The Hacker News

MAY 12, 2025

Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile.

Artificial Intelligence 126

Artificial Intelligence Malware Advertising Media 126

The Last Watchdog

JANUARY 7, 2025

Ramat Gan, Israel, January 7th, 2025, CyberNewswire — CyTwist , a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware. Evasion: AI-generated threats mimic human behavior, complicating detection for security teams.

Threat Detection 130

Threat Detection Engineering Malware Artificial Intelligence 130

Malwarebytes

APRIL 24, 2025

ELUSIVE COMET targets its victims by luring them into a Zoom video call and then taking over their PC to install malware, infiltrate their accounts, and steal their assets. The group typically approaches victims with a supposed media opportunity to get them interested, and then sets up an introductory Zoom call. He took the bait.

Malware 138

Malware Media Accountability Cryptocurrency 138

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency.

Scams 86

Scams Media Cryptocurrency Cybercrime 86

The Last Watchdog

APRIL 7, 2025

Despite advanced AI detection and telemetry analysis offered in todays EDR solutions, modern infostealer malware is designed to evade even the most sophisticated defenses, using tactics like polymorphic malware, memory-only execution, and exploitation of zero-day vulnerabilities or outdated software.

Antivirus 113

Antivirus Malware Cybercrime Identity Theft 113

Security Affairs

JUNE 6, 2025

offers up to $10M for info on state hackers linked to RedLine malware and its creator, Maxim Rudometov, tied to attacks on U.S. “Maxim Alexandrovich Rudometov (Максим Александрович Рудомётов), born in 1999 in the Luhansk region of Ukraine, developed and has sold “information stealer” malware known as RedLine.”

Malware 88

Malware Passwords Identity Theft Government 88

Krebs on Security

JANUARY 31, 2025

The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “ The Manipulaters ,” have been the subject of three stories published here since 2015.

Phishing 272

Phishing Cybercrime Advertising Malware 272

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware 88

Malware Phishing Telecommunications Antivirus 88

Krebs on Security

NOVEMBER 1, 2024

” “That said, the phishing attacks stem from partners’ machines being compromised with malware, which has enabled them to also gain access to the partners’ accounts and to send the messages that your reader has flagged,” they continued. A scan of social media networks showed this is not an uncommon scam.

Phishing 276

Phishing Accountability Artificial Intelligence Cybercrime 276

The Hacker News

JUNE 8, 2025

OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things.

Accountability 136

Accountability Media Technology Hacking 136

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. as a media sharing device on a local network that was somehow exposed to the Internet. Image: spur.us.

Malware 305

Malware Passwords Accountability Advertising 305

SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The introduction of LOSTKEYS signifies a strategic shift towards deploying malware for direct data exfiltration.

Malware 86

Malware Social Engineering Government Engineering 86

Malwarebytes

JANUARY 3, 2025

The Nova Stealer and the Ageo Stealer are a Malware-as-a-Service (MaaS) stealer where criminals rent out the malware and the infrastructure to other criminals. Another campaign uses blogspot to host their malware. Protect your social media accounts by using Malwarebytes Identity Theft Protection. fr leyamor[.]com

Scams 142

Scams Identity Theft Cryptocurrency Accountability 142

Malwarebytes

JUNE 19, 2025

Take the 184 million logins for social media accounts we reported about recently. These malware variants silently extract credentials stored in browsers, email clients, messaging apps, and even crypto wallets, and send the data to cybercriminals. Now try to imagine 16 billion! billion records each.

Identity Theft 139

Identity Theft Passwords Phishing Accountability 139

Security Affairs

MAY 12, 2025

Morphisec researchers observed attackers exploiting AI hype to spread malware via fake AI tools promoted in viral posts and Facebook groups. Users seeking free AI video tools unknowingly download Noodlophile Stealer, a new malware that steals browser credentials, crypto wallets, and may install remote access trojans like XWorm.

Malware 113

Malware Media Cybercrime Scams 113

Security Affairs

OCTOBER 11, 2024

The group used the chatbot to receive support in Android malware development and to create a scraper for the social media platform Instagram. “This actor used our models to debug malware, for coding assistance in creating a basic scraper for Instagram, and to translate LinkedIn profiles into Persian.

Malware 138

Malware Social Engineering Engineering Hacking 138

Security Affairs

OCTOBER 29, 2024

RedLine and META targeted millions of victims worldwide, according to Eurojust it was one of the largest malware platforms globally. Authorities discovered that over 1 200 servers in dozens of countries were running the malware. ESET released a free online scanner for Redline and META that can help users detect and remove malware.

Identity Theft 128

Identity Theft Malware Passwords Banking 128

Security Affairs

DECEMBER 1, 2024

Deepfakes are media content—such as videos, images, or audio—created using GAI to realistically manipulate faces, voices, or even entire events. For example, these campaigns leverage fake social media accounts to post questions and comments about divisive internal issues in the U.S.

Artificial Intelligence 135

Artificial Intelligence Phishing Media Cybercrime 135

Adam Shostack

JANUARY 2, 2025

Why its ok to use the Defcon wifi Many security professionals, especially on social media, have an unfortunate tendency towards what we might call performative security. In contrast, there is a never-ending parade of warnings about malware in telecom infrastructure. It also assumes that all your apps are using TLS everywhere.

Media 246

Media Authentication Malware 246

SecureList

APRIL 23, 2025

We found that the malware was running in the memory of a legitimate SyncHost. Although the exact method by which Cross EX was exploited to deliver malware remains unclear, we believe that the attackers escalated their privileges during the exploitation process as we confirmed the process was executed with high integrity level in most cases.

Malware 143

Malware Software Encryption Internet 143

Schneier on Security

SEPTEMBER 19, 2024

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives.

Telecommunications 301

Telecommunications Media Malware Internet 301

SecureWorld News

JUNE 6, 2025

"The growing sophistication of malware and attacker objectives means OT-focused organizations must rethink how they segment, detect, and respond to threats," the report states. Top threats: malware and remote access tools The report highlights the alarming frequency of malware capable of disrupting OT systems.

Media 88

Media Social Engineering Malware Engineering 88

Graham Cluley

JUNE 12, 2025

ⓘ Malware attack disguises itself as DeepSeek installer Graham Cluley @ 10:47 am, June 12, 2025 @grahamcluley.com @ [email protected] Cybercriminals are exploiting the growing interest in open source AI models by disguising malware as a legitimate installer for DeepSeek. How are the bad guys spreading the malware?

Malware 67

Malware Cryptocurrency Accountability Advertising 67

Malwarebytes

MARCH 26, 2025

Our free Digital Footprint scan searches the dark web, social media, and other online sources, to tell you where your data has been exposed. Sure, its more convenient to get sites to remember your card details for you, but we highly recommend not storing that information. Find out what information is already out there.

Phishing 120

Phishing Malware Passwords Password Management 120

Zero Day

JUNE 18, 2025

Also: How new Facebook policies incentivize spreading misinformation For the first time this year (the RISJ has released a media report every year since 2012), the No. 1 spot, or the largest proportion of respondents who used a particular source in the past week, went to social media, with 54%.

Media 78

Media Password Management Small Business Artificial Intelligence 78

Malwarebytes

DECEMBER 5, 2024

Volt Typhoon made headlines earlier this year when the FBI removed their malware from hundreds of routers across the US. We don’t just report on threats – we help protect your social media Cybersecurity risks should never spread beyond a headline.

Encryption 142

Encryption Identity Theft Media Telecommunications 142

SecureList

MARCH 25, 2025

In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. Our research is still ongoing, but judging by the functionality of the sophisticated malware used in the attack, it seems the attackers’ goal was espionage. Generic Trojan.Win64.Agent Agent Trojan.Win64.Convagent.gen

Malware 140

Malware Technology Education Media 140

Security Affairs

MARCH 27, 2025

Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware. While DeepSeek is rising in popularity, threat actors are attempting to exploit it by using fake sponsored Google ads to distribute malware, Malwarebytes researchers warn. ” reads the alert published by Malwarebytes.

Malware 70

Malware Data collection Advertising Media 70

Krebs on Security

NOVEMBER 9, 2024

A review of EDR vendors across many cybercrime forums shows that some fake EDR vendors sell the ability to send phony police requests to specific social media platforms, including forged court-approved documents. “Unfortunately, a lot of this is phishing or malware campaigns,” Donahue said. dot-gov emails get hacked.

Hacking 294

Hacking Accountability Government Social Engineering 294

Security Affairs

JUNE 11, 2025

Between January and April 2025, INTERPOL led Operation Secure, a global effort that took down over 20,000 malicious IPs and domains linked to information-stealing malware. Meanwhile, Hong Kong Police analyzed over 1,700 intel items from INTERPOL, uncovering 117 command-and-control servers used for phishing, fraud, and social media scams.

Cybercrime 113

Cybercrime Data collection Scams Cyber threats 113

Malwarebytes

FEBRUARY 4, 2025

These agents could even hold people for ransom by matching stolen data online with publicly known email addresses or social media accounts, composing messages and holding entire conversations with victims who believe a human hacker out there has access to their Social Security Number, physical address, credit card info, and more.

Artificial Intelligence 144

Artificial Intelligence Small Business Malware Technology 144

Security Affairs

APRIL 23, 2025

New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn. Researchers from Darktrace and Cado Security have spotted a malware campaign that targets Docker environments with a novel technique to mine cryptocurrency. These points can be converted to $TENEO tokens.

Cryptocurrency 118

Cryptocurrency Malware Media Hacking 118

Malwarebytes

MAY 27, 2025

More likely, it was amassed by infostealersmalicious software (malware) that are designed specifically to gather sensitive information from infected devices. These malware variants silently extract credentials stored in browsers, email clients, messaging apps, and even crypto wallets. Use unique, complex passwords for every service.

Identity Theft 145

Identity Theft Passwords Accountability Phishing 145

SecureWorld News

JUNE 23, 2025

These quick scans can become gateways—not to a menu or coupon, but to malicious phishing sites, malware downloads, or credential theft. That code might redirect to a spoofed login page, a malware dropper, or a credential harvesting form. They've realized they don't need to hack complex systems when a curious scan can open the door.

Malware 73

Malware Phishing Marketing Mobile 73

Security Affairs

NOVEMBER 1, 2024

LightSpy can steal files from multiple popular applications like Telegram, QQ, and WeChat, as well as personal documents and media stored on the device. Destructive plugin: capable of deleting media files from the device PushMessage 1.0.0 Destructive plugin: capable of deleting media files from the device PushMessage 1.0.0

Spyware 143

Spyware Media Hacking Malware 143

Security Affairs

NOVEMBER 5, 2024

” UNC5537 used stolen credentials obtained via infostealer malware. Independent news outlet 404 Media also confirmed Krebs’s findings 404 Media in September 2024. This led to extensive data theft, with the attackers later attempting to extort victims and sell stolen data on criminal forums.

Unstructured Data 124

Unstructured Data Media Cybercrime Hacking 124

Security Affairs

APRIL 25, 2025

The attackers used multiple hacking tools and malware, including ThreatNeedle , Agamemnon downloader, wAgent , SIGNBT, and COPPERHEDGE. We found that the malware was running in the memory of a legitimateSyncHost.exeprocess, and was created as a subprocess of Cross EX, legitimate software developed in South Korea.”

Malware 94

Malware Software Encryption Hacking 94