Security Affairs

JANUARY 24, 2025

It activates upon detecting a “magic packet” with predefined parameters, enabling attackers to establish a reverse shell, control devices, steal data, or deploy malware. The J-magic campaign is notable for targeting JunoOS, a FreeBSD-based operating system that threat actors rarely target in malware attacks.

Malware 121

Malware VPN Encryption Hacking 121

Security Affairs

MARCH 30, 2025

Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware called RESURGE.

Malware 121

Malware Authentication Encryption Cybersecurity 121

SecureList

JUNE 11, 2025

We previously reported attacks with malware being spread under the guise of DeepSeek to attract victims. For instance, we have recently discovered a new malicious campaign distributing previously unknown malware through a fake DeepSeek-R1 LLM environment installer. exe is the launcher for the next-stage malware. <>O.<0>__Run)

Malware 105

Malware Phishing Encryption Engineering 105

Security Affairs

OCTOBER 20, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 124

Malware Ransomware Encryption Phishing 124

SecureList

DECEMBER 19, 2024

After looking into the attack, we were able to uncover a complex infection chain that included multiple types of malware, such as a downloader, loader, and backdoor, demonstrating the group’s evolved delivery and improved persistence methods. CookieTime still in use Another piece of malware found on the infected hosts was CookieTime.

Malware 140

Malware Encryption Software Cryptocurrency 140

Security Affairs

NOVEMBER 17, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 114

Malware Antivirus Encryption Education 114

SecureList

MAY 28, 2025

Once these permissions are granted, the malware gains extensive capabilities that allow its operators to steal the user’s banking data and credentials, as well as perform remote actions and control the device without the user’s knowledge. Join us in this blogpost as we take a closer look at the malware’s evolution over time.

Banking 107

Banking Malware Encryption Energy and Utilities 107

Security Affairs

MAY 18, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape PupkinStealer : A.NET-Based Info-Stealer Interlock ransomware evolving under the radar Technical Analysis of TransferLoader Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2 Horabot Unleashed: (..)

Malware 104

Malware Encryption Phishing Hacking 104

SecureWorld News

MARCH 13, 2025

A recent report from Tenable highlights how DeepSeek R1, an open-source AI model, can generate rudimentary malware, including keyloggers and ransomware. While the AI-generated malware required manual debugging to function properly, its mere existence signals an urgent need for security teams to adapt their defenses.

Malware 110

Malware Cybersecurity Cyber threats Threat Detection 110

Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. Unlike modern ransomware it doesn’t rely on sophisticated encryption algorithms and modifies BitLocker configurations to encrypt a system’s drives.

Ransomware 123

Ransomware Encryption Passwords Backups 123

Security Affairs

APRIL 21, 2025

Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. The phishing emails either led to malware delivery via GRAPELOADER or redirected to the Ministry’s real website to appear legitimate. The malware is highly targeted and leaves no traces of the next-stage payload.

Malware 106

Malware Phishing Encryption Hacking 106

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. The code is now available on GitHub. concludes the report. concludes the report.

Malware 143

Malware Cryptocurrency Encryption Hacking 143

SecureList

FEBRUARY 5, 2025

In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources.

Malware 142

Malware Encryption Mobile Cryptocurrency 142

Security Affairs

MARCH 25, 2025

Researchers warn of a new Android malware that uses.NET MAUI to mimic legit services and evade detection. McAfee researchers warn of Android malware campaigns using.NET MAUI to evade detection. Another malware observed by the experts targets Chinese-speaking users, stealing contacts, SMS, and photos through third-party app stores.

Malware 73

Malware Encryption Banking Cyber threats 73

SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The introduction of LOSTKEYS signifies a strategic shift towards deploying malware for direct data exfiltration.

Malware 84

Malware Social Engineering Government Engineering 84

Security Affairs

MAY 29, 2025

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. Google warns that China-linked APT41 used TOUGHPROGRESS malware with Google Calendar as C2, targeting various government entities via a compromised website. ” reads the report published by Google.

Malware 116

Malware Government Encryption Hacking 116

Security Affairs

MARCH 15, 2025

Pirated software seekers are targeted by the new MassJacker clipper malware, according to CyberArk researchers. A new malware campaign spreading a new clipper malware dubbed MassJacker targets users searching for pirated software, Cyberark users warn. com) distributing pirated software that also spreads malware.

Software 117

Software Cryptocurrency Malware Encryption 117

Security Affairs

JANUARY 10, 2025

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malicious code was advertised on cybercrime forums for $3,000 per month.

Malware 120

Malware Advertising Antivirus Cybercrime 120

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware 79

Malware Cryptocurrency Encryption Phishing 79

Security Affairs

JANUARY 28, 2025

ENGlobal reported to the SEC that personal information was compromised in a ransomware attack that took place in November 2024. ENGlobal disclosed a ransomware attack that occurredin November, in a SEC filingthe company confirmed that threat actors gained access to personal information. ” reads the FORM 8-K filed with SEC.

Ransomware 66

Ransomware Encryption Hacking Technology 66

Security Affairs

JANUARY 12, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 59

Malware Scams Phishing Encryption 59

Security Affairs

APRIL 13, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by Chinas APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack (..)

Malware 73

Malware Spyware Government Ransomware 73

Security Affairs

MARCH 18, 2025

dll module revealed that the malware supports sophisticated functionalities to steal credentials from browsers, digital wallet data, clipboard content, and system information. Microsoft has yet to attribute the malware to a specific threat actor or geolocation, however, the IT giant believes that it was not widespread at this time.

Malware 112

Malware Cryptocurrency Encryption Passwords 112

Security Affairs

FEBRUARY 9, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 72

Malware Scams Banking Ransomware 72

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. The FSB headquarters at Lubyanka Square, Moscow.

Antivirus 337

Antivirus Encryption VPN Malware 337

SecureList

OCTOBER 21, 2024

Introduction Information stealers, which are used to collect credentials to then sell them on the dark web or use in subsequent cyberattacks, are actively distributed by cybercriminals. According to Kaspersky Digital Footprint Intelligence, almost 10 million devices, both personal and corporate, were attacked by information stealers in 2023.

Passwords 127

Passwords Malware Encryption Cryptocurrency 127

Security Affairs

APRIL 2, 2025

The threat actor FIN7 , also known as Savage Ladybug, has developed a new Python-based malware, named Anubis Backdoor, which allows attackers to gain full remote control over infected Windows systems. “The malware is distributed as a ZIP package, which includes a single Python script alongside multiple Python executables.

Antivirus 128

Antivirus Cybercrime Malware Encryption 128

SecureList

APRIL 23, 2025

We immediately took action by communicating meaningful information to the Korea Internet & Security Agency (KrCERT/CC) for rapid action upon detection, and we have now confirmed that the software exploited in this campaign has all been updated to patched versions. The software has since been updated with patched versions.

Malware 143

Malware Software Encryption Internet 143

Security Affairs

NOVEMBER 12, 2024

New Ymir ransomware was deployed in attacks shortly after systems were breached by RustyStealer malware, Kaspersky warns. The ransomware uses the stream cipher ChaCha20 algorithm to encrypt files, then appends the extension “ 6C5oy2dVr6” to the filenames of the encrypted files. ” concludes the report.

Ransomware 120

Ransomware Malware Encryption Hacking 120

SecureList

OCTOBER 15, 2024

The documents often contain information obtained from public websites, which is used to lure the victim into opening the file and believing it to be legitimate. It uses the CPUID instruction to obtain information about the processor manufacturer. The malware uses different strings to load libraries and functions required for execution.

Malware 143

Malware Encryption Architecture Phishing 143

Security Affairs

JUNE 6, 2025

By stealing credentials with Mimikatz and escalating privileges with WinPEAS, they spread malware via Group Policy Objects. The report also provides information on a Play ransomware ESXi variant that shuts down all virtual machines and encrypts their files using randomly generated keys for each file.

Ransomware 97

Ransomware Encryption Antivirus Cryptocurrency 97

Security Affairs

FEBRUARY 16, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 66

Malware Data breaches Mobile Encryption 66

Security Affairs

NOVEMBER 18, 2024

A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information. The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024. .

Ransomware 125

Ransomware Insurance Encryption Healthcare 125

Security Affairs

MARCH 8, 2025

The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. The ransomware group used an unsecured webcam to encrypt systems within atarget’s network, bypassing Endpoint Detection and Response (EDR). Akira successfully encrypted files across the network.

Ransomware 130

Ransomware IoT Encryption Passwords 130

SecureList

OCTOBER 4, 2024

While trying to deliver malware on victims’ devices and stay on them as long as they can, sometimes attackers are using quite unusual techniques. Malware was also distributed through Telegram channels targeted at crypto investors and in descriptions and comments on YouTube videos about cryptocurrency, cheats and gambling.

Scams 145

Scams Cryptocurrency Malware Software 145

Security Affairs

DECEMBER 3, 2024

The threat actors had access to the company’s information technology systems and encrypted some of its data files. The preliminary investigation has revealed that a threat actor illegally accessed the Company’s information technology (“IT”) system and encrypted some of its data files.”

Ransomware 119

Ransomware Encryption Technology Cybersecurity 119

Security Affairs

MARCH 9, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 66

Malware DDOS Hacking Ransomware 66