Tag: infection
-
For healthcare orgs, DR means making sure docs can save lives during ransomware infections
by
in SecurityNewsOrganizational, technological resilience combined defeat the disease that is cybercrime First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/disaster_recovery_healthcare/
-
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada.”More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia,” Kaspersky said in a report. The infections were recorded between…
-
New Triada Trojan comes preinstalled on Android devices
A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections in Russia from March 13-27, 2025. The malware was discovered on counterfeit Android devices mimicking…
-
Hackers Use DeepSeek and Remote Desktop Apps to Deploy TookPS Malware
by
in SecurityNewsA recent investigation by cybersecurity researchers has uncovered a large-scale malware campaign leveraging the DeepSeek LLM and popular remote desktop applications to distribute the Trojan-Downloader.Win32.TookPS malware. The attackers targeted both individual users and organizations by disguising malicious software as legitimate business tools, including UltraViewer, AutoCAD, and SketchUp. Malicious Infrastructure and Infection Chain The TookPS malware…
-
For healthcare orgs, disaster recovery means making sure docs can save lives during ransomware infection
by
in SecurityNewsOrganizational, technological resilience combined defeat the disease that is cybercrime First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/disaster_recovery_healthcare/
-
KoiLoader Exploits PowerShell Scripts to Drop Malicious Payloads
by
in SecurityNewsCybersecurity experts at eSentire’s Threat Response Unit (TRU) uncovered a sophisticated malware campaign leveraging KoiLoader, a malicious loader designed to deploy information-stealing payloads. This campaign utilized PowerShell scripts and obfuscation techniques to bypass security measures and infect systems. The investigation revealed a multi-stage infection chain, highlighting the evolving tactics of cybercriminals. Infection Chain and Delivery…
-
Infostealer malware poses potent threat despite recent takedowns
by
in SecurityNewsHow CISOs can defend against infostealers: To defend against these threats, CISOs should rely on multi-factor authentication MFA and least privilege access to prevent their incursion into the corporate network, as well as endpoint detection and response (EDR) and anti-malware to detect and quarantine infostealers that manage to trick users into running the malware. Regular…
-
Multistage Info-Stealer SnakeKeylogger Targets Individuals and Businesses to Steal Login Credentials
by
in SecurityNewsSnakeKeylogger, a sophisticated multistage malware, has emerged as a significant threat to both individuals and businesses by targeting sensitive login credentials. This malware campaign is characterized by its stealthy in-memory execution and multi-stage infection chain, making it challenging to detect. The attack begins with a malicious spam email containing a .img file attachment, which, when…
-
Nation-State ‘Paragon’ Spyware Infections Target Civil Society
by
in SecurityNewsLaw enforcement entities in democratic states have been deploying top-of-the-line messaging app spyware against journalists and aid workers. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/nation-state-paragon-spyware-infections
-
Infostealers Fuel 2.1B Credentials and 23M Host Infections
by
in SecurityNewsCybercrime surged with a 33% spike in credential theft and 200 million credentials stolen in early 2025, signaling a daunting threat landscape for organizations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/trends/infostealers-2-1b-credentials-23m-hosts/
-
SocGholish Exploits Compromised Websites to Deliver RansomHub Ransomware
by
in SecurityNewsSocGholish, a sophisticated malware-as-a-service (MaaS) framework, has been identified as a key enabler in the distribution of RansomHub ransomware. This malicious framework exploits compromised websites by injecting them with obfuscated JavaScript loaders, which redirect users to fake browser update notifications. These notifications trick users into downloading and executing malicious files, thereby initiating the infection process.…
-
New Steganographic Malware Hides in JPG Files to Deploy Multiple Password Stealers
by
in SecurityNewsA recent cybersecurity threat has emerged in the form of a steganographic campaign that uses seemingly harmless JPG files to distribute multiple types of malware, including password stealers like Remcos and AsyncRAT. This sophisticated attack begins with a phishing email containing a malicious Excel document that exploits a known vulnerability, CVE-2017-0199, to initiate the infection…
-
The most notorious and damaging ransomware of all time
by
in SecurityNews
Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windowsConti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
-
Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
by
in SecurityNewsThe threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024.”The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates,” Check Point said in a new analysis.”More than 1,600 victims were affected during one…
-
APT ‘Blind Eagle’ Targets Colombian Government
by
in SecurityNewsThe South American-based advanced persistent threat group is using an exploit with a high infection rate, according to research from Check Point. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/apt-blind-eagle-targets-colombian-government
-
Beware! Fake CAPTCHA Hidden LummaStealer Threat Installing Silently
by
in SecurityNewsCybersecurity researchers at G DATA have uncovered a sophisticated malware campaign utilizing fake booking websites to deliver the LummaStealer malware through deceptive CAPTCHA prompts. This new attack vector, discovered in January 2025, marks a significant shift in LummaStealer’s distribution methods, moving from traditional channels like GitHub and Telegram to malvertising techniques. The infection chain begins…
-
How New AI Agents Will Transform Credential Stuffing Attacks
by
in SecurityNewsCredential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks, including those frequently performed by attackers.Stolen credentials: The…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 34
by
in SecurityNewsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. You’ve Got Malware: FINALDRAFT Hides in Your Drafts Telegram Abused as C2 Channel for New Golang Backdoor Infostealing Malware Infections in the U.S. Military & Defense Sector: A Cybersecurity Disaster in the Making Analyzing ELF/Sshdinjector.A!tr with…
-
Cracked Games, Cryptojacked PCs: The StaryDobry Campaign
by
in SecurityNewsOn December 31, cybercriminals launched a mass infection campaign, dubbed StaryDobry, leveraging the holiday season’s increased torrent traffic First seen on securityonline.info Jump to article: securityonline.info/cracked-games-cryptojacked-pcs-the-starydobry-campaign/
-
New Snake Keylogger Attempts 280 Million Infections Worldwide
by
in SecurityNews
Tags: infectionFortiGuard Labs has detected a new variant of the Snake Keylogger (also known as 404 Keylogger) using the advanced features of FortiSandbox v5.0 (FSAv5). This new strain, identified as AutoIt/Injector.GTY!tr, has triggered over 280 million blocked infection attempts worldwide. The… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/new-snake-keylogger-280-million-infections/
-
Pegasus spyware infections found on several private sector phones
by
in SecurityNewsMobile security company iVerify says that it discovered about a dozen new infections of the powerful Pegasus spyware on phones mostly used by people in private industry. First seen on therecord.media Jump to article: therecord.media/pegasus-spyware-infections-iverify
-
New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection
A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain.Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year.”Typically delivered through phishing emails containing malicious…
-
New Variant of macOS Threat XCSSET Spotted in the Wild
by
in SecurityNewsMicrosoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-variant-macos-threat-xcsset
-
Weaponized PDFs Deliver Lumma InfoStealer Targeting Educational Institutions
by
in SecurityNewsA sophisticated malware campaign leveraging the Lumma InfoStealer has been identified, targeting educational institutions to distribute malicious files disguised as PDF documents. This campaign employs compromised school infrastructure to deliver weaponized LNK (shortcut) files masquerading as legitimate PDFs, initiating a multi-stage infection process. The Lumma InfoStealer, a Malware-as-a-Service (MaaS) offering, is designed to exfiltrate sensitive…
-
Evolving Snake Keylogger Variant Targets Windows Users
by
in SecurityNewsA new Snake Keylogger variant, responsible for over 280 million blocked infection attempts worldwide, has been identified targeting Windows users First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/snake-keylogger-targets-windows/
-
XCSSET macOS malware reappears with new attack strategies, Microsoft sounds alarm
by
in SecurityNewsXcode developers targeted through infected projects: Microsoft reported that XCSSET continues to spread via compromised Xcode projects, a technique that has been in use since the malware’s discovery in 2020. Once an infected project is cloned or downloaded, the malware can embed itself within the developer’s system and further propagate when the infected code is…
-
Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
by
in SecurityNewsMicrosoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.”Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,” the Microsoft Threat Intelligence team said in a post shared on…