Geek-Guy.com

Tag: malware

AI, Exploits, Global Security News, malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer   Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware   Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations   Divide and conquer: how the new Keenadu backdoor exposed links…

Read more →

AI, Exploits, Global Security News, malware, Network Security

PromptSpy abuses Gemini AI to gain persistent access on Android

PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity…

Read more →

AI, Cybersecurity, Global Security News, malware

PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence

Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google’s generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence. The malware has been codenamed PromptSpy by ESET. The malware is equipped to capture lockscreen data, block uninstallation efforts, gather device information, take screenshots,

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Network Security

WatchGuard: New Malware Variants Surge 1,500% in H2 2025

A new report from WatchGuard Technologies reveals that unique malware detections on endpoints skyrocketed by 1,548% in the second half of 2025, even as overall malware volume dipped slightly.  Internet Security Report findings suggest threat actors are bypassing traditional defense The findings, published in the company’s H2 2025 Internet Security Report, highlight a sharp pivot…

Read more →

AI, Apps, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia

Keenadu: Android malware that comes preinstalled and can’t be removed by users

There’s too little a user can do when hit with a complex Android malware that comes preinstalled on their new smartphone or tablet. Security researchers at Kaspersky have flagged a multifaceted Android malware dubbed Keenadu that can ship preinstalled via device firmware, compromising users before they even complete setup. “Keenadu serves as a reminder that…

Read more →

AI, Exploits, Global Security News, malware

Tracking Malware Campaigns With Reused Material, (Wed, Feb 18th)

A few days ago I wrote a diary called “Malicious Script Delivering More Maliciousness”[1]. In the malware infection chain, there was a JPEG picture that embedded the last payload delimited with “BaseStart-” and “-BaseEnd” tags. Today, I discovered anoher campaign that relies exactly on the same technique. It started with an attachment called “TELERADIO_IB_OBYEKTLRIN_BURAXILIS_FORMASI.xIs” (SHA256:1bf3ec53ddd7399cdc1faf1f0796c5228adc438b6b7fa2513399cdc0cb865962).…

Read more →

AI, china, Global Security News, malware, Network Security

SmartLoader hackers clone Oura MCP project to spread StealC malware

Hackers used a fake Oura MCP server to trick users into downloading malware that installs the StealC info-stealer. Straiker’s AI Research (STAR) Labs team uncovered a SmartLoader campaign in which attackers cloned a legitimate MCP server linked to Oura Health to spread the StealC information stealer. The fake project appeared credible, complete with bogus forks…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

Infostealers Target OpenClaw AI Configuration Files

Infostealer malware is expanding beyond traditional browser and banking credential theft to target personal AI assistant environments. Researchers at Hudson Rock recently identified a live infection in which attackers exfiltrated a victim’s OpenClaw configuration files, including authentication tokens, cryptographic keys, and stored contextual data used by the AI agent. “While the malware may have been…

Read more →

AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security, privacy, Risk Management

LATAM Businesses Hit by XWorm via Fake Financial Receipts: Full Campaign Analysis 

Malware campaigns targeting Latin America (LATAM) are evolving. While the final payloads, often commodity RATs like XWorm, remain consistent, delivery mechanisms are becoming increasingly sophisticated to bypass region-specific defenses and increase the chance of reaching real business users.  In this analysis, we dissect a recent campaign targeting Brazilian users. What starts as a deceptive “banking receipt” quickly turns into a multi-stage…

Read more →

AI, Global Security News, malware

REMnux v8 brings AI integration to the Linux malware analysis toolkit

REMnux, a specialized Linux distribution for malware analysis, has released version 8 with a rebuilt platform based on Ubuntu 24.04 and a new capability aimed at connecting AI agents directly to its toolset. REMnux is designed for analyzing malicious software, phishing artifacts, suspicious documents, and related forensic data. The project includes more than 200 preconfigured…

Read more →

AI, Global Security News, malware, Russia

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT Breaking Down ZeroDayRAT – New Spyware Targeting Android and iOS Old-School IRC, New Victims: Inside the Newly Discovered SSHStalker Linux Botnet   Reynolds: Defense Evasion Capability…

Read more →

AI, CISO, Don't miss, features, Global Security News, Hot stuff, malware, News

When security decisions come too late, and attackers know it

In this Help Net Security, Chris O’Ferrell, CEO at CodeHunter, talks about why malware keeps succeeding, where attackers insert malicious code in the SDLC, and how CI/CD pipelines can become a quiet entry point. He also breaks down the difference between behavioral detection and behavioral intent analysis, and why explainable results matter for security teams.…

Read more →

AI, Global Security News, Industry News, malware, Risk Management

CodeHunter expands behavioral intent analysis to secure the software supply chain

CodeHunter is expanding its behavioral intent technology beyond traditional malware analysis to address supply chain risk and security decision-making across the software development lifecycle (SDLC). According to a recent Gartner report, “software supply chains transcend organizational boundaries and consist of external entities in addition to internal systems.” Gartner also warns that “improper artifact integrity validation…

Read more →

AI, Global Security News, malware

Vorgetäuschte PDFs bergen neue Gefahren

loading=”lazy” width=”400px”>Cyberkriminelle verschicken ihre Malware als PDF-Dateien getarnt. IDG Der Security-Anbieter Malwarebytes hat kürzlich vor einer besonders perfiden Phishing-Kampagne gewarnt. Die Angreifer tarnen dabei ihre Malware als gewöhnliches PDF-Dokument. Mitarbeiter sind es gewohnt, Bestellungen oder Rechnungen im PDF-Format zu erhalten. Daher ist es sehr wahrscheinlich, dass die schädlichen Dateien geöffnet werden. Klickt ein Mitarbeiter auf…

Read more →

AI, Exploits, Global Security News, malware

⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted…

Read more →

AI, Breaking News, china, Cybercrime, data breach, Global Security News, hacking, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting   ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia   Analyzing Dead#Vax: Analyzing Multi-Stage VHD…

Read more →

AI, Breaking News, china, Cybercrime, data breach, Global Security News, hacking, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting   ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia   Analyzing Dead#Vax: Analyzing Multi-Stage VHD…

Read more →

AI, Breaking News, china, Cybercrime, data breach, Global Security News, hacking, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting   ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia   Analyzing Dead#Vax: Analyzing Multi-Stage VHD…

Read more →

cyberattack, Don't miss, Endpoint, Global Security News, Hot stuff, malware, News

Why a decade-old EnCase driver still works as an EDR killer

Attackers are leaning on a new EDR killer malware that can shut down 59 widely used endpoint security products by misusing a kernel driver that once shipped with Guidance Software’s EnCase digital forensics tool, Huntress researchers warn. This particular driver is legitimate but its certificate expired and was revoked more than ten years ago. Even…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, News, Risk Management, Threats, trends

Flare Report: Infostealers Are Fueling Enterprise Identity Attacks

Once largely associated with consumer credential theft, infostealer malware is increasingly impacting enterprises.  New research from Flare shows that a rising percentage of infections now expose enterprise Single Sign-On (SSO) and identity provider credentials, creating direct risk for corporate systems, cloud environments, and SaaS platforms. “We’re seeing fewer infections overall, but far higher yield per…

Read more →

AI, API security, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

When your AI Assistant Becomes the Attacker’s Command-and-Control

Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. The discovery has drawn significant attention within the cybersecurity community. Security teams can no longer focus solely on endpoint malware. Attackers are weaponizing public and legitimate AI assistant APIs and defenders must adjust.…

Read more →