Download and Information Security - Cyber Security Informer

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

JANUARY 10, 2025

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. “Victims are prompted to download and run a fake application, which serves as a downloader for the cryptominerXMRig.”

Phishing

Phishing Scams Malware Authentication

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

” Fake file converters and download tools may perform advertised tasks but can provide resulting files containing hidden malware, giving criminals access to victims’ devices. “To conduct this scheme, cyber criminals across the globe are using any type of free document converter or downloader tool. .

Malware

Malware Scams Identity Theft Antivirus

Russia-linked RomCom group targeted Ukrainian government agencies since late 2023

Security Affairs

OCTOBER 17, 2024

The threat actors also employed two new downloaders, called RustClaw and MeltingClaw, plus two backdoors, DustyHammock (Rust-based) and C++-based ShadyHammock. “The downloaders make way for and establish persistence for two distinct backdoors we call “DustyHammock” and “ShadyHammock,” respectively.”

Government

Government Malware Cyber Attacks Ransomware

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. Upon executing the archive, it drops a malicious Windows executable, which eventually downloads and executesthe PLAYFULGHOST payloadfrom a remote server. sys driver.

Malware

Malware Encryption Phishing Hacking

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Security Affairs

MAY 28, 2025

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (bitdefender-download[.]com)

Antivirus

Antivirus Malware Banking Passwords

Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers

Security Affairs

JUNE 19, 2025

“Since March 2025, Check Point Research has been tracking malicious GitHub repositories targeting Minecraft users with an undetected Java downloader.” Upon launching the game, the fake mod downloads a second-stage stealer, which then fetches an additional.NET-based stealer.

Malware

Malware VPN Cyber threats Hacking

Netgear urges users to upgrade two flaws impacting WiFi router models

Security Affairs

FEBRUARY 4, 2025

The unauthenticated RCE security vulnerability PSV-2023-0039 impacts the following product models: XR1000, the issue was fixed in firmware version 1.0.0.74 XR500, the issue was fixed in firmware version 2.3.2.134 “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” Click Downloads.

Firmware

Firmware Authentication Hacking Information Security

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Security Affairs

MARCH 31, 2025

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. The threat actor is using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a.

Phishing

Phishing Antivirus Encryption Hacking

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

Security Affairs

JUNE 9, 2025

Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process. 3 ” reads the alert published by the FBI. ” BADBOX 2.0

IoT

IoT Internet Internet Advertising

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

Security Affairs

FEBRUARY 24, 2025

CYFIRMA researchers discovered that the SpyLend Android malware was downloaded 100,000 times from the official app store Google Play. The Finance Simplified app is still available on Google Play at the time of this reports publication, with downloads doubling to 100,000 in a week. ” reads the report published by CYFIRMA.

Malware

Malware Marketing Hacking Mobile

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Security Affairs

JULY 30, 2024

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024.

Spyware

Spyware Malware Mobile Marketing

Malicious npm packages target Ethereum developers

Security Affairs

JANUARY 4, 2025

The campaign is still ongoing and the malicious packages collectively totaled more than one thousand downloads. The attack has led to the identification of 20 malicious packages published by three primary authors, with the most downloaded package, @nomicsfoundation/sdk-test , accumulating 1,092 downloads.”

Encryption

Encryption Hacking Cybercrime Information Security

New MassJacker clipper targets pirated software seekers

Security Affairs

MARCH 15, 2025

The attack involves executing a cmd script followed by a PowerShell script, which downloads three executables, including the Amadey botnet and two.NET executables (32-bit and 64-bit). The malware, dubbed PackerE, downloads an encrypted DLL (PackerD1) that employs multiple anti-analysis techniques.

Software

Software Cryptocurrency Malware Encryption

BadBox rapidly grows, 190,000 Android devices infected

Security Affairs

DECEMBER 21, 2024

” Recently, The Federal Office for Information Security (BSI) announced it had blocked communication between the 30,000 devices infected with the BadBox malware and the C2. BadBox can also download additional payloads, amplifying the risks for the users. .” continues the report “Second, let’s talk volume.

Firmware

Firmware Malware Internet Internet

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

Security Affairs

APRIL 23, 2025

is the recommended library for integrating a JavaScript/TypeScript app with the XRP, it has more than 140.000 weekly downloads. Hundreds of thousands of applications and websites use this package, the package has been downloaded over 2.9 It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads.”

Cryptocurrency

Cryptocurrency Malware Hacking Risk

Experts shared up-to-date C2 domains and other artifacts related to recent MintsLoader attacks

Security Affairs

MAY 5, 2025

“The campaign leveraged fake CAPTCHA verification pages (ClickFix/KongTuke lures) to trick users into executing a copied PowerShell command, which downloaded and ran MintsLoader” The experts observed other infection chains that used fake invoice files (e.g., “Fattura####.js”)

Malware

Malware Phishing Threat Reports Encryption

DNA testing company vanishes along with its customers’ genetic data

Malwarebytes

NOVEMBER 12, 2024

Customers were only able to look at their test results online, these were not downloadable, so now they are not only unable to see them, but they also have no idea what has happened to that data. Keep threats off your devices by downloading Malwarebytes today. The atlasbiomed.com domain appears to be inactive.

Insurance

Insurance Accountability Risk Data breaches

The source code of Banshee Stealer leaked online

Security Affairs

NOVEMBER 26, 2024

We’ve archived the leak and made it available for download on GitHub.” We've archived the leak and made it available for download on GitHub. ” Yesterday Banshee Stealer, the MacOS-based Malware-as-a-Service infostealer, had their source code leaked online.

Malware

Malware Cryptocurrency Encryption Hacking

News Flodrix botnet targets vulnerable Langflow servers

Security Affairs

JUNE 18, 2025

Attackers exploit CVE-2025-3248 in Langflow servers to deliver Flodrix botnet via downloader scripts, Trend Research reports. Attackers exploit the flaw to run scripts on Langflow servers, downloading and installing Flodrix malware. Once satisfied, they download and execute the Flodrix botnet malware from a remote server.

DDOS

DDOS Malware Encryption Hacking

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

The Last Watchdog

DECEMBER 5, 2024

5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Alisa Viejo, Calif., Ackerman Jr.

InfoSec

InfoSec Cyber Risk CISO Cybersecurity

A large-scale phishing campaign targets WordPress WooCommerce users

Security Affairs

APRIL 28, 2025

A large-scale phishing campaign targets WordPress WooCommerce users with a fake security alert urging them to download a ‘critical patch’ hiding a backdoor. Patchstack researchers uncovered a large-scale phishing campaign targeting WordPress WooCommerce users with a fake security alert.

Phishing

Phishing DDOS Accountability Hacking

Experts warn of a new wave of Bumblebee malware attacks

Security Affairs

OCTOBER 22, 2024

Once executed, it downloads the payload directly into memory. “Once opened, the LNK file executes a Powershell command to download an MSI file from a remote server, renames it as “%AppData%y.msi”, and then executes/installs it using the Microsoft msiexec.exe tool.” lnk” that, once executed, starts the attack chain.

Malware

Malware Phishing Ransomware Hacking

Threat actors use fake AI tools to deliver the information stealer Noodlophile

Security Affairs

MAY 12, 2025

Users seeking free AI video tools unknowingly download Noodlophile Stealer, a new malware that steals browser credentials, crypto wallets, and may install remote access trojans like XWorm. Users are tricked into downloading a malicious ZIP (“VideoDreamAI.zip”) after uploading media.

Malware

Malware Media Cybercrime Scams

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

When a support technician wants to use it to remotely administer a computer, the ConnectWise website generates an executable file that is digitally signed by ConnectWise and downloadable by the client via a hyperlink. ” A composite of screenshots researcher Ken Pyle put together to illustrate the ScreenConnect vulnerability.

Phishing

Phishing Architecture Passwords Accountability

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Security Affairs

DECEMBER 2, 2024

WebTunnel is a stealthy bridge that blends with web traffic, with a small download size and uTLS integration, making it safer and harder to detect for users. Russian watchdog Roskomnadzor is making some bridges inaccessible, highlighting the urgent need for more WebTunnel bridges.

Government

Government Internet Internet Hacking

Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America

Security Affairs

NOVEMBER 27, 2024

. “The compromise chain is composed of a fake website that redirects the potential victim to the server hosting the exploit, and should the exploit succeed, shellcode is executed that downloads and executes the RomCom backdoor.” This leads to downloading and executing the RomCom backdoor from C2 servers like journalctd[.]live,

Cybercrime

Cybercrime Hacking Government Information Security

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. “This could cause the file to run when double-clicked instead of opening it with a PDF viewer.”

Malware

Malware Software Technology Accountability

Node.js malvertising campaign targets crypto users

Security Affairs

APRIL 17, 2025

In this attack phase, a PowerShell script downloads an archive from the command-and-control server containing the Node.js In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js runtime and a compiled JavaScript file. components.

Social Engineering

Social Engineering Malware Cryptocurrency Engineering

Malicious Go Modules designed to wipe Linux systems

Security Affairs

MAY 4, 2025

Researchers found 3 malicious Go modules with hidden code that can download payloads to wipe a Linux system’s main disk, making it unbootable. ” The executions of the malicious modules can cause total data loss, major downtime, and severe financial and reputational harm, highlighting the need for strong supply chain security.

Software

Software Hacking Malware Cybercrime

Valve removed the game PirateFi from the Steam video game platform because contained a malware

Security Affairs

FEBRUARY 13, 2025

PCMag cited the case of a gamer who downloaded the game and reported that his accounts were hijacked using stolen cookies. SteamDB estimates that over 800 users may have downloaded the game. According to the website PCMag , the free-to-play game PirateFi was released last week. A few days later, Valve notified impacted users.

Malware

Malware Antivirus Accountability Software

Crooks are targeting Docker API servers to deploy SRBMiner

Security Affairs

OCTOBER 23, 2024

“Afterwards, the attacker downloaded and deployed the SRBMiner cryptominer from GitHub, and started mining to their cryptocurrency wallet and public IP address.” The attacker downloads SRBMiner from GitHub, unzips it into a temporary directory, and deploys it in the /usr/sbin directory. continues the analysis.

Cryptocurrency

Cryptocurrency Authentication Hacking Cybercrime

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Security Affairs

OCTOBER 29, 2024

The threat actors use the Civil Defense website to distribute multiple software programs that, once installed, download different malware families. The site provides a downloader called Pronsis Loader to Windows users, this malware starts an attack chain, ultimately installing SUNSPINNER and the PURESTEALER information stealer.

Malware

Malware Social Engineering Software Mobile

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

FEBRUARY 12, 2025

Upon running the code as an administrator, it downloads and installs a browser-based remote desktop tool and downloads a certificate file with a hardcoded PIN from a remote server. When opened, they execute PowerShell or Mshta to download malware like PebbleDash and RDP Wrapper, to control the infected systems.

Phishing

Phishing Malware Security Intelligence Hacking

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

To extract cookies from Chromium-based browsers, it downloads a module from the C&C to bypass App-Bound encryption. Upon execution, Glove Stealer pretends to search for system errors while secretly contacting a command-and-control (C&C) server to harvest and exfiltrate data. ” reads the report published by Gen Digital.

Encryption

Encryption Password Management Cryptocurrency Social Engineering

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

This file contained an authentication token that allowed the attacker to download the Internet Archive’s source code, which included additional credentials and tokens. This allowed the threat actor to download the organization’s user database, further source code, and modify the site.

Internet

Internet Internet Data breaches Authentication

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

Security Affairs

JANUARY 22, 2025

Attackers can exploit a vulnerability, tracked as CVE-2025-0411 , in the free, open-source file archiver software 7-Zip to bypass the Mark of the Web (MotW) Windows security feature. Mark of the Web (MotW) is a security feature in Microsoft Windows that identifies files downloaded from untrusted sources, such as the internet.

Software

Software Internet Internet Hacking

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

Initially, the group published screenshots of stolen data as proof of the attack, now the whole archive can be downloaded from the leak page. The group said that the waiting period had expired and claimed the theft of 134GB of sensitive data.

Ransomware

Ransomware Hacking Social Engineering Manufacturing

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The script will download and run the.NET bootloader MSCommondll.exe,which in turn will download and run the malware DarkCrystal RAT. The RAR archive analyzed by the Ukrainian CERT-UA contains the document Algorithm_LegalAid.xlsm.Upon opening the document and enabling the macro, a PowerShell command will be executed.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

North Korea-linked APT37 exploited IE zero-day in a recent attack

Security Affairs

OCTOBER 19, 2024

This led to a zero-click attack, requiring no user interaction, as the ad program automatically downloaded and rendered the malicious content. APT37 exploited this flaw to trick victims into downloading malware on their desktops with the toast ad program installed. dll), allowing type confusion to occur.

Internet

Internet Internet Engineering Malware

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Security Affairs

OCTOBER 29, 2024

The latest patch builds are available for download on mysonicwall.com “ In September, SonicWall warned that the flaw CVE-2024-40766 in SonicOS is now potentially exploited in attacks. The latest patch builds are available for download on mysonicwall.com ,” warns the updated SonicWall advisory.

VPN

VPN Ransomware Firewall Internet

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

. “In January, someone leaked the personal information of 263 journalists who had signed up to cover presidential activities.” “In that case, officials at the president’s press office later said the information appeared to have been downloaded using the password of a former employee.”

Government

Government Hacking Ransomware Insurance

Malicious npm and PyPI target Solana Private keys to steal funds from victims’ wallets

Security Affairs

JANUARY 20, 2025

” The malicious packages discovered by the experts are posing as Solana tools and have 130+ downloads, using Nodemailer to steal keys via Gmail and automate wallet draining. “It is important to verify a packages authenticity by examining its download counts, publisher history, and any associated GitHub repository links.

Authentication

Authentication Malware Hacking Accountability

North Korea actors use OtterCookie malware in Contagious Interview campaign

Security Affairs

DECEMBER 27, 2024

projects or npm packages downloaded from GitHub or Bitbucket. Loaders for OtterCookie download JSON data from a remote source and execute the cookie property as JavaScript code. Attackers may also directly download and execute JavaScript, with control passing to a catch block when an HTTP 500 status code occurs.

Malware

Malware Cryptocurrency Software Hacking

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

” Upon exploiting the vulnerability, the malicious code can inject commands via the ntp parameter, allowing attackers to download Mirai-based malware through HTTP POST requests over port 80, referencing IP Address :80/cfg_system_time.htm in the HTTP Referer header. dyn” for C2 communication.

Manufacturing

Manufacturing Malware Firmware IoT

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

FBI warns of malicious free online document converters spreading malware

Trending Sources

Russia-linked RomCom group targeted Ukrainian government agencies since late 2023

PLAYFULGHOST backdoor supports multiple information stealing features

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers

Netgear urges users to upgrade two flaws impacting WiFi router models

Russia-linked Gamaredon targets Ukraine with Remcos RAT

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Malicious npm packages target Ethereum developers

New MassJacker clipper targets pirated software seekers

BadBox rapidly grows, 190,000 Android devices infected

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

Experts shared up-to-date C2 domains and other artifacts related to recent MintsLoader attacks

DNA testing company vanishes along with its customers’ genetic data

The source code of Banshee Stealer leaked online

News Flodrix botnet targets vulnerable Langflow servers

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

A large-scale phishing campaign targets WordPress WooCommerce users

Experts warn of a new wave of Bumblebee malware attacks

Threat actors use fake AI tools to deliver the information stealer Noodlophile

ConnectWise Quietly Patches Flaw That Helps Phishers

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America

3CX Breach Was a Double Supply Chain Compromise

Node.js malvertising campaign targets crypto users

Malicious Go Modules designed to wipe Linux systems

Valve removed the game PirateFi from the Steam video game platform because contained a malware

Crooks are targeting Docker API servers to deploy SRBMiner

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

North Korea-linked APT Emerald Sleet is using a new tactic

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Internet Archive was breached twice in a month

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

Cloak ransomware group hacked the Virginia Attorney General’s Office

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

North Korea-linked APT37 exploited IE zero-day in a recent attack

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Malicious npm and PyPI target Solana Private keys to steal funds from victims’ wallets

North Korea actors use OtterCookie malware in Contagious Interview campaign

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Stay Connected