Malware and Software - Cyber Security Informer

Delivering Malware Through Abandoned Amazon S3 Buckets

Schneier on Security

FEBRUARY 12, 2025

These buckets contained software libraries that are still used. The TL;DR is that this time, we ended up discovering ~150 Amazon S3 buckets that had previously been used across commercial and open source software products, governments, and infrastructure deployment/update pipelines—and then abandoned.

Malware

Malware Software Internet Internet

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. A fake browser update page pushing mobile malware. Image: Intrinsec. secrets.

Malware

Malware Antivirus Software DDOS

Oops: DanaBot Malware Devs Infected Their Own PCs

Krebs on Security

MAY 22, 2025

government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot , a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. DanaBot’s features, as promoted on its support site. DanaBot’s features, as promoted on its support site.

Malware

Malware Cybercrime Government Banking

FBI Deletes PlugX Malware from Thousands of Computers

Schneier on Security

JANUARY 16, 2025

According to a DOJ press release , the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based ” Details : To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group.

Malware

Malware Hacking Software

Pakistan Arrests 21 in ‘Heartsender’ Malware Service

Krebs on Security

MAY 28, 2025

Authorities in Pakistan have arrested 21 individuals accused of operating “ Heartsender ,” a once popular spam and malware dissemination service that operated for more than a decade. Some of the core developers and sellers of Heartsender posing at a work outing in 2021.

Malware

Malware Cybercrime Antivirus Scams

New MassJacker clipper targets pirated software seekers

Security Affairs

MARCH 15, 2025

Pirated software seekers are targeted by the new MassJacker clipper malware, according to CyberArk researchers. A new malware campaign spreading a new clipper malware dubbed MassJacker targets users searching for pirated software, Cyberark users warn. com) distributing pirated software that also spreads malware.

Software

Software Cryptocurrency Malware Encryption

Malicious QR codes sent in the mail deliver malware

Malwarebytes

NOVEMBER 15, 2024

Physical letters that contain a QR code to trick people into downloading malware are being sent through the mail, according to a warning issued by The Swiss National Cyber Security Centre (NCSC). And QR codes get typically read by mobile devices, which—unfortunately—still get overlooked when it comes to installing security software.

Malware

Malware Banking Mobile Software

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. What Are ClickFix Campaigns?

Scams

Scams Malware Phishing Social Engineering

CEO of cybersecurity firm charged with installing malware on hospital systems

Security Affairs

APRIL 26, 2025

Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma’s Computer Crimes Act. The man is accused of having installed the malware on the hospital computers on August 6, 2024. Anthony Hospital. Bowie was arrested on April 14, following the issuance of an arrest warrant.

Malware

Malware Cybersecurity Healthcare Media

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. The FBI urges reporting to IC3.gov.

Malware

Malware Scams Identity Theft Antivirus

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

The Hacker News

MAY 25, 2025

Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena.

Malware

Malware VPN Software Cybersecurity

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Security Affairs

MAY 28, 2025

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. The malware includes tools for password theft and stealthy access.” “This campaign underscores a constant trend: attackers are using sophisticated, modular malware built from open-source components.

Antivirus

Antivirus Malware Banking Passwords

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. com , filezillasoft[.]com

Software

Software Advertising Malware Accountability

Using Legitimate GitHub URLs for Malware

Schneier on Security

APRIL 22, 2024

Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.

Malware

Malware Social Engineering Engineering Software

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

SecureList

NOVEMBER 6, 2024

It spreads via forums posts, torrent trackers and blogs, imitating popular software like Foxit PDF Editor and AutoCAD. It also uses stealer malware to extract the victim’s credit card data as well as details about the infected device. GitHub payloads After that, the malware resolves the IP address behind the ankjdans[.]xyz

Software

Software Cryptocurrency Malware DNS

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Security Affairs

APRIL 16, 2025

Attackers infiltrated the supply chain, embedding malware in pre-installed apps. The experts found malware-laced applications pre-installed on the phone. The malware injected via LSPatch into ~40 legitimate-looking apps, including messengers and QR scanners, is dubbed dubbed Shibai. ” continues the report.

Malware

Malware Manufacturing Mobile Spyware

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Security Affairs

OCTOBER 29, 2024

Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “ Civil Defense.”

Malware

Malware Social Engineering Software Mobile

Mobile malware evolution in 2024

SecureList

MARCH 3, 2025

million attacks involving malware, adware or unwanted mobile software were prevented. million malware, adware or unwanted software attacks targeting mobile devices. Some time later, the user received a phishing link to download malware disguised as a shipment tracking app. A total of 1.1 A total of 1.1

Mobile

Mobile Malware Adware Banking

Fake AI Video Tools Spreading New “Noodlophile” Malware, Targets Thousands on Facebook

eSecurity Planet

MAY 11, 2025

Technical support consultant using programming to upgrade artificial intelligence simulation model As AI tools boom in popularity, cyberthieves are exploiting the excitement with fake AI video editing platforms that lure users into downloading malware. The Noodlophile Stealer is a new malware strain.

Malware

Malware Scams Media Artificial Intelligence

ChatGPT-Written Malware

Schneier on Security

JANUARY 10, 2023

I don’t know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. “It’s still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web,” company researchers wrote.

Malware

Malware Encryption Cybercrime Passwords

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems. It didn’t dawn on Doug until days later that the missed meeting with Mr. Lee might have been a malware attack. MacOS computers include X-Protect , Apple’s built-in antivirus technology.

Malware

Malware Cryptocurrency Software Phishing

Malwarebytes named “Best Antivirus Software” and “Best Malware Removal Service”

Malwarebytes

APRIL 14, 2025

Horn tooting time: We’re excited to say we’ve earned a coveted spot in PCMags Best Antivirus Software for 2025 list, and been recognized as the Best Malware Removal Service 2025 by CNET. Malwarebytes Premium proved highly effective in malware protection and defending against malicious and fraudulent web pages.

Antivirus

Antivirus Software Malware Accountability

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

The Hacker News

MAY 12, 2025

Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile.

Artificial Intelligence

Artificial Intelligence Malware Advertising Media

Warning: Fake AI Tools Spread CyberLock Ransomware and Numero Destructive Malware

Penetration Testing

MAY 29, 2025

As artificial intelligence continues to revolutionize industries, cybercriminals are exploiting the growing demand for AI-driven tools by embedding The post Warning: Fake AI Tools Spread CyberLock Ransomware and Numero Destructive Malware appeared first on Daily CyberSecurity.

Artificial Intelligence

Artificial Intelligence Malware Ransomware Cybersecurity

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers

Penetration Testing

MAY 14, 2025

The ReversingLabs research team has uncovered yet another software supply chain attack targeting the cryptocurrency ecosystem, this time The post PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers appeared first on Daily CyberSecurity.

Malware

Malware Cryptocurrency Software Cybersecurity

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

Troy Hunt

AUGUST 29, 2023

Today, the US Justice Department announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, and the United Kingdom to disrupt the botnet and malware known as Qakbot and take down its infrastructure.

Malware

Malware Passwords Password Management Antivirus

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Security Affairs

NOVEMBER 19, 2024

Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY , DEEPDATA, and DEEPPOST.

VPN

VPN Malware Spyware Passwords

Valve removed the game PirateFi from the Steam video game platform because contained a malware

Security Affairs

FEBRUARY 13, 2025

Valve removed a game from Steam because it contained malware, the company also warned affected users to reformat their operating systems. The Steam account of the developer for this game uploaded builds to Steam that contained suspected malware. ” A game called PirateFi released on Steam last week and it contained malware.

Malware

Malware Antivirus Accountability Software

Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware

Malwarebytes

MAY 28, 2025

Cybercriminals are taking advantage of the publics interest in Artificial Intelligence (AI) and delivering malware via text-to-video tools. After the first run, the malware displays an error window to trick victims into executing it again. For a full technical analysis of the malware, feel free to read the researchers’ report.

Malware

Malware Scams Artificial Intelligence Media

Android malware turns phones into malicious tap-to-pay machines

Malwarebytes

APRIL 24, 2025

Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. All you have to do is install the software and tap your card to your phone – and criminals excel at persuading you to do just that.

Malware

Malware Banking Software Social Engineering

Russia's COLDRIVER Targets Western Entities with 'LOSTKEYS' Malware

SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The introduction of LOSTKEYS signifies a strategic shift towards deploying malware for direct data exfiltration.

Malware

Malware Social Engineering Engineering Government

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The investigation into the makers and buyers of this phishing software has not yet been completed with the seizure of the servers and domains.”

Phishing

Phishing Cybercrime Advertising Malware

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. “Antivirus software trusts signed programs more. For some types of software, a digital signature is mandatory.”

Malware

Malware Cybercrime Software Accountability

How ToddyCat tried to hide behind AV software

SecureList

APRIL 7, 2025

Such software enjoys the trust of monitoring tools and doesn’t raise suspicions. Schematic of DLL proxying However, this is not enough to launch malware. ToddyCat created the TCESB DLL on its basis, modifying the original code to extend the malware’s functionality. EDRSandblast.a.

Software

Software Encryption Malware Firmware

Microsoft Patch Tuesday, November 2024 Edition

Krebs on Security

NOVEMBER 12, 2024

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. ” McCarthy also pointed to CVE-2024-43498 , a remote code execution flaw in.NET and Visual Studio that could be used to install malware. This bug has earned a CVSS severity rating of 9.8 (10 10 is the worst).

Authentication

Authentication Engineering Malware Passwords

ViperSoftX Malware: Arabic-Speaking Attackers Exploit PowerShell in New Cyberattack Campaign

Penetration Testing

APRIL 12, 2025

AhnLab Security intelligence Center (ASEC) has revealed a cyberattack campaign where Arabic-speaking attackers are distributing ViperSoftX malware, targeting The post ViperSoftX Malware: Arabic-Speaking Attackers Exploit PowerShell in New Cyberattack Campaign appeared first on Daily CyberSecurity.

Malware

Malware Security Intelligence Cybersecurity Software

Operation SyncHole: Lazarus APT goes back to the well

SecureList

APRIL 23, 2025

We have been tracking the latest attack campaign by the Lazarus group since last November, as it targeted organizations in South Korea with a sophisticated combination of a watering hole strategy and vulnerability exploitation within South Korean software. We found that the malware was running in the memory of a legitimate SyncHost.

Malware

Malware Software Encryption Internet

News alert: SpyCloud study shows gaps in EDR, antivirus — 66% of malware infections missed

The Last Watchdog

APRIL 7, 2025

Despite advanced AI detection and telemetry analysis offered in todays EDR solutions, modern infostealer malware is designed to evade even the most sophisticated defenses, using tactics like polymorphic malware, memory-only execution, and exploitation of zero-day vulnerabilities or outdated software.

Antivirus

Antivirus Malware Cybercrime Identity Theft

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

Security Affairs

DECEMBER 1, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Social Engineering Antivirus Engineering

North Korea actors use OtterCookie malware in Contagious Interview campaign

Security Affairs

DECEMBER 27, 2024

North Korea-linked threat actors are using the OtterCookie backdoor to target software developers with fake job offers. North Korea-linked threat actors were spotted using new malware called OtterCookie as part of the Contagious Interview campaign that targets software developer community with fake job offers.

Malware

Malware Cryptocurrency Software Hacking

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40

Security Affairs

APRIL 6, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor Advancements in delivery: Scripting with (..)

Malware

Malware Cryptocurrency Hacking Accountability

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware

Malware Phishing Telecommunications Retail

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware

Malware Cryptocurrency Engineering Encryption

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

RedLine and META targeted millions of victims worldwide, according to Eurojust it was one of the largest malware platforms globally. “Investigations into RedLine and Meta started after victims came forward and a security company notified authorities about possible servers in the Netherlands linked to the software.

Identity Theft

Identity Theft Passwords Malware Banking

Delivering Malware Through Abandoned Amazon S3 Buckets

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Trending Sources

Oops: DanaBot Malware Devs Infected Their Own PCs

FBI Deletes PlugX Malware from Thousands of Computers

Pakistan Arrests 21 in ‘Heartsender’ Malware Service

New MassJacker clipper targets pirated software seekers

Malicious QR codes sent in the mail deliver malware

Deceptive Google Meet Invites Lures Users Into Malware Scams

CEO of cybersecurity firm charged with installing malware on hospital systems

FBI warns of malicious free online document converters spreading malware

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Using Google Search to Find Software Can Be Risky

Using Legitimate GitHub URLs for Malware

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Mobile malware evolution in 2024

Fake AI Video Tools Spreading New “Noodlophile” Malware, Targets Thousands on Facebook

ChatGPT-Written Malware

Calendar Meeting Links Used to Spread Mac Malware

Malwarebytes named “Best Antivirus Software” and “Best Malware Removal Service”

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

Warning: Fake AI Tools Spread CyberLock Ransomware and Numero Destructive Malware

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Valve removed the game PirateFi from the Steam video game platform because contained a malware

Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware

Android malware turns phones into malicious tap-to-pay machines

Russia's COLDRIVER Targets Western Entities with 'LOSTKEYS' Malware

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Ask Fitis, the Bear: Real Crooks Sign Their Malware

How ToddyCat tried to hide behind AV software

Microsoft Patch Tuesday, November 2024 Edition

ViperSoftX Malware: Arabic-Speaking Attackers Exploit PowerShell in New Cyberattack Campaign

Operation SyncHole: Lazarus APT goes back to the well

News alert: SpyCloud study shows gaps in EDR, antivirus — 66% of malware infections missed

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

North Korea actors use OtterCookie malware in Contagious Interview campaign

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

International law enforcement operation dismantled RedLine and Meta infostealers

Stay Connected