Latest Malware news

New WogRAT malware abuses online notepad service to store malware

A new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code.
- Bill Toulas
- March 05, 2024
- 03:25 PM
- 0
ScreenConnect flaws exploited to drop new ToddlerShark malware

The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark.
- Bill Toulas
- March 04, 2024
- 05:14 PM
- 0
Stealthy GTPDOOR Linux malware targets mobile operator networks

Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks.
- Bill Toulas
- March 03, 2024
- 10:16 AM
- 2
CISA warns of Microsoft Streaming bug exploited in malware attacks

CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks.
- Sergiu Gatlan
- March 01, 2024
- 02:18 PM
- 0
New Bifrost malware for Linux mimics VMware domain for evasion

A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware.
- Bill Toulas
- February 29, 2024
- 04:36 PM
- 0
Malicious AI models on Hugging Face backdoor users’ machines

At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor.
- Bill Toulas
- February 28, 2024
- 05:12 PM
- 1
Japan warns of malicious PyPi packages created by North Korean hackers

Japan's Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware.
- Bill Toulas
- February 28, 2024
- 10:04 AM
- 0
LockBit ransomware secretly building next-gen encryptor before takedown

LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week.
- Bill Toulas
- February 22, 2024
- 08:51 AM
- 0
Hackers abuse Google Cloud Run in massive banking trojan campaign

Security researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban.
- Bill Toulas
- February 21, 2024
- 04:07 PM
- 0
New SSH-Snake malware steals SSH keys to spread across the network

A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure.
- Bill Toulas
- February 21, 2024
- 02:03 PM
- 2
Anatsa Android malware downloaded 150,000 times via Google Play

The Anatsa banking trojan has been targeting users in Europe by infecting Android devices through malware droppers hosted on Google Play.
- Bill Toulas
- February 19, 2024
- 08:34 AM
- 1
Hacker arrested for selling bank accounts of US, Canadian users

Ukraine's cyber police arrested a 31-year-old for running a cybercrime operation that gained access to bank accounts of American and Canadian users and sold them on the dark web.
- Bill Toulas
- February 18, 2024
- 10:06 AM
- 1
Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison

Ukrainian national Vyacheslav Igorevich Penchukov, one of the heads of the notorious JabberZeus cybercrime gang, has pleaded guilty to charges related to his leadership roles in the Zeus and IcedID malware groups.
- Sergiu Gatlan
- February 15, 2024
- 06:05 PM
- 2
New Qbot malware variant uses fake Adobe installer popup for evasion

The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December.
- Bill Toulas
- February 15, 2024
- 08:27 AM
- 0
New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraud

A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access.
- Bill Toulas
- February 15, 2024
- 03:00 AM
- 2
Ubuntu 'command-not-found' tool can be abused to spread malware

A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users.
- Bill Toulas
- February 14, 2024
- 11:00 AM
- 0
Hackers used new Windows Defender zero-day to drop DarkMe malware

Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT).
- Sergiu Gatlan
- February 13, 2024
- 03:52 PM
- 0
FBI seizes Warzone RAT infrastructure, arrests malware vendor

The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation.
- Bill Toulas
- February 12, 2024
- 06:09 PM
- 1
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.
- Bill Toulas
- February 12, 2024
- 11:20 AM
- 0
Raspberry Robin malware evolves with early access to Windows exploits

Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them.
- Bill Toulas
- February 10, 2024
- 10:11 AM
- 2