Skip to main content

Tag: infostealer

61 articles

Person sitting at desk with obscured hands and blurred computer screen.

ClickLock Malware Targets macOS Users with Coercive Password Theft Tactic

Beware: a new malware called ClickLock is coercing macOS users into handing over their login passwords by rendering their desktop unusable until they comply. This sneaky tactic has already hit at least 100 targets across 33 countries since May.

Analyst 207
Cluttered home office desk with Mac computer and software on screen.

MacOS Malware Exploits Legitimate Developer ID to Steal Login Credentials

Researchers at Jamf Threat Labs uncovered a sneaky new macOS malware, dubbed CrashStealer, that uses a clever disguise to steal sensitive login credentials and other personal data. This cunning malware masquerades as a legitimate Apple component to quietly harvest its victims' information.

Analyst 207
Cluttered home office desk with Mac computer displaying fake CrashReporter window.

Malware Disguises as Apple Tool to Steal macOS Credentials

Beware of a sneaky malware that's masquerading as a legitimate Apple tool to steal your macOS credentials! This malicious software, known as CrashStealer, can infiltrate your password managers and even target over 80 browser-based cryptocurrency wallets.

Analyst 207
Brightly-lit sports facility with subtle computer hint, and staff in background.

Infostealer Infection Enables Argentine FA Breach

A single compromised computer with high-level access likely gave hackers the keys to the Argentine Football Association's database and internal email system, thanks to an infostealer infection that went undetected for months. The breach, traced back to September 8, 2025, highlights the devastating impact of a simple infection on a high-privilege machine.

Analyst 207
Developer workstation with laptop and terminal in a shared office space with cityscape background.

Compromised jscrambler NPM Package Drops Rust Infostealer

A malicious version of the jscrambler NPM package, 8.14.0, was published on July 11, 2026, and could silently infect your system with a Rust-based infostealer just by installing it, no extra steps required. Merely running the install command was enough to trigger the payload on vulnerable systems.

Analyst 207
Microsoft Disrupts Dual Cybercrime Tools in Novel Court Takedown

Microsoft Disrupts Dual Cybercrime Tools in Novel Court Takedown

In a groundbreaking move, Microsoft led a global effort to dismantle two notorious cybercrime tools, Amadey and StealC, used by hackers to infect over 140,000 computers worldwide in just one week. This bold takedown marks a significant win in the fight against cybercrime.

Analyst 207
Law enforcement officers in a cybersecurity operation room surrounded by computer screens and network equipment.

Europol Operation Disrupts StealC and Amadey Infostealers

In a major win for cybersecurity, a coordinated international effort has dismantled the operations of two notorious malware families, StealC and Amadey, freezing a whopping €41m in crypto assets of criminal origin. This significant disruption was made possible through the collaboration of Europol, Germany's Federal Criminal Police Office, J-CAT, and Eurojust.

Analyst 207
Mac computer on cluttered desk with Terminal app open, displaying blurred commands.

MacOS ClickFix Attack Exploits Terminal Commands to Spread Infostealer

Beware of a sneaky new attack on macOS, known as ClickFix, that tricks you into pasting a Terminal command, allowing hackers to silently download and launch info-stealing malware on your device. This cleverly crafted scam starts with a fake CAPTCHA page, convincing victims to unwittingly give attackers a backdoor to their sensitive data.

Analyst 207
Cramped, dimly lit room with cluttered desk, laptop, and scattered papers, surrounded by old computer equipment.

Threat Actors Monetize Stolen Credentials with Searchable Underground Services

Cybercriminals are cashing in on stolen credentials with a new breed of underground services that allow buyers to search and purchase specific, verified login details. This emerging market acts as a middleman between hackers who steal sensitive info and those who want to use it to take over accounts.

Analyst 207
Network equipment and servers in a server room with blinking lights and laptop screens in the foreground.

Fortinet Firewalls Compromised in Massive Password-Stealing Attack

A massive password-stealing attack has compromised around 75,000 Fortinet firewall devices, putting credentials of major corporations across 194 countries at risk and leaving a trail of full network compromises in its wake. The breach, dubbed FortiBleed, has created a verified database of working credentials for some of the world's largest enterprises, threatening nearly every sector of the global economy.

Analyst 207
A cluttered home office workspace with an open laptop showing a terminal window, surrounded by papers and coffee cups.

Malware Exploits Arch Linux Packages to Spread Rootkit, Infostealer

Over 400 Arch Linux packages were compromised in a shocking discovery, distributing a sneaky Linux rootkit and infostealer to unsuspecting users through the Arch User Repository (AUR). A cleverly spoofed maintainer account was used to modify the packages and download malicious code.

Analyst 207
Darkened underground digital marketplace with rows of screens displaying abstract data.

Cyberattacks Expose AI Agents' Vulnerability to Phishing Risks

A staggering 3.3 billion identity records are now circulating on illicit markets, thanks to a whopping 11.1 million devices infected with infostealers last year - a digital threat landscape that's more vulnerable than ever. This alarming trend highlights the urgent need for robust protection against AI agents' vulnerability to phishing risks.

Analyst 207
Smartphone with social media interface on screen surrounded by fake software packaging in a dimly lit room.

TikTok Tutorials Spread Vidar Stealer via Fake Software Lures

Cybercriminals are using TikTok and Instagram Reels to spread the Vidar infostealer by disguising it as free software tutorials, tricking viewers into downloading malware. By reporting these accounts, users can help take them down and slow down the attackers' momentum.

Analyst 207
A laptop with a blank screen sits amidst scattered papers and generic development tools in a well-lit workspace.

IronWorm Malware Infects 36 npm Packages in Supply-Chain Attack

Meet IronWorm, a sneaky Rust-based infostealer that's infected 36 npm packages, putting a wide range of sensitive credentials and secrets at risk of being harvested. This stealthy malware operates undetected, targeting everything from AWS and OpenAI credentials to cryptocurrency wallet files.

Analyst 207
Child's bedroom with Minecraft bedspread and gaming setup, laptop screen showing blurred game environment.

WeedHack Malware Infects 116,000 Minecraft Systems Worldwide

A massive malware campaign, dubbed WeedHack, has infected a staggering 116,464 Minecraft systems worldwide since January, with a whopping 2,000 to 3,000 new infections occurring daily. The widespread attack has hit the US, Germany, India, and the UK the hardest.

Analyst 207
Cluttered computer terminal room with cables and equipment, laptop in center, faint GitHub logo on blurred screen.

AI-Generated Malware Exposes Operator's GitHub Token

A malicious npm package, disguised as a harmless sync utility called "mouse5212-super-formatter", was downloaded 676 times before it was caught stealing sensitive data and exposing its creator's GitHub token. This AI-generated malware cleverly hid its true intentions, uploading stolen files to a fake repository and covering its tracks.

Analyst 207
Office worker's desk with laptop, purchase order, and suspicious files.

PureLogs Infostealer Exploits Purchase Order Phishing Lures

Beware of purchase order phishing scams that can deliver a powerful infostealer, capable of stealing sensitive credentials and cryptocurrency keys, via a simple yet cleverly disguised email with a malicious RAR attachment. Even security software can be fooled, as one campaign was only flagged as a threat after it was already sent.

Analyst 207
Law enforcement briefing room with laptop, papers, and blurred emblem on the wall.

Ukraine Cracks Down on Infostealer Operator Linked to 28,000 Stolen Accounts

Ukrainian cyberpolice, in collaboration with US law enforcement, have cracked down on an 18-year-old suspect behind a massive infostealer malware campaign that compromised 28,000 accounts, with over 5,800 used for fraudulent activities. The suspect allegedly ran the operation, selling stolen session data from a California online store between 2024 and 2025.

Analyst 207
Cluttered home office desk with Mac laptop showing AppleScript code and fake app installer in background.

SHub Infostealer Variant Reaper Exploits macOS Security Updates

Researchers at SentinelOne have uncovered a sneaky new variant of the SHub macOS infostealer, called Reaper, which cleverly bypasses Apple's latest security updates by using a malicious AppleScript to trick users. This crafty malware uses fake installers to lure victims in, making it a serious threat to macOS users.

Analyst 207
Blurred computer screen amidst software development environment with hint of unease.

Shai-Hulud Malware Fuels npm Infostealer Campaign

Malicious actors have unleashed a new wave of chaos with the Shai-Hulud malware, using typosquatting tactics to spread four malicious npm packages that can steal sensitive info and wreak havoc on systems. The packages, published under the account deadcode09284814, masquerade as legitimate tools, but are actually designed to siphon off credentials, cloud configs, and more.

Analyst 207
Software development workspace with laptop, terminal windows, coding notes, and empty coffee cups in a neutral office…

Malicious npm Packages Deliver Infostealers and DDoS Malware

Researchers uncovered malicious npm packages, including one that was essentially a clone of the notorious Shai-Hulud worm, which was uploaded with its own command-and-control server and private key, ready to steal credentials and wreak havoc. This alarming discovery highlights the growing threat of malicious packages on npm.

Analyst 207
Dimly lit, cluttered room with computer and stacks of dusty papers.

REMUS Infostealer Targets Session Theft, Password Managers

Meet REMUS Infostealer, a rapidly evolving threat that's been making waves in the underground scene since February 2026, with its operators boasting a staggering 90% callback rate thanks to top-notch crypting and a dedicated server. This infostealer has quickly become a commercialized and professionalized menace, with a flurry of updates, features, and customer communications flooding the dark web.

Analyst 207
Jenkins plugin page on a computer screen shows a warning message with a blurred software development workspace background.

Checkmarx Plugin Compromised with Infostealer in Supply-Chain Attack

A rogue version of Checkmarx's Jenkins Application Security Testing plugin was compromised by the TeamPCP hacker group, who left a taunting message in the about section, claiming another supply-chain attack success. The group has been linked to a string of similar breaches, delivering credential-stealing malware.

Analyst 207
Person sitting in dark room with laptop showing fake login prompt and nearby smartphone and torn paper with credentials.

macOS ClickFix Attacks Harvest Credentials via AppleScript Stealers

macOS users beware: a sneaky ClickFix campaign is using AppleScript stealers to harvest credentials from 14 browsers, 16 cryptocurrency wallets, and over 200 extensions. This targeted attack has already made off with a staggering amount of sensitive info - and it's still on the loose.

Analyst 207