Geek-Guy.com

Tag: malware

AI, Global Security News, malware, Network Security

Chaos malware expands from routers to Linux cloud servers

Chaos, Go-based malware first documented by Lumen’s Black Lotus Labs, has historically targeted routers and edge devices. A new variant observed in March 2026 shows the malware operating against misconfigured Linux cloud servers, a category of infrastructure the botnet had not previously prioritized. Darktrace’s malware research team documented the compromise through its CloudyPots program, a…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka   Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government RoadK1ll: A WebSocket Based Pivoting Implant    axios Compromised: npm Supply Chain Attack via Dependency Injection  …

Read more →

AI, Global Security News, malware, Russia

CrystalX RAT: new MaaS malware combines spyware, stealer, and remote access

CrystalX RAT, a new sophisticated MaaS malware, combines spyware, data theft, and remote access, allowing attackers to monitor victims. In March 2026, Kaspersky researchers uncovered a Telegram-based campaign promoting a previously unknown malware sold as a MaaS with three subscription tiers. The Trojan offers a wide range of features, including RAT capabilities, data theft, keylogging,…

Read more →

Cybersecurity, Global Security News, malware

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery services, while

Read more →

AI, Global Security News, Government & Policy, malware, Russia

Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing

Threat actors impersonated CERT-UA to send phishing emails with AGEWHEEZE malware, tricking victims into installing a fake “security tool.” A threat actor, tracked as UAC-0255, impersonated CERT-UA in a phishing campaign, sending emails to about 1 million users. The messages urged victims to download a password-protected archive from Files.fm and install a fake “specialized software,”…

Read more →

AI, Compliance, Cybersecurity, Global Security News, malware, Network Security, Risk Management

From Reactive to Proactive: 5 Steps to SOC Maturity with Threat Intelligence 

Reaching a higher level of SOC maturity takes better, more consistent decision-making during malware and phishing investigation.  This requires a shift in how threat intelligence is used: not as a reference point, but as a core layer in the decision process.  Moving from reactive to confidently proactive security means establishing a threat intelligence workflow that: Solve key challenges, from alert fatigue to blind spots  Integrate across SOC workflows, supporting them  Deliver compounding…

Read more →

AI, Compliance, Cybersecurity, Global Security News, malware, Network Security, Risk Management

From Reactive to Proactive: 5 Steps to SOC Maturity with Threat Intelligence 

Reaching a higher level of SOC maturity takes better, more consistent decision-making during malware and phishing investigation.  This requires a shift in how threat intelligence is used: not as a reference point, but as a core layer in the decision process.  Moving from reactive to confidently proactive security means establishing a threat intelligence workflow that: Solve key challenges, from alert fatigue to blind spots  Integrate across SOC workflows, supporting them  Deliver compounding…

Read more →

AI, Exploits, Global Security News, malware

WhatsApp malware campaign uses malicious VBS files to gain persistent access

Microsoft is warning WhatsApp users of a new malware campaign that tricks them into executing malicious Visual Basic Script (VBS) files, ultimately enabling persistence and remote access. In a March 31 report, Microsoft Defender Experts said attackers have been distributing malicious Visual Basic Script (VBS) files through WhatsApp since at least late February, relying on…

Read more →

AI, Cybersecurity, Global Security News, malware

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admin utilities to move laterally, escalate privileges, and persist without raising…

Read more →

AI, Endpoint, Global Security News, malware

Malware detectors trained on one dataset often stumble on another

Machine learning models built to catch malware on Windows systems are typically evaluated on data that closely resembles their training set. In practice, the malware arriving on enterprise endpoints looks different, comes from different sources, and in many cases has been deliberately obfuscated to evade detection. A study from researchers at the Polytechnic of Porto…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, malware

Attack on axios software developer tool threatens widespread compromises

A hacker briefly delivered malware this week through a popular open-source project for software developers that has an estimated 100 million weekly downloads, raising the possibility of compromises spreading widely through a supply-chain attack. Axios is a JavaScript client library used in web requests. The unknown attacker hijacked the npm account — npm being a…

Read more →

AI, Cybersecurity, Global Security News, malware

Cybersecurity jobs available right now: March 31, 2026

Android Malware Research Director Alice | Israel | On-site – View job details As an Android Malware Research Director, you will establish operational processes, workflows, and quality standards for the team, while integrating the function into existing infrastructure. You will act as the primary client interface, managing relationships, presenting research findings, and ensuring client satisfaction.…

Read more →

AI, china, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security

China-Linked groups target Southeast Asian government with advanced malware in 2025

China-linked groups hit a Southeast Asian government in 2025, deploying multiple malware families in a sophisticated cyber campaign. In 2025, three China-linked threat clusters targeted a Southeast Asian government in a complex, well-funded cyber operation. Threat actors deployed numerous malware types, including HIUPAN, PUBLOAD, EggStremeFuel/Loader, MASOL RAT, PoshRAT, TrackBak Stealer, Hypnosis Loader, and FluffyGh0st, showing…

Read more →

AI, Global Security News, malware

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. “It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,” ReliaQuest researchers…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 90

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape New Malware Targets Users of Cobra DocGuard Software   Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets   Trivy Supply Chain Attack Expands to Compromised Docker Images   VoidStealer: Debugging Chrome to Steal…

Read more →

GeekGuyBlog

The Erosion of Endpoint Security: How AI Coding Tools are Reshaping Cybersecurity

In a startling revelation, cybersecurity experts have noted that AI coding tools have significantly undermined the effectiveness of endpoint security systems. This shift, identified by researcher Dr. Emily Carter, has raised alarms across the industry, prompting discussions about the vulnerabilities that these advanced AI technologies present. The trend emerged prominently throughout 2023, as companies worldwide…

Read more →

AI, Apps, Global Security News, malware

New ‘StoatWaffle’ malware auto‑executes attacks on developers

A newly disclosed malware strain dubbed “StoatWaffle” is giving fresh teeth to the notorious, developer-targeting “Contagious Interview” threat campaign. According to NTT Security findings, the malware marks an evolution from the long-running campaign’s user-triggered execution to a near-frictionless compromise embedded directly in developer workflows. Attackers are using blockchain-themed project repositories as decoys, embedding a malicious…

Read more →

AI, Global Security News, malware

GitHub-hosted malware campaign uses split payload to evade detection

A large-scale malware delivery campaign has been targeting developers, gamers, and general users through fake tools hosted on GitHub, Netskope researchers have warned. These “lures” are highly polished and appear legitimate, occasionally mimicking real projects, thus making them difficult to distinguish from safe software. A dual-component trojan is delivered Netskope threat researchers first discovered a…

Read more →

AI, Cloud Security, Global Security News, malware

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below – checkmarx/ast-github-action checkmarx/kics-github-action Cloud security

Read more →

AI, Global Security News, malware

North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware

North Korea-linked threat actors use VS Code auto-run tasks to spread StoatWaffle malware via malicious projects that execute on folder open. North Korea-linked threat actor Team 8 behind the Contagious Interview campaign is spreading StoatWaffle malware through malicious Microsoft Visual Studio Code projects. Since late 2025, they have abused the “tasks.json” auto-run feature in Microsoft…

Read more →

AI, Data Breaches, Global Security News, Government & Policy, malware, Russia

FBI: Iranian hackers targeting opponents with Telegram malware

Iranian government-connected groups are deploying malware via the Telegram messaging app, taking aim at dissidents and other opponents of Tehran around the world, the FBI said in an alert Friday. The FBI said attackers linked to the Ministry of Intelligence and Security are behind the campaign, which stretches back to 2023. The bureau is escalating…

Read more →

AI, Data Breaches, Exploits, Global Security News, malware, Risk Management

44 Aqua Security repositories defaced after Trivy supply chain breach

Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on Docker Hub linked to a supply chain attack. Versions 0.69.4–0.69.6, now removed, contained TeamPCP infostealer code. Suspicious tags were pushed without matching GitHub releases, increasing the risk to developers using compromised container images.…

Read more →

AI, Apps, Global Security News, malware, Risk Management

Iran-linked actors use Telegram as C2 in malware attacks on dissidents

Iran-linked actors use Telegram as C2 to spread malware targeting dissidents and journalists, enabling surveillance and data theft. The FBI warns that Iran’s Ministry of Intelligence and Security (MOIS) runs cyber campaigns using Telegram as a command-and-control infrastructure to deliver malware. Threat actors target Iranian dissidents, journalists, and opposition groups worldwide. Once deployed, the malware…

Read more →

AI, china, Exploits, Global Security News, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware – malware analysis   DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation AI Coding Tools Under Fire:…

Read more →

Cybersecurity, Global Security News, malware

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. “Speagle is designed to surreptitiously harvest sensitive information from infected computers and transmit it to a Cobra DocGuard server that has been compromised by the attackers, masking the data exfiltration process as legitimate

Read more →

AI, Cybersecurity, Global Security News, malware

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have disclosed a new Android malware family called Perseus that’s being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a “more flexible and capable platform” for compromising Android devices…

Read more →

AI, Global Security News, malware

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. “The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by appending obfuscated code to files like setup.py, main.py, and app.py,”…

Read more →

AI, Exploits, Global Security News, malware, Russia

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 88

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit From JavaScript  ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered via Bincrypter-Based Loader New A0Backdoor Linked to…

Read more →

AI, Global Security News, malware, Network Security, Risk Management

AI-assisted Slopoly malware powers Hive0163’s ransomware campaigns

The Hive0163 group used AI-assisted malware called Slopoly to maintain persistent access in ransomware attacks. IBM X-Force researchers report that the financially motivated group Hive0163 is using AI-assisted malware named Slopoly to maintain persistent access during ransomware attacks, showing how threat actors can quickly build new malware frameworks using AI. Hive0163 is a threat actor…

Read more →

AI, Cybersecurity, Global Security News, malware

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that’s written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem. The malware, which is designed to infect Windows systems and was first discovered last month, has been codenamed VENON by Brazilian

Read more →

AI, Cybersecurity, Global Security News, malware

Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks

Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163. “Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used…

Read more →

Cybersecurity, Global Security News, malware

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud. The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT. PixRevolution, according to

Read more →

AI, Apps, Global Security News, Government & Policy, malware

BeatBanker malware targets Android users with banking Trojan and crypto miner

BeatBanker Android malware spreads through fake Starlink apps on websites imitating Google Play Store, hijacking devices, stealing credentials, and mining crypto. A new Android malware called BeatBanker spreads through fake Starlink apps distributed on websites posing as the Google Play Store. Once installed, it hijacks devices, steals login credentials, tampers with cryptocurrency transactions, and secretly…

Read more →

AI, Exploits, Global Security News, malware, Network Security, Risk Management

KadNap bot compromises 14,000+ devices to route malicious traffic

KadNap malware infects 14,000+ edge devices, mainly Asus routers, turning them into a stealth proxy botnet used to route malicious internet traffic. KadNap malware infects more than 14,000 edge devices, mainly ASUS routers, and turns them into a proxy botnet used to route malicious traffic. First detected in August 2025, the campaign heavily targets the…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Russia

APT28 conducts long-term espionage on Ukrainian forces using custom malware

APT28 used BEARDSHELL and COVENANT malware to spy on Ukrainian military personnel, enabling long-term surveillance since April 2024. The Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has used BEARDSHELL and COVENANT malware to conduct long-term surveillance of Ukrainian military personnel. According to ESET, the campaign began in April 2024 and relies on…

Read more →

AI, Apps, Europe, Global Security News, Government & Policy, malware, Network Security, privacy, Russia

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 87

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malware Reverse Engineering is no longer a human problem!   StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer   Inside a fake Google security check that becomes a browser RAT   SloppyLemming…

Read more →

AI, Cybersecurity, Global Security News, malware

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is…

Read more →

AI, Global Security News, Government & Policy, malware, Russia

Russian APT targets Ukraine with BadPaw and MeowMeow malware

Researchers uncovered a Russian campaign targeting Ukrainian entities with new malware families BadPaw and MeowMeow delivered through phishing emails. Researchers reported a phishing campaign linked to Russia that targets Ukrainian organizations using two new malware families, BadPaw and MeowMeow. The attack chain begins with a phishing email carrying a link to a ZIP archive. When…

Read more →

AI, Global Security News, malware, Risk Management

That attractive online ad might be a malware trap

Malware increasingly travels through the infrastructure that delivers online advertising. The Media Trust’s Global Report on Digital Trust, Ad Integrity, and the Protection of People describes a digital ad ecosystem where scam campaigns, malicious redirects, and malware delivery appear alongside marketing traffic. The financial impact of these threats continues to grow. Estimated consumer and business…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

Chrome Extension Hijacked to Push ClickFix Malware

A once-trusted Chrome extension with thousands of users was quietly transformed into a malware delivery vehicle, exposing how quickly browser add-ons can become security liabilities.  QuickLens – Search Screen with Google Lens was removed from the Chrome Web Store after researchers discovered it had been updated to deploy ClickFix attacks and steal cryptocurrency wallet data. …

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security

APT37 combines cloud storage and USB implants to infiltrate air-gapped systems

North Korea-linked APT 37 used Zoho WorkDrive and USB malware to breach air-gapped networks in the Ruby Jumper campaign. North Korean group ScarCruft (aka APT37, Reaper, and Group123) deployed new tools in a campaign dubbed Ruby Jumper, using a backdoor that leverages Zoho WorkDrive for C2 and a USB-based implant to breach air-gapped systems. Zscaler ThreatLabz…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 86

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Technical Deep Dive: The Monero Mining Campaign Operation Olalampo: Inside MuddyWater’s Latest Campaign   VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)   Operation MacroMaze: new APT28 campaign using basic tooling and legit…

Read more →

AI, Global Security News, malware

Varist Hybrid Detection Engine protects against AI-assisted malware

Varist launched the Hybrid Detection Engine, creating an AI-scale malware detection solution that detects both known and zero-day threats. Built on proven technology used to perform more than 500 billion file scans per day for global customers, the Varist solution surpasses conventional detection by scanning every file and simulating suspicious components in real time. By…

Read more →

AI, Endpoint, Europe, Exploits, Global Security News, Government & Policy, malware, Russia

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data…

Read more →