Security Affairs

MAY 4, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape io_uring Is Back, This Time as a Rootkit I StealC You: Tracking the Rapid Changes To StealC Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin Using Trusted Protocols Against You: Gmail as a C2 (..)

Malware 82

Malware Cybercrime Government Hacking 82

Security Affairs

MARCH 29, 2025

“This report explores the features of Crocodilus, its links to known threat actors, and how it lures victims into helping the malware steal their own credentials.” ” The new threat mimics modern banking malware, using overlay attacks, keylogging, and remote access. ” ThreatFabric concludes.

Banking 69

Banking Mobile Identity Theft Malware 69

Security Affairs

MARCH 28, 2025

. “Preliminary findings indicate that the suspects developed malware called Mamont, which they distributed via Telegram channels under the guise of safe mobile applications and video files. Mamont spreads via Telegram, Mamont malware is delivered through Telegram channels.

Banking 117

Banking Computers and Electronics Mobile Malware 117

Security Affairs

APRIL 13, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by Chinas APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack (..)

Malware 75

Malware Spyware Government Mobile 75

Security Affairs

APRIL 2, 2025

The malware was discovered on counterfeit Android devices mimicking popular smartphone models. “The malware has broad functionality and gives attackers almost unlimited control over the gadget” The malware, embedded in the system framework, provides attackers full control over the device. 231 banking malware.

Malware 123

Malware Cryptocurrency Mobile Firmware 123

Security Affairs

SEPTEMBER 6, 2021

Security researcher ValdikSS found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores. A Russian security researcher that goes online with the name of ValdikSS has found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores.

Mobile 142

Mobile Malware Firmware Manufacturing 142

Security Affairs

FEBRUARY 16, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 67

Malware Data breaches Mobile Encryption 67

Security Affairs

MARCH 25, 2025

Researchers warn of a new Android malware that uses.NET MAUI to mimic legit services and evade detection. McAfee researchers warn of Android malware campaigns using.NET MAUI to evade detection. Another malware observed by the experts targets Chinese-speaking users, stealing contacts, SMS, and photos through third-party app stores.

Malware 74

Malware Encryption Banking Cyber threats 74

Security Affairs

NOVEMBER 25, 2024

.” An SMS blaster attack is a cyberattack where a large number of malicious or fraudulent SMS messages are sent to mobile devices within a specific area or to a targeted group. SMS blaster attacks can exploit vulnerabilities in mobile networks and typically require proximity to the targeted devices for localized attacks.

Mobile 126

Mobile Scams Technology Telecommunications 126

Security Affairs

MARCH 23, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer PlaybookThen a Second Hacker Strikes ClearFakes (..)

Malware 66

Malware Threat Detection Cryptocurrency Ransomware 66

Security Affairs

MARCH 30, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Microsoft Trusted Signing service abused to code-sign malware Shedding light on the ABYSSWORKER driver VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware New Android Malware Campaigns Evading (..)

Malware 66

Malware Ransomware Threat Detection Mobile 66

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 244

Malware VPN Internet Internet 244

Security Affairs

DECEMBER 5, 2022

Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. This trend comes from the “Man in The Browser” (MiTB) attacks and WEB-injects designed for traditional PC-based malware such as Zeus, Gozi and SpyEye.

Mobile 108

Mobile Malware Banking Retail 108

Security Affairs

DECEMBER 18, 2020

It is not the first time that threat actors attempt to exploit the interest of the gamers into new video games like has happened with mobile versions of the popular Fortnite back in 2028. Bleeping Computer pointed out that a Windows version of Cyberpunk 2017 installer was spotted in November by malware researchers at MalwareHunterTeam.

Mobile 144

Mobile Ransomware Encryption Malware 144

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. In July, Cisco fixed an actively exploited NX-OS zero-day that was exploited to install previously unknown malware as root on vulnerable switches. reads the report published by Sygnia.

Hacking 132

Hacking Internet Internet Malware 132

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Experts reported an uptick in malicious Android apps on the official Google Play store laced with the Joker mobile trojan. ” states a post published by the experts. explained. “If

Malware 145

Malware Mobile Spyware Encryption 145

Security Affairs

DECEMBER 30, 2020

T-Mobile has disclosed a data breach that exposed customers’ network information (CPNI), including phone numbers and calls records. T-Mobile has disclosed a data breach exposing customers’ account’s information. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Data breaches 145

Data breaches Mobile Telecommunications Accountability 145

Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). The use of popular instant messaging apps on both mobile and desktop devices broadens the attack surface, creating uncontrolled information exchange channels that bypass security measures.

Computers and Electronics 109

Computers and Electronics Telecommunications Malware Surveillance 109

Security Affairs

DECEMBER 12, 2024

These are the first known mobile malware families linked to the Russian APT. The two malware families can collect data such as SMS messages, call logs, phone call audio, photos from device cameras, device location, and contact lists. These findings tie the mobile surveillance families to Gamaredons desktop campaigns.

Mobile 99

Mobile Malware Surveillance Social Engineering 99

Security Affairs

APRIL 11, 2021

More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. ” reads the post published by Dr. Web.

Malware 145

Malware Spyware Mobile Antivirus 145

The Last Watchdog

MAY 15, 2023

Funso Richard , Information Security Officer at Ensemble , highlighted the gravity of these threats. These include ransomware targeting backend servers, distributed denial of service (DDoS) attacks, destructive malware, and even weaponizing charging stations to deploy malware.

Malware 230

Malware Manufacturing IoT Software 230

Security Affairs

AUGUST 16, 2021

T-Mobile confirms a breach after threat actors claimed to have obtained records of 100 million of its customers and offered them for sale. T-Mobile has confirmed a data breach that exposed personal information from over 100 million of its US customers. ” states an incident update published by the company.

Data breaches 134

Data breaches Mobile Telecommunications Wireless 134

Security Affairs

NOVEMBER 5, 2024

The ToxicPanda Android malware has infected over 1,500 devices, enabling attackers to perform fraudulent banking transactions. Cleafy researchers spotted a new Android banking malware, dubbed ToxicPanda, which already infected over 1,500 Android devices. ” continues the report.

Banking 123

Banking Malware Accountability Authentication 123

Security Affairs

AUGUST 23, 2024

Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs).

Phishing 134

Phishing Mobile Banking Social Engineering 134

Security Affairs

FEBRUARY 20, 2025

Orange Cyberdefense CERT uncovered a malware campaign, tracked as The Green Nailao campaign, that targeted European organizations, including healthcare, in late 2024, using ShadowPad , PlugX , and the previously undocumented NailaoLocker ransomware. ” reads the advisory Check Point Security Gateways. ” continues the report.

Healthcare 87

Healthcare Ransomware VPN Malware 87

Security Affairs

OCTOBER 18, 2023

IMEI is a unique number assigned to each mobile device and is used to identify a device on a mobile network. If that happens, it can cause disruptions to the mobile service of the device. The leak also increases the risk of malware attacks, as exposed information about phone models could be exploited by threat actors.

Mobile 137

Mobile Phishing Manufacturing Risk 137

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 110

Cryptocurrency Hacking Phishing Cyber Attacks 110

Security Affairs

MARCH 21, 2025

Representatives of the Security Service of Ukraine and the General Staff of the Armed Forces of Ukraine warned that Russia-linked threat actors are actively using Telegram for cyberattacks, spreading phishing and malware, geolocating users, adjusting missile strikes, etc. continues the announcement.

Government 144

Government Surveillance Mobile Hacking 144

Security Affairs

JUNE 22, 2021

Boffins developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones. The experts demonstrated that using the tool it is possible to bypass the Android anti-malware solutions performing permutations of the malware.

Malware 136

Malware Architecture Technology Mobile 136

Security Affairs

FEBRUARY 2, 2025

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite).

Spyware 110

Spyware Hacking Surveillance Malware 110

Security Affairs

JULY 10, 2022

French virtual mobile telephone operator La Poste Mobile was hit by a ransomware attack that impacted administrative and management services. . The ransomware attack hit the virtual mobile telephone operator La Poste Mobile on July 4 and paralyzed administrative and management services. . Who is behind the attack?

Mobile 114

Mobile Ransomware Identity Theft Phishing 114

Security Affairs

APRIL 27, 2024

ThreatFabric researchers identified a new Android malware called Brokewell, which implements a wide range of device takeover capabilities. ThreatFabric researchers uncovered a new mobile malware named Brokewell, which is equipped with sophisticated device takeover features. ” reads the report published by ThreatFabric.

Malware 134

Malware Spyware Authentication Mobile 134

Security Affairs

APRIL 8, 2025

In February, Meta announced that it had discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite). Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,mobile)

Spyware 117

Spyware Media Surveillance Hacking 117

Security Affairs

APRIL 13, 2025

Cell C is the fourth-largest mobile network operator in South Africa, , after Vodacom, MTN, and Telkom. The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and international calling, SIM-only plans and device deals.

Data breaches 130

Data breaches Unstructured Data Identity Theft Healthcare 130

Security Affairs

DECEMBER 27, 2023

Researchers discovered a new Android malware dubbed Xamalicious that can take full control of the device and perform fraudulent actions. McAfee Mobile Research Team discovered a new Android backdoor dubbed Xamalicious that can take full control of the device and perform fraudulent actions. ” reads the report published by McAfee.

Malware 132

Malware Encryption Social Engineering Marketing 132

Security Affairs

FEBRUARY 5, 2025

In late 2024, Kaspersky experts discovered a malicious campaign, called SparkCat, spreading malware to target crypto wallets. In March 2023, ESET found malware in modified versions of messengers using OCR to scan the victim’s gallery for images with recovery phrases to restore access to crypto wallets.

Malware 71

Malware Mobile Cryptocurrency Encryption 71

Security Affairs

SEPTEMBER 29, 2021

Security researchers uncovered a massive malware operation, dubbed GriftHorse, that has already infected more than 10 million Android devices worldwide. Security researchers from Zimperium have uncovered a piece of malware, dubbed GriftHorse, that has infected more than 10 million Android smartphones across more than 70 countries.

Malware 138

Malware Scams Mobile Phishing 138