Geek-Guy.com

Category: malware

Stay ahead of cyber threats with the latest malware news, ransomware alerts, and virus analysis. Geek-Guy tracks emerging infections and removal trends.

AI, Artificial Intelligence, Global Security News, malware, Podcast, Ransomware

Smashing Security podcast #433: How hackers turned AI into their new henchman

Your AI reads the small print, and that’s a problem. This week in episode 433 of “Smashing Security” we dig into LegalPwn – malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a harmless calculator). Meanwhile, new research from Anthropic reveals that hackers have already…

Read more →

AI, Compliance, Global Security News, malware, Network Security, privacy

How hackers turned AI into their new henchman

Your AI reads the small print, and that’s a problem. This week in episode 433 of “Smashing Security” we dig into LegalPwn – malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a harmless calculator). Meanwhile, new research from Anthropic reveals that hackers have already…

Read more →

Breaking News, cyber crime, Exploits, Global Security News, malware, Security

Android droppers evolved into versatile tools to spread malware

Android droppers now spread banking trojans, SMS stealers, and spyware, disguised as government or banking apps in India and Asia. ThreatFabric researchers warn of a shift in Android malware: dropper apps now deliver not just banking trojans, but also SMS stealers and spyware, mainly in Asia. Google’s Pilot Program enhances Play Protect by scanning Android…

Read more →

Breaking News, cyber crime, Global Security News, malware, Security

Crooks exploit Meta malvertising to target Android users with Brokewell

Cybercriminals spread Brokewell via fake TradingView Premium ads on Meta, stealing crypto and data with remote control since July 2024. Bitdefender warns threat actors are abusing Meta ads to spread fake TradingView Premium apps for Android, delivering Brokewell malware to steal crypto and data. “Bitdefender researchers recently uncovered a wave of malicious ads on Facebook…

Read more →

APT, Global Security News, hacking, malware, Security

North Korea’s APT37 deploys RokRAT in new phishing campaign against academics

ScarCruft (APT37) launches Operation HanKook Phantom, a phishing campaign using RokRAT to target academics, ex-officials, and researchers. Cybersecurity firm Seqrite Labs uncovered a phishing campaign, tracked as dubbed Operation HanKook Phantom, by the North Korea-linked group APT37 (aka Ricochet Chollima, ScarCruft, Reaper, and Group123). Threat actors are using a fake “National Intelligence Research Society Newsletter…

Read more →

AI, Breaking News, ChatGPT, Global Security News, hacking, malware

ESET warns of PromptLock, the first AI-driven ransomware

ESET found PromptLock, the first AI-driven ransomware, using OpenAI’s gpt-oss:20b via Ollama to generate and run malicious Lua scripts. In a series of messages published on X, ESET Research announced the discovery of the first known AI-powered ransomware, named PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to…

Read more →

AI, Breaking News, ChatGPT, Global Security News, hacking, malware

ESET warns of PromptLock, the first AI-driven ransomware

ESET found PromptLock, the first AI-driven ransomware, using OpenAI’s gpt-oss:20b via Ollama to generate and run malicious Lua scripts. In a series of messages published on X, ESET Research announced the discovery of the first known AI-powered ransomware, named PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to…

Read more →

AI, Breaking News, ChatGPT, Global Security News, hacking, malware

ESET warns of PromptLock, the first AI-driven ransomware

ESET found PromptLock, the first AI-driven ransomware, using OpenAI’s gpt-oss:20b via Ollama to generate and run malicious Lua scripts. In a series of messages published on X, ESET Research announced the discovery of the first known AI-powered ransomware, named PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to…

Read more →

AI, Breaking News, ChatGPT, Global Security News, hacking, malware

ESET warns of PromptLock, the first AI-driven ransomware

ESET found PromptLock, the first AI-driven ransomware, using OpenAI’s gpt-oss:20b via Ollama to generate and run malicious Lua scripts. In a series of messages published on X, ESET Research announced the discovery of the first known AI-powered ransomware, named PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security

China linked UNC6384 targeted diplomats by hijacking web traffic

The China-linked APT group UNC6384 targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group UNC6384 targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversary-in-the-middle…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security

China linked UNC6384 targeted diplomats by hijacking web traffic

The China-linked APT group UNC6384 targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group UNC6384 targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversary-in-the-middle…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security

China linked UNC6384 targeted diplomats by hijacking web traffic

The China-linked APT group UNC6384 targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group UNC6384 targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversary-in-the-middle…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security

China linked UNC6384 targeted diplomats by hijacking web traffic

The China-linked APT group UNC6384 targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group UNC6384 targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversary-in-the-middle…

Read more →

Global Security News, Law & order, malware, Microsoft, Podcast, vulnerability

Smashing Security podcast #431: How to mine millions without paying the bill

In episode 431 of the “Smashing Security” podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills. Meanwhile, we look at the growing threat of EDR-killer tools that can quietly switch off your endpoint protection before an attack even begins. And…

Read more →

AI, cyber security, Endpoint, Exploits, Global Security News, malware

How to Build a Homoglyph Phishing Link That Bypasses Human Detection — Even Booking.com Users

A newly discovered phishing campaign is leveraging a Unicode homoglyph trick to impersonate Booking.com and distribute malicious MSI installers capable of delivering infostealers or remote access trojans (RATs). This attack, spotted by security researcher JamesWT, exploits the Japanese hiragana character “ん” (U+3093), which can visually resemble a forward slash (“/”) or “/n” in certain fonts,…

Read more →

Breaking News, Exploits, Global Security News, hacking, hacking news, information security news, malware

New Linux backdoor Plague bypasses auth via malicious PAM module

A stealthy Linux backdoor named Plague, hidden as a malicious PAM module, allows attackers to bypass auth and maintain persistent SSH access. Nextron Systems researchers discovered a new stealthy Linux backdoor called Plague, hidden as a malicious PAM (Pluggable Authentication Module) module. It silently bypasses authentication and grants persistent SSH access. A Pluggable Authentication Module…

Read more →

AI, Asia Pacific, Breaking News, cyber crime, Cybercrime, Global Security News, malware

Malicious AI-generated npm package hits Solana users

AI-generated npm package @kodane/patch-manager drained Solana wallets; 1,500+ downloads before takedown on July 28, 2025. AI-generated npm package @kodane/patch-manager was flagged for hiding malicious software to drain Solana wallets. The package was uploaded on July 28, 2025, and it was downloaded more than 1,500 times before takedown. “The package @kodane/patch-manager, is a sophisticated cryptocurrency wallet…

Read more →

Breaking News, cyber crime, Global Security News, hacking, malware, Security

CISA released Thorium platform to support malware and forensic analysis

CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium, a new open-source platform designed to support malware and forensic analysis. The platform was designed in collaboration with Sandia National Laboratories, the US Agency presented it as a scalable, open-source platform…

Read more →

APT, Global Security News, hacking, intelligence, malware, Security

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON)  targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This…

Read more →

Breaking News, cyber crime, FunkSec ransomware, Global Security News, malware, Security

Researchers released a decryptor for the FunkSec ransomware

Researchers have released a decryptor for the ransomware FunkSec, allowing victims to recover their encrypted files for free. Researchers at Avast developed a decryptor for the FunkSec ransomware. Gen Digital researchers released a decryptor for the FunkSec ransomware after cooperating with law enforcement to neutralize the threat. “Researchers at Avast developed a decryptor for the…

Read more →

Breaking News, cyber crime, Cybercrime, Global Security News, malware, North America

FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

FBI Dallas seized 20 BTC from Chaos ransomware affiliate “Hors,” tied to cyberattacks on Texas firms, on April 15, 2025. The FBI division in Dallas seized about 20 Bitcoins on April 15, 2025, from a wallet belonging to a Chaos ransomware affiliate named as “Hors.” The Hors affiliate is responsible for multiple cyberattacks on Texas…

Read more →

Breaking News, cyber crime, Exploits, Global Security News, hacking, malware

Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324, to deploy Auto-Color Linux malware in a U.S. chemicals firm attack. “In April 2025, Darktrace identified an Auto-Color backdoor malware attack…

Read more →

Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict Uncovering a Stealthy WordPress Backdoor in mu-plugins      NPM package ‘is’ with 2.8M weekly downloads infected devs with malware Coyote in the Wild: First-Ever…

Read more →

Breaking News, cyber crime, Exploits, Global Security News, hacking, malware

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

An international law enforcement operation seized the dark web data leak site of the BlackSuit ransomware group. A banner on the BlackSuit ransomware group’s TOR data leak sites informs visitors that they were seized by U.S. Homeland Security Investigations in a global law enforcement operation. The notice features logos of 17 law enforcement agencies and…

Read more →

Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, malware

Koske, a new AI-Generated Linux malware appears in the threat landscape

Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence. Koske is a new Linux AI-generated malware that was developed for cryptomining activities. Aquasec researchers reported that the malicious code uses rootkits and polyglot image file abuse to evade detection. Attackers exploit a misconfigured server to drop backdoors…

Read more →

Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, malware

Coyote malware is first-ever malware abusing Windows UI Automation

New Coyote malware uses Windows UI Automation to steal banking credentials, targeting Brazilian users across 75 banks and crypto platforms. Coyote malware is now the first to exploit Microsoft’s UI Automation framework in the wild, validating prior warnings from Akamai researchers in December 2024. The UI Automation (UIA) framework is a Microsoft accessibility framework that…

Read more →

Breaking News, cyber crime, Cybercrime, Global Security News, malware, Security

Stealth backdoor found in WordPress mu-Plugins folder

A new stealth backdoor has been discovered in the WordPress mu-plugins folder, granting attackers persistent access and control over compromised sites. Sucuri researchers found a stealthy backdoor hidden in WordPress’s “mu-plugins” folder. These plugins auto-run and allow attackers to stay hidden in admin, and maintain persistence. “must-use plugins” are special WordPress plugins that cannot be…

Read more →

AI, Apps, china, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, Information Security, malware, vulnerabilities, vulnerability

Microsoft SharePoint Zero-Day EXPLAINED — How Hackers Got In Without a Password

Two previously unknown zero-day vulnerabilities in Microsoft SharePoint Server (on-premises) are being actively exploited in the wild as part of a highly coordinated espionage campaign. Microsoft has linked these attacks to China-based APT actors, and at least 75 organizations worldwide have confirmed breaches. The flaws, identified as CVE-2025-53770 and CVE-2025-53771, enable unauthenticated remote code execution…

Read more →

APT, Breaking News, Global Security News, hacking, intelligence, malware, North America

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

Iran-linked APT MuddyWater is deploying new DCHSpy spyware variants to target Android users amid the ongoing conflict with Israel. Lookout researchers observed Iran-linked APT MuddyWater  (aka SeedWorm, TEMP.Zagros, and Static Kitten) is deploying a new version of the DCHSpy Android spyware in the context of the Israel-Iran conflict. The first MuddyWater campaign was observed in late 2017, when the APT group targeted entities in…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy, Risk Management, Webroot Blog

Back-to-school cyber safety: Parent checklist

Summer is flying by and before you know it, you’ll be buying backpacks and taking first-day-of-school photos. Back-to-school season brings new classes and friends, but it also brings new digital dangers. By the time you’ve dropped your kids off for their first day of class, chances are they’ve already been exposed to their first cyberthreat…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy, Risk Management, Webroot Blog

Back-to-school cyber safety: Parent checklist

Summer is flying by and before you know it, you’ll be buying backpacks and taking first-day-of-school photos. Back-to-school season brings new classes and friends, but it also brings new digital dangers. By the time you’ve dropped your kids off for their first day of class, chances are they’ve already been exposed to their first cyberthreat…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy, Risk Management, Webroot Blog

Back-to-school cyber safety: Parent checklist

Summer is flying by and before you know it, you’ll be buying backpacks and taking first-day-of-school photos. Back-to-school season brings new classes and friends, but it also brings new digital dangers. By the time you’ve dropped your kids off for their first day of class, chances are they’ve already been exposed to their first cyberthreat…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy, Risk Management, Webroot Blog

Back-to-school cyber safety: Parent checklist

Summer is flying by and before you know it, you’ll be buying backpacks and taking first-day-of-school photos. Back-to-school season brings new classes and friends, but it also brings new digital dangers. By the time you’ve dropped your kids off for their first day of class, chances are they’ve already been exposed to their first cyberthreat…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy, Risk Management, Webroot Blog

Back-to-school cyber safety: Parent checklist

Summer is flying by and before you know it, you’ll be buying backpacks and taking first-day-of-school photos. Back-to-school season brings new classes and friends, but it also brings new digital dangers. By the time you’ve dropped your kids off for their first day of class, chances are they’ve already been exposed to their first cyberthreat…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy, Risk Management, Webroot Blog

Back-to-school cyber safety: Parent checklist

Summer is flying by and before you know it, you’ll be buying backpacks and taking first-day-of-school photos. Back-to-school season brings new classes and friends, but it also brings new digital dangers. By the time you’ve dropped your kids off for their first day of class, chances are they’ve already been exposed to their first cyberthreat…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy, Risk Management, Webroot Blog

Back-to-school cyber safety: Parent checklist

Summer is flying by and before you know it, you’ll be buying backpacks and taking first-day-of-school photos. Back-to-school season brings new classes and friends, but it also brings new digital dangers. By the time you’ve dropped your kids off for their first day of class, chances are they’ve already been exposed to their first cyberthreat…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy, Risk Management, Webroot Blog

Back-to-school cyber safety: Parent checklist

Summer is flying by and before you know it, you’ll be buying backpacks and taking first-day-of-school photos. Back-to-school season brings new classes and friends, but it also brings new digital dangers. By the time you’ve dropped your kids off for their first day of class, chances are they’ve already been exposed to their first cyberthreat…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy, Risk Management, Webroot Blog

Back-to-school cyber safety: Parent checklist

Summer is flying by and before you know it, you’ll be buying backpacks and taking first-day-of-school photos. Back-to-school season brings new classes and friends, but it also brings new digital dangers. By the time you’ve dropped your kids off for their first day of class, chances are they’ve already been exposed to their first cyberthreat…

Read more →

Breaking News, data breach, Exploits, Global Security News, hacking, hacking news, malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 54

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape KongTuke FileFix Leads to New Interlock RAT Variant   Code highlighting with Cursor AI for $500,000 Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader Threat Analysis: SquidLoader – Still Swimming Under the…

Read more →

Breaking News, cyber crime, Global Security News, hacking, malware, North America, Security

Authorities released free decryptor for Phobos and 8base ransomware

Japanese police released a free decryptor for Phobos and 8Base ransomware, letting victims recover files without paying ransom. Japanese authorities released a free decryptor for Phobos and 8Base ransomware, allowing victims to recover files without paying. Japanese police released the free decryptor for ransomware families, which was likely built using intel from a recent gang…

Read more →

APT, Breaking News, Cyber warfare, Global Security News, hacking, malware

LameHug: first AI-Powered malware linked to Russia’s APT28

LameHug malware uses AI to create data-theft commands on infected Windows systems. Ukraine links it to the Russia-nexus APT28 group. Ukrainian CERT-UA warns of a new malware strain dubbed LameHug that uses a large language model (LLM) to generate commands to be executed on compromised Windows systems. Ukrainian experts attribute the malware to the Russia-linked…

Read more →

Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, malware

UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

UNC6148 targets SonicWall devices with Overstep malware, using a backdoor and rootkit for data theft, extortion, or ransomware. Google’s Threat Intelligence Group warns that a threat actor tracked as UNC6148 has been targeting SonicWall SMA appliances with new malware dubbed Overstep. Active since at least October 2024, the group uses a backdoor and user-mode rootkit…

Read more →

Global Security News, Guest blog, Law & order, malware, NAS, Ransomware

Police dismantle DiskStation ransomware gang targeting NAS devices, arrest suspected ringleader

Police have struck a blow against the DiskStation ransomware gang which targets Synology NAS devices, and arresting its suspected ringleader. Make sure that you have properly hardened the security of your Network Access Storage devices to reduce the chances of your data being locked up by a ransomware attack. Read more in my article on…

Read more →

Android, Breaking News, cyber crime, Global Security News, malware, Mobile

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

A new Konfety Android malware variant uses a malformed ZIP and obfuscation to evade detection, posing as fake apps with no real functionality. Zimporium zLabs researchers are tracking a new, sophisticated Konfety Android malware variant that uses an “evil-twin” tactic and duplicate package names to avoid detection. The new Konfety malware variants use malformed ZIP,…

Read more →

Breaking News, cyber crime, data breach, Global Security News, hacking, malware

Belk hit by May cyberattack: DragonForce stole 150GB of data

Ransomware group DragonForce claims it attacked U.S. retailer Belk in May, stealing over 150GB of data in a disruptive cyberattack. The infamous Ransomware group DragonForce claimed responsibility for the May disruptive attack on US department store chain Belk. The ransomware gang claimed it had stolen 156 gigabytes of data from Belk. Belk, Inc. is a…

Read more →

APT, Breaking News, Global Security News, hacking, hacking news, malware

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

North Korea-linked hackers uploaded 67 malicious npm packages with XORIndex malware, hitting 17K+ downloads in ongoing supply chain attacks. North Korea-linked threat actors behind the Contagious Interview campaign have uploaded 67 malicious npm packages with XORIndex malware loader, hitting over 17,000 downloads in ongoing supply chain attacks. XORIndex was built to evade detection and deploy…

Read more →

Breaking News, ClickFix, cyber crime, Cybercrime, Emerging Tech, Global Security News, malware

Interlock ransomware group deploys new PHP-based RAT via FileFix

Interlock ransomware group deploys new PHP-based RAT via FileFix (a ClickFix variant) in a widespread campaign targeting multiple industries. The Interlock ransomware group is deploying a new PHP-based variant of the Interlock RAT in a broad campaign. According to researchers from the DFIR Report, in partnership with Proofpoint, it uses a delivery method known as FileFix,…

Read more →

APT, Breaking News, Europe, Global Security News, intelligence, malware

DoNot APT is expanding scope targeting European foreign ministries

DoNot APT, likely an India-linked cyberespionage group, targets European foreign ministries with LoptikMod malware. The DoNot APT group, likely linked to India, has expanded its operations and is targeting European foreign ministries with a new malware, called LoptikMod. The Donot Team (also known as APT-C-35 and Origami Elephant) has been active since 2016, focusing on government entities, foreign…

Read more →

Global Security News, Law & order, malware, Podcast, police, vulnerability

Smashing Security podcast #425: Call of Duty: From pew-pew to pwned

In episode 425 of “Smashing Security”, Graham reveals how “Call of Duty: WWII” has been weaponised – allowing hackers to hijack your entire PC during online matches, thanks to ancient code and Microsoft’s Game Pass. Meanwhile, Carole digs into a con targeting the recently incarcerated, with scammers impersonating bail bond agents to fleece desperate families.…

Read more →

APT, Breaking News, cyber crime, Global Security News, intelligence, malware

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

An Iranian ransomware group, Pay2Key.I2P, has intensified attacks on U.S. and Israeli targets, offering affiliates higher profits. The Iranian ransomware group Pay2Key.I2P is stepping up attacks on U.S. and Israeli targets, luring affiliates with higher profit shares. The ransomware gang is the successor to the original Pay2Key group and experts linked it to the Iran-nexus…

Read more →

Breaking News, Cybercrime, Exploits, Global Security News, hacking, malware, Security

Hackers weaponize Shellter red teaming tool to spread infostealers

Hackers are abusing the legitimate red teaming tool Shellter to spread stealer malware after a licensed copy was leaked. Elastic Security Labs has identified several malware campaigns using the commercial AV/EDR evasion tool SHELLTER. The tool was originally built for legitimate red team operations, however, threat actors have now adopted it to bypass security measures…

Read more →

AI, Apps, Exploits, Global Security News, malware, Network Security, privacy, Risk Management

Advancing Protection in Chrome on Android

Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures. Advanced Protection gives you the ability to activate Google’s strongest security for mobile…

Read more →

AI, Apps, Exploits, Global Security News, malware, Network Security, privacy, Risk Management

Advancing Protection in Chrome on Android

Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures. Advanced Protection gives you the ability to activate Google’s strongest security for mobile…

Read more →

Breaking News, cyber crime, Cybercrime, Global Security News, hacking, malware

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

Hunters International ransomware gang announced its shutdown, citing unspecified “recent developments” and acknowledging its impact. The ransomware group Hunters International announced on its dark web site that it is shutting down, citing “recent developments” without specifying details. The group stated the decision was made after careful consideration and acknowledged the impact on affected organizations. “We,…

Read more →

Breaking News, Cybercrime, data breach, Emerging Tech, Global Security News, malware, Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape 10 Things I Hate About Attribution: RomCom vs. TransferLoader  macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware  Warning Against Distribution of Malware Disguised as Research Papers (Kimsuky Group)  Dissecting Kimsuky’s…

Read more →

APT, Global Security News, hacking, intelligence, malware, Security

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram.…

Read more →

Data loss, Global Security News, Guest blog, Hunters International, malware, Ransomware

Hunters International ransomware group shuts down – but will it regroup under a new guise?

The notorious Hunters International ransomware-as-a-service operation has announced that it has shut down, in a message posted on its dark web leak site. In a statement on its extortion site, the ransomware group says that it has not only “decided to close the Hunters International project” but is also offering free decryption tools to its…

Read more →

Android, Breaking News, Global IT News, Global Security News, hacking, malware, Mobile

A flaw in Catwatchful spyware exposed logins of +62,000 users

A flaw in Catwatchful spyware exposed logins of 62,000 users, turning the spy tool into a data leak, security researcher Eric Daigle revealed. A flaw in the Catwatchful Android spyware exposed its full user database, leaking email addresses and plaintext passwords of both customers and its admin, TechCrunch first reported. Security researcher Eric Daigle first discovered…

Read more →

Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Ransomware Gangs Collapse as Qilin Seizes Control  Dissecting a Python Ransomware distributed through GitHub repositories  SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play   Uncovering a Tor-Enabled Docker Exploit …

Read more →

APT, Asia Pacific, Breaking News, china, Global Security News, intelligence, malware

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

Over 1,000 SOHO devices were hacked in a China-linked spying campaign called LapDogs, forming a covert network to support cyber espionage. Security researchers at SecurityScorecard’s STRIKE team have uncovered a cyber espionage campaign, dubbed LapDogs, involving over 1,000 hacked SOHO (small office/home office) devices. These compromised devices formed a hidden network, called an Operational Relay…

Read more →

APT, Asia Pacific, Breaking News, china, Global Security News, intelligence, malware

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

Over 1,000 SOHO devices were hacked in a China-linked spying campaign called LapDogs, forming a covert network to support cyber espionage. Security researchers at SecurityScorecard’s STRIKE team have uncovered a cyber espionage campaign, dubbed LapDogs, involving over 1,000 hacked SOHO (small office/home office) devices. These compromised devices formed a hidden network, called an Operational Relay…

Read more →