

Security Affairs

MAY 28, 2025

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (bitdefender-download[.]com)

Antivirus 123

Antivirus Malware Banking Passwords 123

Security Affairs

NOVEMBER 11, 2024

Once the CVE-2017-0199 is exploited, it downloads an HTA file and executes it on the recipient’s device. In this attack, MS Excel program accesses a shortened URL that redirects to a specific IP address, downloading an HTA (HTML Application) file. Fortinet’s report also includes Indicators of Compromise (IoCs) for this campaign.

Phishing 132

Phishing Malware Banking Encryption 132

SecureList

OCTOBER 21, 2024

Kral In mid-2023, we discovered the Kral downloader which, back then, downloaded the notorious Aurora stealer. This changed in February this year when we discovered a new Kral stealer, which we believe is part of the same malware family as the downloader due to certain code similarities. That file is the Kral downloader.

Passwords 127

Passwords Malware Encryption Cryptocurrency 127

Malwarebytes

JANUARY 22, 2025

7-Zip does not have an auto-update function, so you will have to download the version that is suitable for your system from the 7-Zip downloads page. Always be careful when opening archived files that you downloaded from the internet. Keep threats off your devices by downloading Malwarebytes today.

Internet 141

Internet Internet Malware Risk 141

The Hacker News

JUNE 15, 2025

The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targeted users of a service called Chimera Sandbox,

Cybersecurity 137

Cybersecurity 137

Malwarebytes

NOVEMBER 18, 2024

We’ve seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires victims to download and install a program that will generate a popup, also showing a phone number. Keep threats off your devices by downloading Malwarebytes today.

Scams 140

Scams Antivirus Software Passwords 140

Malwarebytes

OCTOBER 30, 2024

If there is an update available, Chrome will notify you and start downloading it. This vulnerability, tracked as CVE-2024-10487 , can be used by cybercriminals as a drive-by download. Keep threats off your devices by downloading Malwarebytes today. To manually get the update, click Settings > About Chrome.

Spyware 142

Spyware Architecture Advertising Engineering 142

Security Affairs

JANUARY 10, 2025

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. “Victims are prompted to download and run a fake application, which serves as a downloader for the cryptominerXMRig.”

Phishing 116

Phishing Scams Malware Authentication 116

Malwarebytes

JANUARY 3, 2025

If interested, the victim will receive a download link and a password for the archive containing the promised installer. The archives are offered for download on various locations like Dropbox, Catbox, and often on the Discord content delivery network (CDN), by using compromised accounts which add extra credibility. fr leyamor[.]com

Scams 141

Scams Identity Theft Cryptocurrency Accountability 141

Krebs on Security

MAY 14, 2025

In any case, windowslatest.com reports that Windows 11 version 24H2 shows up ready for downloads, even if you don’t want it. “Even if you don’t check for updates, Windows 11 24H2 will automatically download at some point.” ” Apple users likely have their own patching to do. .

Artificial Intelligence 192

Artificial Intelligence Internet Internet Phishing 192

Security Affairs

JUNE 9, 2025

Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process. 3 ” reads the alert published by the FBI. ” BADBOX 2.0

IoT 145

IoT Internet Internet Advertising 145

Security Affairs

JUNE 19, 2025

“Since March 2025, Check Point Research has been tracking malicious GitHub repositories targeting Minecraft users with an undetected Java downloader.” Upon launching the game, the fake mod downloads a second-stage stealer, which then fetches an additional.NET-based stealer.

Malware 92

Malware VPN Cyber threats Hacking 92

Security Affairs

MARCH 24, 2025

” Fake file converters and download tools may perform advertised tasks but can provide resulting files containing hidden malware, giving criminals access to victims’ devices. “To conduct this scheme, cyber criminals across the globe are using any type of free document converter or downloader tool. .

Malware 119

Malware Scams Identity Theft Antivirus 119

Schneier on Security

MAY 30, 2025

The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share. There’s a website —of course—and a video , well-produced and scary.

Cybersecurity 232

Cybersecurity Scams Security Awareness Phishing 232

Security Affairs

JANUARY 5, 2025

The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. Upon executing the archive, it drops a malicious Windows executable, which eventually downloads and executesthe PLAYFULGHOST payloadfrom a remote server. sys driver.

Malware 133

Malware Encryption Phishing Hacking 133

Security Affairs

FEBRUARY 4, 2025

XR500, the issue was fixed in firmware version 2.3.2.134 “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” Download the latest firmware for your NETGEAR product from the official website: Visit NETGEAR Support. Click Downloads. Click Download. ” reads the advisory.

Firmware 113

Firmware Authentication Hacking Information Security 113

Security Affairs

MARCH 31, 2025

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. The threat actor is using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a.

Phishing 115

Phishing Antivirus Encryption Hacking 115

Security Affairs

FEBRUARY 24, 2025

CYFIRMA researchers discovered that the SpyLend Android malware was downloaded 100,000 times from the official app store Google Play. The Finance Simplified app is still available on Google Play at the time of this reports publication, with downloads doubling to 100,000 in a week. ” reads the report published by CYFIRMA.

Malware 122

Malware Marketing Hacking Mobile 122

The Last Watchdog

MARCH 28, 2025

Ransomware attacks typically involve tricking victims into downloading and installing the ransomware, which copies, encrypts, and/or deletes critical data on the device, only to be restored upon the ransom payment. Traditionally, the primary target of ransomware has been the victims device. .

Antivirus 147

Antivirus Ransomware Social Engineering Engineering 147

Security Affairs

JANUARY 4, 2025

The campaign is still ongoing and the malicious packages collectively totaled more than one thousand downloads. The attack has led to the identification of 20 malicious packages published by three primary authors, with the most downloaded package, @nomicsfoundation/sdk-test , accumulating 1,092 downloads.”

Encryption 136

Encryption Hacking Cybercrime Information Security 136

Malwarebytes

MARCH 17, 2025

But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as: Personal identifying information (PII) including Social Security Numbers (SSN). Usually, they will, and the victim will think nothing more of it. This is the actual malware.

Malware 138

Malware Adware Education Phishing 138

Malwarebytes

APRIL 30, 2025

Your document is now ready for download: Please download the attachment and follow the provided instructions. Dont open downloaded files or attachments until you are sure they are safe. NOTE: Statements & Documents are only compatible with PC/Windows systems. Dont click on links until you are sure they are non-malicous.

Computers and Electronics 143

Computers and Electronics Identity Theft Phishing Banking 143

Tech Republic Security

MAY 13, 2025

By downloading what they believe is an AI-generated video, victims have installed malware that can steal their data or offer attackers remote access to infected devices.

Malware 122

Malware Artificial Intelligence Social Engineering Engineering 122

SecureList

JUNE 11, 2025

php URL path with a “Download now” button. Clicking that results in downloading the malicious installer named AI_Launcher_1.21.exe After the checkbox is ticked, the URL is appended with /success , and the user is presented with the following screen, offering the options to download and install Ollama and LM Studio.

Malware 105

Malware Phishing Encryption Engineering 105

Malwarebytes

OCTOBER 16, 2024

If an update is available, it will be downloaded. You will be prompted when the download is complete, then click Restart to update Firefox/Tor Browser. Keep threats off your devices by downloading Malwarebytes today. The About Mozilla Firefox/About Tor Browser window will open.

Risk 118

Risk Cybersecurity 118

Security Affairs

APRIL 23, 2025

is the recommended library for integrating a JavaScript/TypeScript app with the XRP, it has more than 140.000 weekly downloads. Hundreds of thousands of applications and websites use this package, the package has been downloaded over 2.9 It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads.”

Cryptocurrency 111

Cryptocurrency Malware Hacking Risk 111