Information Security, Malware and Media

CEO of cybersecurity firm charged with installing malware on hospital systems

Security Affairs

APRIL 26, 2025

Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma’s Computer Crimes Act. The man is accused of having installed the malware on the hospital computers on August 6, 2024. ” reported the media outlet KOCO 5 News. Anthony Hospital.

Malware

Malware Cybersecurity Healthcare Media

DPRK-linked BlueNoroff used macOS malware with novel persistence

Security Affairs

NOVEMBER 7, 2024

SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting businesses in the crypto industry with a new multi-stage malware. SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden Risk.”

Malware

Malware Risk Architecture Cryptocurrency

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Security Affairs

FEBRUARY 26, 2025

Researchers found an updated LightSpy spyware with enhanced data collection features targeting social media platforms like Facebook and Instagram. have found an updated version of the LightSpy spyware that supports an expanded set of data collection features to target social media platforms like Facebook and Instagram.

Data collection

Data collection Spyware Media Surveillance

Crazy Evil gang runs over 10 highly specialized social media scams

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency.

Scams

Scams Media Cryptocurrency Cybercrime

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware

Malware Phishing Telecommunications Retail

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

Security Affairs

JUNE 6, 2025

offers up to $10M for info on state hackers linked to RedLine malware and its creator, Maxim Rudometov, tied to attacks on U.S. Department of State offers a reward of up to $10 million for information nation-state actors linked to the RedLine infostealer and its alleged author, Russian national Maxim Alexandrovich Rudometov.

Malware

Malware Passwords Identity Theft Accountability

Threat actors use fake AI tools to deliver the information stealer Noodlophile

Security Affairs

MAY 12, 2025

Threat actors use fake AI tools to trick users into installing the information stealer Noodlophile, Morphisec researchers warn. Morphisec researchers observed attackers exploiting AI hype to spread malware via fake AI tools promoted in viral posts and Facebook groups. It contains a fake video file (“Video Dream MachineAI.mp4.exe”)

Malware

Malware Media Cybercrime Scams

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

The group used the chatbot to receive support in Android malware development and to create a scraper for the social media platform Instagram. “This actor used our models to debug malware, for coding assistance in creating a basic scraper for Instagram, and to translate LinkedIn profiles into Persian.

Malware

Malware Social Engineering Engineering Hacking

Hackers Hide Software Skimmer in Social Media Sharing Icons

Security Affairs

DECEMBER 4, 2020

Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages. SecurityAffairs – hacking, malware).

Media

Media Software Malware Social Engineering

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

RedLine and META targeted millions of victims worldwide, according to Eurojust it was one of the largest malware platforms globally. “Investigations into RedLine and Meta started after victims came forward and a security company notified authorities about possible servers in the Netherlands linked to the software.

Identity Theft

Identity Theft Passwords Malware Banking

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Security Affairs

MARCH 2, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Architecture IoT Ransomware

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

Security Affairs

MARCH 27, 2025

Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware. While DeepSeek is rising in popularity, threat actors are attempting to exploit it by using fake sponsored Google ads to distribute malware, Malwarebytes researchers warn. ” reads the alert published by Malwarebytes.

Malware

Malware Data collection Advertising Media

Security Affairs Malware Newsletter – Round 5

Security Affairs

AUGUST 4, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Spyware Media Phishing

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

SecureList

JANUARY 18, 2023

The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. The media routinely report incidents and leaks of data that end up publicly accessible on the dark web. Malware-as-a-service: a greater number of cookie-cutter attacks, more complex tools.

Media

Media Social Engineering Ransomware Hacking

Crypto mining campaign targets Docker environments with new evasion technique

Security Affairs

APRIL 23, 2025

New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn. Researchers from Darktrace and Cado Security have spotted a malware campaign that targets Docker environments with a novel technique to mine cryptocurrency. These points can be converted to $TENEO tokens.

Cryptocurrency

Cryptocurrency Malware Media Hacking

New LightSpy spyware version targets iPhones with destructive capabilities

Security Affairs

NOVEMBER 1, 2024

LightSpy can steal files from multiple popular applications like Telegram, QQ, and WeChat, as well as personal documents and media stored on the device. Destructive plugin: capable of deleting media files from the device PushMessage 1.0.0 Destructive plugin: capable of deleting media files from the device PushMessage 1.0.0

Spyware

Spyware Media Hacking Malware

Cox Media Group took down broadcasts after a ransomware attack

Security Affairs

OCTOBER 9, 2021

American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. The American media conglomerate Cox Media Group (CMG) announced it was hit by a ransomware attack that caused the interruption of the live TV and radio broadcast streams in June 2021.

Media

Media Ransomware Identity Theft Insurance

Canadian authorities arrested alleged Snowflake hacker

Security Affairs

NOVEMBER 5, 2024

” UNC5537 used stolen credentials obtained via infostealer malware. Independent news outlet 404 Media also confirmed Krebs’s findings 404 Media in September 2024. This led to extensive data theft, with the attackers later attempting to extort victims and sell stolen data on criminal forums.

Unstructured Data

Unstructured Data Media Cybercrime Hacking

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware

Malware Software Technology Accountability

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. Contact is usually made through social media, by phone or in person. Antivirus protection Software that protects against viruses and malware.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

North Korea-linked APT37 exploited IE zero-day in a recent attack

Security Affairs

OCTOBER 19, 2024

APT37 exploited this flaw to trick victims into downloading malware on their desktops with the toast ad program installed. Cyber attacks conducted by the APT37 group mainly targeted government, defense, military, and media organizations in South Korea. dll), allowing type confusion to occur.

Internet

Internet Internet Engineering Malware

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 13, 2024

The Mexican Drug Cartels Want You Casio: Notice of Partial Service Outage and Information Leak Caused by Ransomware Attack He founded a “startup” to access sanctioned Russian websites: the cyber police of Khmelnytskyi region exposed the hacker Hacked ‘AI Girlfriend’ Data Shows Prompts Describing Child Sexual Abuse Malware Over 300,000!

Data breaches

Data breaches Cryptocurrency Cybercrime Artificial Intelligence

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

JUNE 27, 2022

The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The script will download and run the.NET bootloader “MSCommondll.exe,” which in turn will download and run the malware DarkCrystal RAT.

Telecommunications

Telecommunications Malware Media Passwords

WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

Security Affairs

APRIL 8, 2025

Its value stems from WhatsApp’s massive user base and the potential for covert access to private chats, media, and device-level control. In February, Meta announced that it had discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite).

Spyware

Spyware Media Surveillance Hacking

Apple fixed the first actively exploited zero-day of 2025

Security Affairs

JANUARY 27, 2025

The vulnerability is a privilege escalation vulnerability that impacts the Core Media framework. The Apple Core Media framework supports multimedia tasks like playback, recording, and manipulation of audio and video on iOS and macOS devices. “A malicious application may be able to elevate privileges.

Spyware

Spyware Surveillance Media Hacking

Operation SyncHole: Lazarus APT targets supply chains in South Korea

Security Affairs

APRIL 25, 2025

The attackers used multiple hacking tools and malware, including ThreatNeedle , Agamemnon downloader, wAgent , SIGNBT, and COPPERHEDGE. We found that the malware was running in the memory of a legitimateSyncHost.exeprocess, and was created as a subprocess of Cross EX, legitimate software developed in South Korea.”

Malware

Malware Software Encryption Hacking

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. ” reads the analysis published by NTT Security.

Malware

Malware Phishing Passwords Media

Adrozek malware silently inject ads into search results in multiple browsers

Security Affairs

DECEMBER 10, 2020

Microsoft warns of a new malware named Adrozek that infects devices and hijacks Chrome, Edge, and Firefox browsers by changing their settings. Microsoft warned of a new malware named Adrozek that infects devices and hijacks Chrome, Edge, and Firefox browsers by changing their settings and inject ads into search results pages.

Malware

Malware Advertising Media Engineering

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Security Affairs

FEBRUARY 2, 2025

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite).

Spyware

Spyware Hacking Surveillance Malware

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog GitHub addressed a critical vulnerability in Enterprise Server A new Linux variant of FASTCash malware targets financial systems WordPress Jetpack plugin critical flaw impacts 27 million sites Pokemon dev Game Freak discloses (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

15 SpyLoan Android apps found on Google Play had over 8 million installs

Security Affairs

NOVEMBER 30, 2024

Some of the malicious apps were promoted through deceptive advertising on social media. “ SpyLoan apps exploit official app stores like Google Play, deceptive branding, and social media ads to appear credible. The researchers reported the apps to Google who notified the developers that their apps violate Google Play policies.

Social Engineering

Social Engineering Media Mobile Scams

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Joseph Steinberg

APRIL 21, 2022

Data that must remain private simply cannot be readable by unauthorized parties – and that rule applies both when the relevant information is at rest on an internal server, in the cloud, or on some backup media, as well as when it is in transit over any form of network or other means of communication.

Encryption

Encryption Cybersecurity Artificial Intelligence Backups

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs

FEBRUARY 2, 2025

The Saim Raza group run multiple marketplaces that advertised and facilitated the sale of hacking and fraud tools, including malware, phishing kits and email extractors. Employees inadvertently exposed their ties through social media. The HeartSender group has sold phishing tools to criminals since 2020, causing over $3 million in U.S.

Cybercrime

Cybercrime Advertising Phishing Hacking

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports

Security Affairs

AUGUST 6, 2022

Greek intelligence admitted it had spied on a journalist, while citizens ask the government to reveal the use of surveillance malware. The head of the Greek intelligence told a parliamentary committee that they had spied on a journalist with surveillance malware , Reuters reported citing two sources present. ” reported Reuters.

Surveillance

Surveillance Malware Spyware Government

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

In case a criminal obtains private information, such as IP addresses, phone numbers, and domiciles, it may be exploited to initiate fraudulent schemes, blackmail, or doxing operations. The lack of a robust verification process, combined with the trust placed in authorities, increases the risk to users’ digital security and privacy.

Cybercrime

Cybercrime Social Engineering Accountability Government

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn. Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux.

Malware

Malware DDOS Architecture Financial Services

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Security Affairs

DECEMBER 31, 2021

Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions.

Malware

Malware Firmware Manufacturing Media

8Base ransomware group hacked Croatia’s Port of Rijeka

Security Affairs

DECEMBER 7, 2024

The CEO of the Croatian Port, Duko Grabovac, told local media outlet Novi list that despite threats actors stole some data, the incident had no impact on the operations at the post. Grabovac pointed out that his organization will not pay the ransom requested by the ransomware gang.

Ransomware

Ransomware Hacking Accountability Cyber Attacks

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 10, 2024

Mazda Connect flaws allow to hack some Mazda vehicles Veeam Backup & Replication exploit reused in new Frag ransomware attack Texas oilfield supplier Newpark Resources suffered a ransomware attack Palo Alto Networks warns of potential RCE in PAN-OS management interface iPhones in a law enforcement forensics lab mysteriously rebooted losing their (..)

Ransomware

Ransomware Cybercrime Phishing Banking

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

Security Affairs

MAY 20, 2024

Researchers discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors that used GitHub to distribute malware. The campaign shows how attackers exploit trusted internet services to carry out cyberattacks that steal personal information. This tactic allows them to avoid detection.

Malware

Malware Banking Software Advertising

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

China-linked APT group MirrorFace targets Japan

Security Affairs

JANUARY 10, 2025

Campaign A (20192023): Used emails with malware attachments (LODEINFO) to target politicians, media, and government. Campaign A relied on LODEINFO , a type of malware that infected systems primarily through malicious email attachments. Stay updated on network device vulnerabilities and apply patches promptly.

Antivirus

Antivirus Malware System Administration Technology

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Security Affairs

DECEMBER 5, 2022

Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. “In the Box” dark web marketplace is leveraged by cybercriminals to attack over 300 financial institutions (FIs), payment systems, social media and online-retailers in 43 countries.

Mobile

Mobile Malware Banking Retail

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Security Affairs

APRIL 23, 2021

The malware moves all files stored on the device to password-protected 7zip archives and demand the payment of a $550 ransom. The Taiwanese vendor published a security advisory to warn its customers of the ongoing attacks and is urging them to install the latest Malware Remover version and scan their devices for indicators of compromise.

Ransomware

Ransomware Backups Media Malware

CEO of cybersecurity firm charged with installing malware on hospital systems

DPRK-linked BlueNoroff used macOS malware with novel persistence

Trending Sources

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Crazy Evil gang runs over 10 highly specialized social media scams

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

Threat actors use fake AI tools to deliver the information stealer Noodlophile

Iran and China-linked actors used ChatGPT for preparing attacks

Hackers Hide Software Skimmer in Social Media Sharing Icons

International law enforcement operation dismantled RedLine and Meta infostealers

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

Security Affairs Malware Newsletter – Round 5

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

Crypto mining campaign targets Docker environments with new evasion technique

New LightSpy spyware version targets iPhones with destructive capabilities

Cox Media Group took down broadcasts after a ransomware attack

Canadian authorities arrested alleged Snowflake hacker

3CX Breach Was a Double Supply Chain Compromise

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

North Korea-linked APT37 exploited IE zero-day in a recent attack

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

Apple fixed the first actively exploited zero-day of 2025

Operation SyncHole: Lazarus APT targets supply chains in South Korea

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Adrozek malware silently inject ads into search results in multiple browsers

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

15 SpyLoan Android apps found on Google Play had over 8 million installs

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports

EDR-as-a-Service makes the headlines in the cybercrime landscape

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

How to implant a malware in hidden area of SSDs with Flex Capacity feature

8Base ransomware group hacked Croatia’s Port of Rijeka

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

Hackers are taking advantage of the interest in generative AI to install Malware

China-linked APT group MirrorFace targets Japan

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Stay Connected