Tag: infostealer
61 articles

ClickLock Malware Targets macOS Users with Coercive Password Theft Tactic
Beware: a new malware called ClickLock is coercing macOS users into handing over their login passwords by rendering their desktop unusable until they comply. This sneaky tactic has already hit at least 100 targets across 33 countries since May.

MacOS Malware Exploits Legitimate Developer ID to Steal Login Credentials
Researchers at Jamf Threat Labs uncovered a sneaky new macOS malware, dubbed CrashStealer, that uses a clever disguise to steal sensitive login credentials and other personal data. This cunning malware masquerades as a legitimate Apple component to quietly harvest its victims' information.

Malware Disguises as Apple Tool to Steal macOS Credentials
Beware of a sneaky malware that's masquerading as a legitimate Apple tool to steal your macOS credentials! This malicious software, known as CrashStealer, can infiltrate your password managers and even target over 80 browser-based cryptocurrency wallets.

Infostealer Infection Enables Argentine FA Breach
A single compromised computer with high-level access likely gave hackers the keys to the Argentine Football Association's database and internal email system, thanks to an infostealer infection that went undetected for months. The breach, traced back to September 8, 2025, highlights the devastating impact of a simple infection on a high-privilege machine.

Compromised jscrambler NPM Package Drops Rust Infostealer
A malicious version of the jscrambler NPM package, 8.14.0, was published on July 11, 2026, and could silently infect your system with a Rust-based infostealer just by installing it, no extra steps required. Merely running the install command was enough to trigger the payload on vulnerable systems.

Microsoft Disrupts Dual Cybercrime Tools in Novel Court Takedown
In a groundbreaking move, Microsoft led a global effort to dismantle two notorious cybercrime tools, Amadey and StealC, used by hackers to infect over 140,000 computers worldwide in just one week. This bold takedown marks a significant win in the fight against cybercrime.

Europol Operation Disrupts StealC and Amadey Infostealers
In a major win for cybersecurity, a coordinated international effort has dismantled the operations of two notorious malware families, StealC and Amadey, freezing a whopping €41m in crypto assets of criminal origin. This significant disruption was made possible through the collaboration of Europol, Germany's Federal Criminal Police Office, J-CAT, and Eurojust.

MacOS ClickFix Attack Exploits Terminal Commands to Spread Infostealer
Beware of a sneaky new attack on macOS, known as ClickFix, that tricks you into pasting a Terminal command, allowing hackers to silently download and launch info-stealing malware on your device. This cleverly crafted scam starts with a fake CAPTCHA page, convincing victims to unwittingly give attackers a backdoor to their sensitive data.

Threat Actors Monetize Stolen Credentials with Searchable Underground Services
Cybercriminals are cashing in on stolen credentials with a new breed of underground services that allow buyers to search and purchase specific, verified login details. This emerging market acts as a middleman between hackers who steal sensitive info and those who want to use it to take over accounts.

Fortinet Firewalls Compromised in Massive Password-Stealing Attack
A massive password-stealing attack has compromised around 75,000 Fortinet firewall devices, putting credentials of major corporations across 194 countries at risk and leaving a trail of full network compromises in its wake. The breach, dubbed FortiBleed, has created a verified database of working credentials for some of the world's largest enterprises, threatening nearly every sector of the global economy.

Malware Exploits Arch Linux Packages to Spread Rootkit, Infostealer
Over 400 Arch Linux packages were compromised in a shocking discovery, distributing a sneaky Linux rootkit and infostealer to unsuspecting users through the Arch User Repository (AUR). A cleverly spoofed maintainer account was used to modify the packages and download malicious code.

Cyberattacks Expose AI Agents' Vulnerability to Phishing Risks
A staggering 3.3 billion identity records are now circulating on illicit markets, thanks to a whopping 11.1 million devices infected with infostealers last year - a digital threat landscape that's more vulnerable than ever. This alarming trend highlights the urgent need for robust protection against AI agents' vulnerability to phishing risks.

TikTok Tutorials Spread Vidar Stealer via Fake Software Lures
Cybercriminals are using TikTok and Instagram Reels to spread the Vidar infostealer by disguising it as free software tutorials, tricking viewers into downloading malware. By reporting these accounts, users can help take them down and slow down the attackers' momentum.

IronWorm Malware Infects 36 npm Packages in Supply-Chain Attack
Meet IronWorm, a sneaky Rust-based infostealer that's infected 36 npm packages, putting a wide range of sensitive credentials and secrets at risk of being harvested. This stealthy malware operates undetected, targeting everything from AWS and OpenAI credentials to cryptocurrency wallet files.

WeedHack Malware Infects 116,000 Minecraft Systems Worldwide
A massive malware campaign, dubbed WeedHack, has infected a staggering 116,464 Minecraft systems worldwide since January, with a whopping 2,000 to 3,000 new infections occurring daily. The widespread attack has hit the US, Germany, India, and the UK the hardest.

AI-Generated Malware Exposes Operator's GitHub Token
A malicious npm package, disguised as a harmless sync utility called "mouse5212-super-formatter", was downloaded 676 times before it was caught stealing sensitive data and exposing its creator's GitHub token. This AI-generated malware cleverly hid its true intentions, uploading stolen files to a fake repository and covering its tracks.

PureLogs Infostealer Exploits Purchase Order Phishing Lures
Beware of purchase order phishing scams that can deliver a powerful infostealer, capable of stealing sensitive credentials and cryptocurrency keys, via a simple yet cleverly disguised email with a malicious RAR attachment. Even security software can be fooled, as one campaign was only flagged as a threat after it was already sent.

Ukraine Cracks Down on Infostealer Operator Linked to 28,000 Stolen Accounts
Ukrainian cyberpolice, in collaboration with US law enforcement, have cracked down on an 18-year-old suspect behind a massive infostealer malware campaign that compromised 28,000 accounts, with over 5,800 used for fraudulent activities. The suspect allegedly ran the operation, selling stolen session data from a California online store between 2024 and 2025.

SHub Infostealer Variant Reaper Exploits macOS Security Updates
Researchers at SentinelOne have uncovered a sneaky new variant of the SHub macOS infostealer, called Reaper, which cleverly bypasses Apple's latest security updates by using a malicious AppleScript to trick users. This crafty malware uses fake installers to lure victims in, making it a serious threat to macOS users.

Shai-Hulud Malware Fuels npm Infostealer Campaign
Malicious actors have unleashed a new wave of chaos with the Shai-Hulud malware, using typosquatting tactics to spread four malicious npm packages that can steal sensitive info and wreak havoc on systems. The packages, published under the account deadcode09284814, masquerade as legitimate tools, but are actually designed to siphon off credentials, cloud configs, and more.

Malicious npm Packages Deliver Infostealers and DDoS Malware
Researchers uncovered malicious npm packages, including one that was essentially a clone of the notorious Shai-Hulud worm, which was uploaded with its own command-and-control server and private key, ready to steal credentials and wreak havoc. This alarming discovery highlights the growing threat of malicious packages on npm.

REMUS Infostealer Targets Session Theft, Password Managers
Meet REMUS Infostealer, a rapidly evolving threat that's been making waves in the underground scene since February 2026, with its operators boasting a staggering 90% callback rate thanks to top-notch crypting and a dedicated server. This infostealer has quickly become a commercialized and professionalized menace, with a flurry of updates, features, and customer communications flooding the dark web.

Checkmarx Plugin Compromised with Infostealer in Supply-Chain Attack
A rogue version of Checkmarx's Jenkins Application Security Testing plugin was compromised by the TeamPCP hacker group, who left a taunting message in the about section, claiming another supply-chain attack success. The group has been linked to a string of similar breaches, delivering credential-stealing malware.

macOS ClickFix Attacks Harvest Credentials via AppleScript Stealers
macOS users beware: a sneaky ClickFix campaign is using AppleScript stealers to harvest credentials from 14 browsers, 16 cryptocurrency wallets, and over 200 extensions. This targeted attack has already made off with a staggering amount of sensitive info - and it's still on the loose.