Tag: malware
-
When AI moves beyond human oversight: The cybersecurity risks of self-sustaining systems
by
in SecurityNews
Tags: access, ai, attack, authentication, automation, breach, business, control, credentials, crowdstrike, cybersecurity, data, detection, email, exploit, firewall, fraud, government, identity, infection, login, malware, mfa, monitoring, network, phishing, risk, software, technology, threat, update, vulnerabilityautopoiesis, allows AI systems to adapt dynamically to their environments, making them more efficient but also far less predictable.For cybersecurity teams, this presents a fundamental challenge: how do you secure a system that continuously alters itself? Traditional security models assume that threats originate externally, bad actors exploiting vulnerabilities in otherwise stable systems. But with AI capable…
-
Gamaredon’s PteroLNK Malware: Stealthy Espionage Tactics Uncovered
by
in SecurityNewsA recent deep-dive analysis by HarfangLab uncovers new insights into the persistent and ever-evolving operations of Gamaredon, a First seen on securityonline.info Jump to article: securityonline.info/gamaredons-pterolnk-malware-stealthy-espionage-tactics-uncovered/
-
Malware spread via Node.js exploitation on the rise
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/malware-spread-via-node-js-exploitation-on-the-rise
-
Emulating the Stealthy StrelaStealer Malware
by
in SecurityNewsAttackIQ has released three new attack graphs designed to emulate the Tactics, Techniques, and Procedures (TTPs) associated with StrelaStealer observed in its most recent activities, enabling defenders to test and validate their detection and response capabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/emulating-the-stealthy-strelastealer-malware/
-
Threat Actors Leverage Cascading Shadows Attack Chain to Evade Detection and Hinder Analysis
by
in SecurityNewsA sophisticated multi-layered phishing campaign was uncovered, employing a complex attack chain known as >>Cascading Shadows
-
LummaStealer Exploits Windows Utility to Run Remote Code Disguised as .mp4 File
by
in SecurityNewsThe Cybereason Global Security Operations Center (GSOC) has shed light on the sophisticated tactics used by the LummaStealer malware to evade detection and execute malicious code. Originally spotted in 2022, this Russian-developed malware-as-a-service (MaaS) has continuously evolved its evasion techniques to target Windows systems. Advanced Evasion with mshta.exe LummaStealer’s operators have introduced a new technique…
-
Android Phones Pre-Downloaded With Malware Target User Crypto Wallets
The threat actors lace pre-downloaded applications with malware to steal cryptocurrency by covertly swapping users’ wallet addresses with their own. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/android-pre-downloaded-malware-crypto-wallets
-
Node.js malvertising campaign targets crypto users
Microsoft warns of a malvertising campaign using Node.js to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. Microsoft has observed Node.js increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. Threat actors are increasingly using Node.js to deploy malware, shifting from traditional…
-
Gamaredon’s PteroLNK VBScript Malware Infrastructure and TTPs Uncovered by Researchers
by
in SecurityNewsResearchers have unearthed details of the Pterodo malware family, notably the PteroLNK variant used by the Russian-nexus threat group, Gamaredon. The group, which is believed to be associated with Russia’s Federal Security Service (FSB), has been targeting Ukrainian entities, focusing on government, military, and critical infrastructure sectors as part of broader geopolitical conflicts. Tactics, Techniques,…
-
Neue ResolverRAT-Malware zielt auf Gesundheitsbranche
by
in SecurityNewsDer neue Remote Access Trojaner ResolverRAT nutzt DLL-Side-Loading-Probleme aus.Forscher von Morphisec haben einen neuen Remote Access Trojaner (RAT) mit dem Namen ResolverRAT entdeckt, der über Phishing-E-Mails mit bösartigen Anhängen verbreitet wird. Die Angreifer nutzen dabei als Köder Begriffe wie Urheberrechtsverletzungen, verschiedene Rechtsverstöße und laufende Ermittlungen. Die E-Mails sind in mehreren Sprachen verfasst, darunter Englisch, Hindi,…
-
Unmasking the new XorDDoS controller and infrastructure
by
in SecurityNewsCisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/unmasking-the-new-xorddos-controller-and-infrastructure/
-
Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers
Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration.The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance…
-
Agent Tesla Malware Uses Multi-Stage Attacks with PowerShell Scripts
by
in SecurityNewsResearchers from Palo Alto Networks have uncovered a series of malicious spam campaigns leveraging the notorious Agent Tesla malware through intricate, multi-stage infection vectors. The attack begins innocuously enough with the receipt of a socially engineered email, often crafted to appear legitimate and relevant to the recipient. These emails carry an archive attachment, which typically…
-
Russia-linked APT29 targets European diplomats with new malware
by
in SecurityNewsWINELOADER variant: While the Check Point researchers didn’t manage to obtain the final payload delivered by GRAPELOADER directly, they located a new variant of the WINELOADER backdoor that was uploaded to the VirusTotal scanning service around the same time and which has code and compilation time similarities to both AppvIsvSubsystems64.dll and ppcore.dll. As such, there…
-
Report: Network malware surged 94% in Q4 2024
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/report-network-malware-surged-94-in-q4-2024
-
China-Linked Hackers Lay Brickstorm Backdoors on Euro Networks
by
in SecurityNewsResearchers discovered new variants of the malware, which is tied to a China-nexus threat group, targeting Windows environments of critical infrastructure networks in Europe. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/china-linked-hackers-brickstorm-backdoors-european-networks
-
Beware! Online PDF Converters Tricking Users into Installing Password-Stealing Malware
by
in SecurityNewsCloudSEK’s Security Research team, a sophisticated cyberattack leveraging malicious online PDF converters has been demonstrated to target individuals and organizations globally. This attack, previously hinted at by the FBI’s Denver field office, involves the distribution of potent malware, known as ArechClient2, which is a variant of the harmful SectopRAT family of information stealers. The Deception…
-
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak – P2
by
in SecurityNewsThis is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by Mustang Panda that we have named PAKLOG and CorKLOG as well as an EDR evasion…
-
Latest Mustang Panda Arsenal: ToneShell and StarProxy – P1
by
in SecurityNewsIntroductionThe Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several previously undocumented tools. Mustang Panda, a China-sponsored espionage group, traditionally targets government-related entities, military entities, minority groups, and non-governmental organizations (NGOs) primarily…
-
Bösartige Kampagne der APT-Gruppe UNC5174 kombiniert Snowlight und VShell
by
in SecurityNewsDas Threat-Research-Team (TRT) von Sysdig hat eine laufende Kampagne der chinesischen APT-Gruppe UNC5174 aufgedeckt, die auf Linux-basierte Systeme in westlichen Ländern und im asiatisch-pazifischen Raum abzielt. Die Angreifer kombinieren dabei die bereits bekannte Snowlight-Malware mit dem Remote-Access-Trojaner (RAT) VShell, einem Open-Source-Tool, das als besonders schwer detektierbar gilt. Die initiale Infektion erfolgt über ein Bash-Skript, das…
-
Russians lure European diplomats into malware trap with wine-tasting invite
by
in SecurityNewsVintage phishing varietal has improved with age First seen on theregister.com Jump to article: www.theregister.com/2025/04/16/cozy_bear_grapeloader/
-
Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps
Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June 2024, Doctor Web researchers found cheap Android phones preloaded with fake WhatsApp and Telegram apps designed to steal crypto via clipping. These clippers swap copied wallet addresses with the attackers’ own. The campaign targeted low-end…
-
UNC5174 Deploys SNOWLIGHT Malware in Linux and macOS Attacks
A threat group believed to have ties with China’s state-sponsored cyber operations, identified as UNC5174, has launched a stealthy and technically advanced cyber campaign aimed at Linux and macOS environments. According to new research published by Sysdig, the group is… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/unc5174-snowlight-malware-linux-macos/
-
Chinese Hackers Unleash New BRICKSTORM Malware to Target Windows and Linux Systems
by
in SecurityNewsA sophisticated cyber espionage campaign leveraging the newly identified BRICKSTORM malware variants has targeted European strategic industries since at least 2022. According to NVISO’s technical analysis, these backdoors previously confined to Linux vCenter servers now infect Windows environments, employing multi-tiered encryption, DNS-over-HTTPS (DoH) obfuscation, and cloud-based Command & Control (C2) infrastructure to evade detection. The…
-
10 Best Email Security Solutions in 2025
Email security solutions are critical for protecting organizations from the growing sophistication of cyber threats targeting email communication. As email remains a primary channel for business communication, it is also the most exploited vector for attacks such as phishing, malware distribution, and business email compromise (BEC). Implementing robust email security measures ensures the confidentiality, integrity,…
-
94 Prozent mehr Netzwerk-Malware
by
in SecurityNewsDie aktuelle Lage der Cybersicherheit bleibt angespannt. Laut dem kürzlich veröffentlichten Internet Security Report von WatchGuard Technologies nimmt die Intensität und Vielfalt der Bedrohungen weiter zu. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/94-prozent-mehr-netzwerk-malware
-
Top Malware für März: FakeUpdates dominiert global
by
in SecurityNewsEin aktueller Report enthüllt: FakeUpdates bleibt die unangefochtene Nummer eins unter den Cyberbedrohungen in Deutschland ebenso wie weltweit. Die perfide Downloader-Malware dient Cyberkriminellen als Einfallstor und wird zunehmend in Kombination mit RansomHub eingesetzt, um Angriffe noch wirkungsvoller zu gestalten. In Deutschland steht weiterhin der Bildungssektor im Zentrum der Attacken. First seen on itsicherheit-online.com Jump to…
-
>>Livingthe-Land Techniques<< How Malware Families Evade Detection
Living-off-the-Land (LOTL) attacks have become a cornerstone of modern cyber threats, allowing malware to evade detection by leveraging legitimate system tools and processes. Rather than relying on custom malicious binaries that can be flagged by security solutions, attackers use trusted, built-in utilities to perform their objectives, making their activities blend seamlessly with normal system operations.…
-
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users
Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024.While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to…