Malware - Cyber Security Informer

Perfectl Malware

Schneier on Security

OCTOBER 14, 2024

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. The researchers are calling the malware Perfctl, the name of a malicious component that surreptitiously mines cryptocurrency. The naming convention is one of the many ways the malware attempts to escape notice of infected users.

Malware

Malware Cryptocurrency Internet Internet

Delivering Malware Through Abandoned Amazon S3 Buckets

Schneier on Security

FEBRUARY 12, 2025

Had this been an actual attack, they would have modified the code in those buckets to contain malware and watch as it was incorporated in different software builds around the internet. ”, we naively thought to ourselves. Turns out they got eight million requests over two months. But there’s a second dimension to this attack.

Malware

Malware Software Internet Internet

Screenshot-Reading Malware

Schneier on Security

FEBRUARY 7, 2025

Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more than 242,000 times.

Malware

Malware Spyware

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Thousands of WordPress Websites Infected with Malware

Schneier on Security

MARCH 10, 2025

The malware includes four separate backdoors : Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven’t seen before.

Malware

FBI Deletes PlugX Malware from Thousands of Computers

Schneier on Security

JANUARY 16, 2025

According to a DOJ press release , the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based ” Details : To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group.

Malware

Malware Hacking Software

Fake Reddit and WeTransfer Sites are Pushing Malware

Schneier on Security

JANUARY 30, 2025

There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing service. ” Boingboing post.

Malware

Malware Engineering

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

“If you need a server for a botnet, for malware, brute, scan, phishing, fakes and any other tasks, please contact us,” BEARHOST’s ad on one forum advises. A fake browser update page pushing mobile malware. And BEARHOST has been cultivating its reputation since at least 2019. Image: Intrinsec.

Malware

Malware Antivirus Software DDOS

CEO of cybersecurity firm charged with installing malware on hospital systems

Security Affairs

APRIL 26, 2025

Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma’s Computer Crimes Act. The man is accused of having installed the malware on the hospital computers on August 6, 2024. . Anthony Hospital. ” reads the hospital’s statement. ” St.

Malware

Malware Cybersecurity Healthcare Media

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Security Affairs

APRIL 16, 2025

Attackers infiltrated the supply chain, embedding malware in pre-installed apps. The experts found malware-laced applications pre-installed on the phone. The malware injected via LSPatch into ~40 legitimate-looking apps, including messengers and QR scanners, is dubbed dubbed Shibai. ” continues the report.

Malware

Malware Manufacturing Mobile Spyware

TP-Link Router Botnet

Schneier on Security

MARCH 14, 2025

There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically.

Manufacturing

Manufacturing Healthcare Malware Internet

Experts warn of a new wave of Bumblebee malware attacks

Security Affairs

OCTOBER 22, 2024

Experts warn of a new wave of attacks involving the Bumblebee malware, months after Europol’s ‘ Operation Endgame ‘ that disrupted its operations in May. The Bumblebee malware loader has resurfaced in new attacks, four months after Europol disrupted it during “ Operation Endgame ” in May.

Malware

Malware Phishing Ransomware Hacking

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of infected computers worldwide as part of a multi-month law enforcement operation.

Malware

Malware Government Hacking Cybersecurity

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.

DNS

DNS Malware Firmware Authentication

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” continues the alert.

Malware

Malware Scams Identity Theft Antivirus

CISA warns of RESURGE malware exploiting Ivanti flaw

Security Affairs

MARCH 30, 2025

Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware called RESURGE.

Malware

Malware Authentication Encryption Cybersecurity

Android malware FakeCall intercepts your calls to the bank

Malwarebytes

OCTOBER 31, 2024

Last time FakeCall reared its head, BleepingComputer reported that the malware was being distributed as fake banking apps that impersonate large financial institutions, as well as being distributed in phishing emails. The FakeCall malware abuses this trust by hijacking the user’s call to a financial institution.

Banking

Banking Malware Phishing Risk

J-magic malware campaign targets Juniper routers

Security Affairs

JANUARY 24, 2025

It activates upon detecting a “magic packet” with predefined parameters, enabling attackers to establish a reverse shell, control devices, steal data, or deploy malware. The J-magic campaign is notable for targeting JunoOS, a FreeBSD-based operating system that threat actors rarely target in malware attacks.

Malware

Malware VPN Encryption Hacking

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. You are then guided to execute PowerShell code designed to “fix” the supposed problem, unwittingly allowing malware to infiltrate their systems.

Scams

Scams Malware Phishing Social Engineering

Malicious QR codes sent in the mail deliver malware

Malwarebytes

NOVEMBER 15, 2024

Physical letters that contain a QR code to trick people into downloading malware are being sent through the mail, according to a warning issued by The Swiss National Cyber Security Centre (NCSC). Use anti-malware protection on your devices Your mobile devices are in need of protection just as much as your computer.

Malware

Malware Banking Mobile Software

Mobile malware evolution in 2024

SecureList

MARCH 3, 2025

million attacks involving malware, adware or unwanted mobile software were prevented. million malware, adware or unwanted software attacks targeting mobile devices. Some time later, the user received a phishing link to download malware disguised as a shipment tracking app. A total of 1.1 A total of 1.1

Mobile

Mobile Malware Adware Banking

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

Instead of converting files, the tools actually load malware onto victims computers. The FBI warned specifically about that malware leading to ransomware attacks, but we’ve also seen similar sites that install browser hijackers, adware, and potentially unwanted programs (PUPs). This is the actual malware.

Malware

Malware Adware Education Phishing

New sophisticate malware SuperCard X targets Androids via NFC relay attacks

Security Affairs

APRIL 21, 2025

Cleafy researchers discovered a new malware-as-a-service (MaaS) called SuperCard X targeting Android devices with NFC relay attacks for fraudulent cash-outs. Analysis of the SuperCard X campaign in Italy revealed custom malware builds tailored for regional use.

Malware

Malware Social Engineering Banking Engineering

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Security Affairs

APRIL 21, 2025

Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. The phishing emails either led to malware delivery via GRAPELOADER or redirected to the Ministry’s real website to appear legitimate. The malware is highly targeted and leaves no traces of the next-stage payload.

Malware

Malware Phishing Encryption Hacking

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Security Affairs

MAY 11, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape iClicker site hack targeted students with malware via fake CAPTCHA New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms Backdoor found in popular ecommerce components Stealthy Linux backdoor leveraging (..)

Malware

Malware eCommerce Hacking Ransomware

Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware

The Hacker News

MAY 7, 2025

The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures.

Social Engineering

Social Engineering Malware Engineering

News alert: CyTwist launches threat detection engine tuned to identify AI-driven malware in minutes

The Last Watchdog

JANUARY 7, 2025

Ramat Gan, Israel, January 7th, 2025, CyberNewswire — CyTwist , a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware. Evasion: AI-generated threats mimic human behavior, complicating detection for security teams.

Threat Detection

Threat Detection Engineering Malware Artificial Intelligence

JPCERT warns of DslogdRAT malware deployed in Ivanti Connect Secure

Security Affairs

APRIL 25, 2025

Researchers identified a new malware, named DslogdRAT, deployed after exploiting a now-patched flaw in Ivanti Connect Secure (ICS). JPCERT/CC researchers reported that a new malware, dubbed DslogdRAT, and a web shell were deployed by exploiting a zero-day vulnerability during attacks on Japanese organizations in December 2024.

Malware

Malware Hacking Authentication Cybersecurity

Russia's COLDRIVER Targets Western Entities with 'LOSTKEYS' Malware

SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The introduction of LOSTKEYS signifies a strategic shift towards deploying malware for direct data exfiltration.

Malware

Malware Social Engineering Engineering Government

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 44

Security Affairs

MAY 4, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape io_uring Is Back, This Time as a Rootkit I StealC You: Tracking the Rapid Changes To StealC Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin Using Trusted Protocols Against You: Gmail as a C2 (..)

Malware

Malware Cybercrime Government Hacking

Google Chrome AI extensions deliver info-stealing malware in broad attack

Malwarebytes

JANUARY 9, 2025

Small businesses and boutique organizations should use caution when leaning on browser-friendly artificial intelligence (AI) tools to generate ideas, content, and marketing copy, as a set of Google Chrome extensions were recently compromised to deliver info-stealing malware disguised as legitimate updates.

Malware

Malware Small Business Artificial Intelligence VPN

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

SecureWorld News

MARCH 13, 2025

A recent report from Tenable highlights how DeepSeek R1, an open-source AI model, can generate rudimentary malware, including keyloggers and ransomware. While the AI-generated malware required manual debugging to function properly, its mere existence signals an urgent need for security teams to adapt their defenses.

Malware

Malware Cybersecurity Cyber threats Threat Detection

Android malware turns phones into malicious tap-to-pay machines

Malwarebytes

APRIL 24, 2025

Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. The malware, which cybersecurity company Cleafy calls SuperCard X, uses a feature now found in most Android phones: near-field communication (NFC).

Malware

Malware Banking Software Social Engineering

ClickFix: How to Infect Your PC in Three Easy Steps

Krebs on Security

MARCH 14, 2025

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. This particular scam usually starts with a website popup that looks something like this: This malware attack pretends to be a CAPTCHA intended to separate humans from bots.

Phishing

Phishing Malware Scams Passwords

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

Security Affairs

FEBRUARY 24, 2025

CYFIRMA researchers discovered that the SpyLend Android malware was downloaded 100,000 times from the official app store Google Play. CYFIRMA researchers discovered an Android malware, named SpyLend, which was distributed through Google Play as Finance Simplified.

Malware

Malware Marketing Hacking Mobile

Detecting Pegasus Infections

Schneier on Security

DECEMBER 6, 2024

The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. This tool seems to do a pretty good job.

Spyware

Spyware Mobile Malware

Zoom attack tricks victims into allowing remote access to install malware and steal money

Malwarebytes

APRIL 24, 2025

ELUSIVE COMET targets its victims by luring them into a Zoom video call and then taking over their PC to install malware, infiltrate their accounts, and steal their assets. The attack is by a crime group that the Security Alliance call ELUSIVE COMET in a warning about the threat last month. He took the bait.

Malware

Malware Media Accountability Cryptocurrency

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

The Hacker News

MAY 12, 2025

Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile.

Artificial Intelligence

Artificial Intelligence Malware Advertising Media

CVE-2024-44243 macOS flaw allows persistent malware installation

Security Affairs

JANUARY 15, 2025

Bypassing SIP enables attackers to install rootkits, create persistent malware, bypass TCC protections, and expand the system’s vulnerability to further exploits. SIP in macOS safeguards the system by blocking the execution of unauthorized code. It allows App Store apps and notarized apps while blocking others by default.

Malware

Malware Hacking Information Security

ViperSoftX Malware: Arabic-Speaking Attackers Exploit PowerShell in New Cyberattack Campaign

Penetration Testing

APRIL 12, 2025

AhnLab Security intelligence Center (ASEC) has revealed a cyberattack campaign where Arabic-speaking attackers are distributing ViperSoftX malware, targeting The post ViperSoftX Malware: Arabic-Speaking Attackers Exploit PowerShell in New Cyberattack Campaign appeared first on Daily CyberSecurity.

Malware

Malware Security Intelligence Cybersecurity Software

Hiding WordPress malware in the mu-plugins directory to avoid detection

Security Affairs

APRIL 1, 2025

Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. The experts detailed two cases of malware hiding in the mu-plugins directory, which use different methods to compromise WordPress sites. “The presence of this malware can be identified by most obvious signs.

Malware

Malware Firewall Hacking Cybercrime

Lampion Malware Returns with ClickFix Tactics to Target Portuguese Sectors

Penetration Testing

MAY 7, 2025

Lampion, the banking malware first observed in 2019, has reemerged with new tricks. In a detailed analysis, Unit The post Lampion Malware Returns with ClickFix Tactics to Target Portuguese Sectors appeared first on Daily CyberSecurity.

Malware

Malware Banking Cybersecurity

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware

Malware Phishing Telecommunications Retail

News alert: SpyCloud study shows gaps in EDR, antivirus — 66% of malware infections missed

The Last Watchdog

APRIL 7, 2025

Despite advanced AI detection and telemetry analysis offered in todays EDR solutions, modern infostealer malware is designed to evade even the most sophisticated defenses, using tactics like polymorphic malware, memory-only execution, and exploitation of zero-day vulnerabilities or outdated software.

Antivirus

Antivirus Malware Cybercrime Identity Theft

New VPN Backdoor

Schneier on Security

JANUARY 27, 2025

A newly discovered VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by competing groups or detected by defenders.

VPN

VPN Encryption Malware Technology

Perfectl Malware

Delivering Malware Through Abandoned Amazon S3 Buckets

Webinars

Trending Sources

Screenshot-Reading Malware

Webinars

Thousands of WordPress Websites Infected with Malware

FBI Deletes PlugX Malware from Thousands of Computers

Fake Reddit and WeTransfer Sites are Pushing Malware

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

CEO of cybersecurity firm charged with installing malware on hospital systems

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

TP-Link Router Botnet

Experts warn of a new wave of Bumblebee malware attacks

FBI deleted China-linked PlugX malware from over 4,200 US computers

MikroTik botnet relies on DNS misconfiguration to spread malware

FBI warns of malicious free online document converters spreading malware

CISA warns of RESURGE malware exploiting Ivanti flaw

Android malware FakeCall intercepts your calls to the bank

J-magic malware campaign targets Juniper routers

Deceptive Google Meet Invites Lures Users Into Malware Scams

Malicious QR codes sent in the mail deliver malware

Mobile malware evolution in 2024

Warning over free online file converters that actually install malware

New sophisticate malware SuperCard X targets Androids via NFC relay attacks

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware

News alert: CyTwist launches threat detection engine tuned to identify AI-driven malware in minutes

JPCERT warns of DslogdRAT malware deployed in Ivanti Connect Secure

Russia's COLDRIVER Targets Western Entities with 'LOSTKEYS' Malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 44

Google Chrome AI extensions deliver info-stealing malware in broad attack

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

Android malware turns phones into malicious tap-to-pay machines

ClickFix: How to Infect Your PC in Three Easy Steps

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

Detecting Pegasus Infections

Zoom attack tricks victims into allowing remote access to install malware and steal money

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

CVE-2024-44243 macOS flaw allows persistent malware installation

ViperSoftX Malware: Arabic-Speaking Attackers Exploit PowerShell in New Cyberattack Campaign

Hiding WordPress malware in the mu-plugins directory to avoid detection

Lampion Malware Returns with ClickFix Tactics to Target Portuguese Sectors

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

News alert: SpyCloud study shows gaps in EDR, antivirus — 66% of malware infections missed

New VPN Backdoor

Stay Connected