Tag: malware

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Where it’s been well and truly forked, seemingly without Microsoft’s code locker noticing

Worm rubs out competitor's malware, then takes control

All your compromised credentials are belong to us now instead of the other gang

US Marshals perform rooftop surveillance (editorial Use Only.) Pic credit: Elliott Cowand Jr / Shutterstock

Governments on high alert after CISA snuffs out Firestarter backdoor on fed network

Latest in long-running pwning of Cisco kit found in mystery Fed agency

Researchers find cyber-sabotage malware that may predate Stuxnet by five years

FAST16 could be the first cyberweapon, and its effects could be with us today

REG AD

Another npm supply chain worm is tearing through dev environments

Plus, the payload references 'TeamPCP/LiteLLM method'

macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets

Data from browsers, cryptocurrency wallets, 200+ extensions hoovered up

CPUID site hijacked to serve malware instead of HWMonitor downloads

Six-hour breach turned trusted links into a coin toss between legit tools and credential stealers

Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

Also, EU probes Snapchat, RedLine suspect extradited, AstraZeneca leak claim surfaces, and more

State snoops and spyware vendors planting info-stealing malware on iPhones, Google warns

Darksword is the second iOS exploit chain in a month

Cybercrime isn't just a cover for Iran's government goons - it's a key part of their operations

Ransomware, malware-as-a-service, infostealers benefit MOIS, too

Fake job applications pack malware that kills endpoint detection before stealing data

Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses

Spyware disguised as emergency-alert app sent to Israeli smartphones

Steals SMS messages, location data, contacts … and delivers it to Hamas-linked crew

REG AD

windows user. Pic: Alex Photo Stock / shutterstock

Microsoft spots ClickFix campaign getting users to self-pwn on Windows Terminal

Crooks tweak familiar copy-paste ruse so that victims run malicious commands themselves

Iran intelligence backdoored US bank, airport, software outfit networks

MOIS-linked MuddyWater crew has a new, custom implant

Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery

Crims hope for payday from malicious payloads rather than stealing access tokens

Double whammy: Steaelite RAT bundles data theft, ransomware in one evil tool

Credential and cryptocurrency theft, live surveillance, ransomware - an attacker's Swiss Army knife

A silhouette walks through a keyhole leaking binary

Suspected Nork digital intruders caught breaking into US healthcare, education orgs

Who is knocking at the Dohdoor?

Attacker gets into France's database listing all bank accounts, makes off with 1.2 million records

PLUS: Unpatched Ivanti boxes under attack; 0APT might not be a scam; AI gets better at helping cyber-scum; And more

Crims create fake remote management vendor that actually sells a RAT

$300 a month buys you a backdoor that looks like legit software

Android malware taps Gemini to navigate infected devices

For now, it might not function outside of a lab

AV vendor goes to war with security shop over update server scare

eScan lawyers up after Morphisec claimed 'critical supply-chain compromise'

Everybody is WinRAR phishing, dropping RATs as fast as lightning

Russians, Chinese spies, run-of-the-mill crims …

Remember VoidLink, the cloud-targeting Linux malware? An AI agent wrote it

AI + skilled malware developers = security threat

Chinese spies used Maduro's capture as a lure to phish US govt agencies

What's next for Venezuela? Click on the file and see

Logotypevector http://www.shutterstock.com/gallery-2653510p1.html

New Linux malware targets the cloud, steals creds, and then vanishes

Cloud-native, 37 plugins … an attacker's dream

Dutch cops cuff alleged AVCheck malware kingpin in Amsterdam

33-year-old was under surveillance for some time before returning home from the UAE

Court tosses appeal by hacker who opened port to coke smugglers with malware

Dutchman fails to convince judges his trial was unfair because cops read his encrypted chats

AI + ML

Illustration of a cypher-punk robot with a mohawk and general hipster-hype vibe

Yes, criminals are using AI to vibe-code malware

They also hallucinate when writing ransomware code

Fake Windows BSODs check in at Europe's hotels to con staff into running malware

Phishers posing as Booking.com use panic-inducing blue screens to bypass security controls

Donald Trump thumbs up photo via Shutterstock

Trump admin sends heart emoji to commercial spyware makers with lifted Predator sanctions

Also, Korean Air hacked, EmEditor installer hijacked, a perfect 10 router RCE vuln, and more

ATM jackpotting gang accused of unleashing Ploutus malware across US

Latest charges join the mountain of indictments facing alleged Tren de Aragua members

stressed exec in server room. pic shutterstock

React2Shell exploitation spreads as Microsoft counts hundreds of hacked machines

Security boffins warn flaw is now being used for ransomware attacks against live networks

REG AD

SantaStealer stuffs credentials, crypto wallets into a brand new bag

All I want for Christmas … is all of your data

Fresh ClickFix attacks use Windows Update trick-pics to steal credentials

Poisoned PNGs contain malicious code

Weaponized file name flaw makes updating glob an urgent job

PLUS: CISA issues drone warning; China-linked DNS-hijacking malware; Prison for BTC Samourai; And more

LLM-generated malware is improving, but don't expect autonomous attacks tomorrow

Researchers tried to get ChatGPT to do evil, but it didn't do a good job

REG AD

Logitech leaks data after zero-day attack

PLUS: CISA still sitting on telecoms security report; DoorDash phished again; Lumma stealer returns; and more

Gootloader malware back for the attack, serves up ransomware

Move fast - miscreants compromised a domain controller in 17 hours

Malware-pwned laptop gifts cybercriminals Nikkei's Slack

Stolen creds let miscreants waltz into 17K employees' chats, spilling info on staff and partners

A datacenter worker sitting down looking dejected

Attackers targeting unpatched Cisco kit notice malware implant removal, install it again

PLUS: Cyber-exec admits selling secrets to Russia; LastPass isn't checking to see if you're dead; Nation-state backed Windows malware; and more

Invisible npm malware pulls a disappearing act – then nicks your tokens

PhantomRaven slipped over a hundred credential-stealing packages into npm

Cybersecurity Month

Android malware types like your gran to steal banking creds

By appearing more human, it evades detection

Ghostly figure hovering in a wooded glen

Google nukes 3,000 YouTube videos that sowed malware disguised as cracked software

Check Point helps exorcise vast 'Ghost Network' that used fake tutorials to push infostealers

How malware vaccines could stop ransomware's rampage

Security pros explore whether infection-spoofing code can immunize Windows systems against attack

Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects

Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses

LockBit's new variant is 'most dangerous yet,' hitting Windows, Linux and VMware ESXi

Operation Cronos didn’t kill LockBit – it just came back meaner

Hotel manager shocked sitting in front of the monitor of computer.

Kaspersky: RevengeHotels checks back in with AI-coded malware

Old hotel scam gets an AI facelift, leaving travellers’ card details even more at risk

Suspected Iran-backed attackers targeting European aerospace sector with novel malware

Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer

Ivanti EPMM holes let miscreants plant shady listeners, CISA says

Unnamed org compromised with two malware sets

HybridPetya: More proof that Secure Boot bypasses are not just an urban legend

Although it hasn't been seen in the wild yet

We're number 1! America now leads the world in surveillanceware investment

Atlantic Council warns US investors are fueling a market that undermines national security

Beijing went to 'EggStreme' lengths to attack Philippines military, researchers say

Ovoid-themed in-memory malware offers a menu for mayhem

REG AD

Apple slips up on ChillyHell macOS malware, lets it past security . . . for 4 years

'We do believe that this was likely the creation of a cybercrime group,' threat hunter tells The Reg

Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python

Pro tip, don't install PowerShell commands without approval

Abstract illustration of malware on a smartphone

Malware-ridden apps made it into Google's Play Store, scored 19 million downloads

Everything's fine, the ad slinger assures us

Developer jailed for taking down employer's network with kill switch malware

Pro tip: When taking revenge, don't use your real name

Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in

Intruders hoped no one would notice their presence

Someone's poking the bear with infostealers targeting Russian crypto developers

If you wanted to hurt Putin’s ransomware racketeers, these info-stealing npm packages are one way to do it

Crooks can't let go: Active attacks target Office vuln patched 8 years ago

CVE-2017-11882 in discontinued Equation Editor still attracting keylogger campaigns despite software being killed off in 2018

Trend Micro offers weak workaround for already-exploited critical vuln in management console

PLUS: Crypto mixer founders plead guilty; Another French telco hacked; Meta fights WhatsApp scams; And more!

AI + ML

Microsoft researchers bullish on AI security agent even though it let 74% of malware slip through

Project Ire promises to use LLMs to detect whether code is malicious or benign

Study finds humans not completely useless at malware detection

Some pinpointed software nasties but were suspicious of printer drivers too

Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies

PXA Stealer pilfers data from nearly 40 browsers, including Chrome

Coyote malware abuses Microsoft's UI Automation to hunt banking creds

Some coyotes hunt squirrels, this one hunts users' financial apps

OSes

Arch Linux users told to purge Firefox forks after AUR malware scare

The distro's greatest asset is arguably also its greatest weakness

Applications

Stopping the rot when good software goes bad means new rules from the start

We need more paranoid Androids. And, well, everything else

Edge and Chrome logos next to each other

Massive browser hijacking campaign infects 2.3M Chrome, Edge users

These extensions weren't malware-laced from the start, researcher says

Beware of fake SonicWall VPN app that steals users' credentials

A good reminder not to download apps from non-vendor sites

Sneaky Serpentine#Cloud slithers through Cloudflare tunnels to inject orgs with Python-based malware

Phishing, Python and RATs, oh my

Minecraft cheaters never win ... but they may get malware

Infostealers posing as popular cheat tools are cropping up on GitHub

US capitol dome building exterior with cyber bits

Dems demand audit of CVE program as Federal funding remains uncertain

PLUS: Discord invite links may not be safe; Miscreants find new way to hide malicious JavaScript; and more!

DeepSeek installer or just malware in disguise? Click around and find out

'BrowserVenom' is pure poison

Two police officers inspect servers as part of Operation Secure's investigations into infostealer malware in Asia

Asia dismantles 20,000 malicious domains in infostealer crackdown

Interpol coordinates operation, nabs 32 across Vietnam, Sri Lanka, and Nauru

CISO who helped unmask Badbox warns: Version 3 is coming

The botnet’s still alive and evolving

Fresh strain of pro-Russian wiper flushes Ukrainian critical infrastructure

Destructive malware has been a hallmark of Putin's multi-modal war

Uncle Sam puts $10M bounty on RedLine dev and Russia-backed cronies

Any info on Maxim Rudometov and his associates? There's $$$ in it for you

More than a hundred backdoored malware repos traced to single GitHub user

Someone went to great lengths to prey on the next generation of cybercrooks

Lumma infostealer takedown may have inflicted only a flesh wound as crew keeps pinching and selling data

PLUS: Ransomware gang using tech support scam; Czechia accuses China of infrastructure attack; And more!

TeleMessage security SNAFU worsens as 60 government staffers exposed

PLUS: Interpol kills more malware; GoDaddy settles in awful infosec case; Giant stolen creds DB exposed

Suspected creeps behind DanaBot malware that hit 300K+ computers revealed

And the associated fraud'n'spy botnet is about to be shut down

Rubber duck (classic, yellow) floats on water. Photo by shutterstock

Feds finger Russian 'behind Qakbot malware' that hit 700K computers

Agents thought they shut this all down in 2023, but the duck quacked again

FBI, Microsoft, international cops bust Lumma infostealer service

Credit card theft losses in 2023 alone totaled $36.5M

Open source text editor poisoned with malware to target Uyghur users

Who could possibly be behind this attack on an ethnic minority China despises?

Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn

Sometimes, silence is the best option

Personal Tech

Google's email spoofed by cunning phisherfolk who re-used DKIM creds

PLUS: Malware developers adopt Node.js; US disinformation warriors disbanded; Gig worker accounts for sale; and more

Europol: Five pay-per-infect suspects cuffed, some spill secrets to cops

Officials teased more details to come later this year

Not again road sign with cloudy background

CISA spots spawn of Spawn malware targeting Ivanti flaw

Resurge an apt name for malware targeting hardware maker that has security bug after security bug

Networks

China’s FamousSparrow flies back into action, breaches US org after years off the radar

Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET

Microsoft admits GitHub hosted malware that infected almost a million devices

Also, phone cleaner apps are a data-sucking scam, Singapore considering the literal rod for scammers, and more

With millions upon millions of victims, scale of unstoppable info-stealer malware laid bare

244M purloined passwords added to Have I Been Pwned thanks to govt tip-off

200-plus impressively convincing GitHub repos are serving up malware

Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack

China's Silver Fox spoofs medical imaging apps to hijack patients' computers

Sly like a PRC cyberattack

potential attack on water systems . ops platform

Malware variants that target operational tech systems are very rare – but 2 were found last year

Snake Keylogger slithers into Windows, evades detection with AutoIt-compiled payload

XCSSET macOS malware returns with first new version since 2022

Apple missed screenshot-snooping malware in code that made it into the App Store, Kaspersky claims

Networks

Illustration of a Juniper network device with a backdoor

Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet

FBI wipes Chinese PlugX malware from thousands of Windows PCs in America

Japanese police claim China ran five-year cyberattack campaign targeting local orgs

FireScam infostealer poses as Telegram Premium app to surveil Android devices

'That's not a bug, it's a feature' takes on a darker tone when malware's involved

UK ICO not happy with Google's plans to allow device fingerprinting

Are your Prometheus servers and exporters secure? Probably not

Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks

First-ever UEFI bootkit for Linux in the works, experts say

Bootnotes

Swiss cheesed off as postal service used to spread malware

Don't open that 'copyright infringement' email attachment – it's an infostealer

Cybercrooks are targeting Bengal cat lovers in Australia for some reason

Belgian cops cuff 2 suspected cybercrooks in Redline, Meta infostealer sting

Dutch cops pwn the Redline and Meta infostealers, leak 'VIP' aliases

Perfctl malware strikes again as crypto-crooks target Docker Remote API servers

Pixel perfect Ghostpulse malware loader hides inside PNG image files

Internet Archive wobbles back online, with limited functionality

Cybersecurity Month

Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware

Cybersecurity Month

weeping techie with crumpled coffee cups

'Critical' CUPS vulnerability chain easy to use for massive DDoS attacks

Combination of a guy dressed as the devil in a business suit and a ransomware note

NCA unmasks man it suspects is both 'Evil Corp kingpin' and LockBit affiliate

bloodied hands reach out into the fog/cloud

Necro malware continues to haunt side-loaders of dodgy Android mods

Bad-looking robots glowing red with red eyes

Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town

What a coincidence. Spyware makers, Russia's Cozy Bear seem to share same exploits

OSes

Proof-of-concept code released for zero-click critical IPv6 Windows hole

Microsoft mistake blows up admins' inboxes with fake malware alerts

RansomHub-linked EDR-killing malware spotted in the wild

SharpRhino malware targets IT admins – Hunters International gang suspected

Bad apps bypass Windows security alerts for six years using newly unveiled trick

Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets

Breaking the economy of trust: How busts affect malware gangs

Five months after takedown, LockBit is a shadow of its former self

Illustration of a distorted digital skull

'LockBit of phishing' EvilProxy used in more than a million attacks every month

A devious goblin staring up at the stars

Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank

Beware of fake CrowdStrike domains pumping out Lumma infostealing malware

Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Cybercrooks spell trouble with typosquatting domains amid CrowdStrike crisis

FrostyGoop malware shut off heat to 600 Ukraine apartment buildings

Russia’s FIN7 is peddling its EDR-nerfing malware to ransomware gangs

Iran's MuddyWater phishes Israeli orgs with custom BugSleep backdoor

Cyber-crime super-crew Scattered Spider falls in love with RansomHub and Qilin

I spy another mSpy breach: Millions more stalkerware buyers exposed

Jess talking about ATT security for Kettle

Three words to send a chill down your spine: Snowflake. Intrusion. Alert

Generic pic of someone locking up a prison door

IcedID henchman gets nine years in clanger for abusing malware to drain bank accounts

China's APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox

Malware that is 'not ransomware' wormed its way through Fujitsu Japan's systems

ViperSoftX variant spotted abusing .NET runtime to disguise data theft

Houthi rebels are operating their own GuardZoo spyware

Avast secretly gave DoNex ransomware decryptors to victims before crims vanished

Not-so-OpenAI allegedly never bothered to report 2023 data breach

Europol nukes nearly 600 IP addresses in Cobalt Strike crackdown

Baddies hijack Korean ERP vendor's update systems to spew malware

Microsoft tells yet more customers their emails have been stolen

Korean telco allegedly infected its P2P users with malware

Cybercrooks get cozy with BoxedApp to dodge detection

New Nork-ish cyberespionage outfit uncovered after three years

Euro cops disrupt malware droppers, seize thousands of domains

Suspected supply chain attack backdoors courtroom recording software

Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks

Discord dismantles Spy.pet site that snooped on millions of users

US House approves FISA renewal – warrantless surveillance and all

Illustration of someone about to shoot themselves in the foot

Head of Israeli cyber spy unit exposed ... by his own privacy mistake

Microsoft confirms memory leak in March Windows Server security update

It's 2024 and North Korea's Kimsuky gang is exploiting Windows Help files

ChatGPT side-channel attack has easy fix: Token obfuscation

Chinese PC-maker Acemagic customized its own machines to get infected with malware

That home router botnet the Feds took down? Moscow's probably going to try again

Someone in an orange jumpsuit in cuffs behind bars

Zeus, IcedID malware kingpin faces 40 years in slammer

Futuristic face laid over program source code

Cybercriminals are stealing iOS users' face scans to break into mobile banking accounts

North Korea running malware-laden gambling websites as-a-service

Bumblebee malware wakes from hibernation, forgets what year it is, attacks with macros

Raspberry Robin devs are buying exploits for faster attacks

Chinese Coathanger malware hung out to dry by Dutch defense department

A broken padlock on top of a computer circuit board

Interpol's latest cybercrime intervention dismantles ransomware, banking malware servers

So, are we going to talk about how GitHub is an absolute boon for malware, or nah?

Google password resets not enough to stop these info-stealing malware strains

Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials

Stacy Newman http://www.shutterstock.com/gallery-346618p1.html

Qakbot's backbot: FBI-led takedown keeps crims at bay for just 3 months

NKabuse backdoor harnesses blockchain brawn to hit several architectures

Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware

CISA details twin attacks on federal servers via unpatched ColdFusion flaw

US readies prison cell for another Russian Trickbot developer

Employer looks at smiling candidate's CV

North Korea makes finding a gig even harder by attacking candidates and employers

Novel backdoor persists even after critical Confluence vulnerability is patched

MOVEit cybercriminals unearth fresh zero-day to exploit on-prem SysAid hosts

Fresh find shines new light on North Korea’s latest macOS malware

Mozi botnet murder mystery: China or criminal operators behind the kill switch?

Cybercrooks amp up attacks via macro-enabled XLL files

Paying for WinRAR in all the wrong ways - Russia and China hitting ancient app

Malware crooks find an in with fake browser updates, in case real ones weren't bad enough

BLOODALCHEMY provides backdoor to southeast Asian nations' secrets

GoldDigger Android trojan targets Vietnamese banking apps, code contains hints of wider targets

North Korea's Lazarus Group upgrades its main malware

T-Mobile US exposes some customer data – but don't call it a breach

Meatbag mishaps more menacing than malware? CISOs think so

Roman Sigaev http://www.shutterstock.com/gallery-78671p1.html

Malware loader lowdown: The big 3 responsible for 80% of attacks so far this year

A phone showing the Chrome app icon buried in dollar bills

Maker of Chrome extension with 300,000+ users tells of constant pressure to sell out

Undiplomatic Chinese threat actor attacks embassies and foreign affairs departments

Ex-FBI employee jailed for taking classified material home

Illustration of someone in a yoga lotus position against a space background

To kill BlackLotus malware, patching is a good start, but...

Over 100,000 compromised ChatGPT accounts found for sale on dark web

Data leak at major law firm sets Australia's government and elites scrambling

Storage

Hijacked S3 buckets used in attacks on npm packages

A kid in warm clothes holds a flag of Ukraine

Microsoft: Russia sent its B team to wipe Ukrainian hard drives

Last of the Gozi 3 sentenced over Windows info-stealing malware ops

Google puts $1M behind its promise to detect cryptomining malware

Qbot malware adapts to live another day … and another …

York Racecourse, York, UK : 23 July 2021 : Pop Star and legend Rick Astley performs live on stage after racing at York Racecourse

Australian cyber-op attacked ISIL with the terrifying power of Rickrolling

Meet TeamT5, the Taiwanese infosec outfit taking on Beijing and defeating its smears

This malicious PyPI package mixed source and compiled code to dodge detection

Ukraine war blurs lines between cyber-crims and state-sponsored attackers

Power plant + electricity pylons at sunset

Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids

This legit Android app turned into mic-snooping malware – and Google missed it

Google settles location tracking lawsuit for only $39.9M

House of cards shaped pyramid made with US dollars

Ransomware-as-a-service groups rain money on their affiliates

Cartoonish composition of a crook shrugging in front of the Microsoft Office icons

No more macros? No problem, say miscreants, we'll adapt

Millions of mobile phones come pre-infected with malware, say researchers