Tag: malware operations
239 articles
Cyberattacks Exploit Known Flaws in Supply Chain, AI Tools
A recent cyberattack exploited weaknesses in a company's infrastructure, resulting in a staggering $290 million heist from KelpDAO, highlighting the vulnerability of supply chains to targeted attacks. The attackers manipulated key nodes to gain control and siphon off funds.
UNC6692 Exposes Custom Malware Suite via Social Engineering
In a clever social engineering ploy, UNC6692 launched a massive email campaign in late December 2025, flooding targets with messages to create a sense of urgency and distraction, before following up with a convincing Microsoft Teams message that pushed a malicious link. The attackers then cleverly disguised their malware as a legitimate "Mailbox Repair and Sync Utility" patch, hosted on an Amazon S3 page.
China-Linked APT Group Exploits Legitimate Services for Covert Ops
ESET researchers have uncovered a treasure trove of clues, analyzing 6,044 Slack messages and 3,005 Discord messages that reveal the covert operations of a China-linked APT group, dubbed GopherWhisper, which has been active since at least 2023. The recovered logs provide a rare glimpse into the group's tactics, thanks to hardcoded credentials in Go-based backdoors that gave investigators access to the group's command and control channels.
Vercel Breach Exposes Additional Customer Accounts
A recent Vercel breach exposed additional customer accounts after a malicious chain of events began with a compromised employee account at Context.ai, which was likely triggered by a simple online search for Roblox scripts. The breach highlights the risks of malware distribution and token theft, with threat intel pointing to a sophisticated attack targeting valuable keys and account credentials.
npm Worm Targets Dev Environments, Exploits Supply Chain
A newly discovered npm malware attack has infected multiple packages, using sneaky tactics like install-time execution and credential theft to compromise developer environments and spread through the supply chain. This self-propagating malware strain appears to be targeting specialized developer workflows, putting a spotlight on vulnerabilities in the software development process.
Cybercrime Shifts to Caller-as-a-Service Model
US elderly citizens alone lost a staggering $3.4B in 2023 to phone-based scams, highlighting the alarming rise of a highly organized and profitable fraud economy. This Caller-as-a-Service model has made it easier for scammers to specialize and scale their operations, putting even more people at risk.
npm Ecosystem Targets New Supply-Chain Attack to Steal Auth Tokens
Researchers have uncovered a sneaky supply-chain worm that can hijack auth tokens and spread malware through the npm ecosystem, putting countless packages at risk. This stealthy threat can inject itself into every package it can publish, creating a ripple effect of compromised code.
Gentlemen Ransomware Operation Exposes 1,570 Victims Through SystemBC Malware
A shocking 1,570 networks worldwide have been compromised by the sneaky SystemBC malware, which has been quietly building a massive botnet of victims across the globe. This stealthy threat can even download and execute additional malware, putting your security at risk.
Lotus Malware Targets Venezuelan Energy Firms with Data-Wiping Attacks
A new, highly destructive malware called Lotus has been targeting Venezuela's energy sector, leaving systems completely unrecoverable after wiping data and disabling recovery mechanisms. This devastating attack systematically deletes files and overwrites physical drives, causing irreversible damage.
macOS ClickFix Attacks Harvest Credentials via AppleScript Stealers
macOS users beware: a sneaky ClickFix campaign is using AppleScript stealers to harvest credentials from 14 browsers, 16 cryptocurrency wallets, and over 200 extensions. This targeted attack has already made off with a staggering amount of sensitive info - and it's still on the loose.
Malware Exploits Android App to Harvest NFC Card Data
A new malware called NGate is putting NFC payment card users in Brazil at risk, exploiting the popular HandyPay app to steal sensitive card data and PINs. This sneaky attack leaves cardholders vulnerable to financial loss and compromised personal info.
Gentlemen Ransomware Spreads Rapidly Through Affiliate Network
Gentlemen Ransomware is spreading rapidly through its affiliate network, fueling a surge in multi-platform attacks and infections linked to the malicious tool SystemBC. This ransomware-as-a-service operation is making it alarmingly easy for cybercriminals to join the fray and wreak havoc.
NGate Malware Targets Brazil, Trojanizes HandyPay for NFC Data Theft
Security researchers have uncovered a sneaky new Android malware, NGate, that has been hiding in plain sight by infecting a legitimate app called HandyPay, used for NFC data relay, and using AI-generated code to steal payment credentials. This cleverly crafted malware has set its sights on Brazil, putting unsuspecting users at risk of NFC data theft.
NGate Malware Exploits HandyPay App to Steal Android NFC Payment Data
Malicious NGate malware has been discovered hiding inside a fake version of the HandyPay app, putting Android users' NFC payment data at risk. This sneaky malware exploits a trusted payments tool to steal sensitive information, leaving users vulnerable to financial theft.
Malware Disguised as Roblox Cheats Fuels Vercel Breach
Malware masquerading as Roblox cheats sparked a chain reaction, leading to a significant security breach at Vercel and exposing vulnerabilities in modern cloud and SaaS ecosystems. This incident highlights how a seemingly harmless piece of malware can wreak havoc across connected services.
Malicious Apps Infiltrate Apple's China Store, Target Crypto Wallets
Scammers have infiltrated Apple's China App Store with 26 fake cryptocurrency wallet apps, cleverly disguised as popular wallets like Metamask and Coinbase, to steal sensitive recovery phrases and drain users' digital assets. These malicious apps put unsuspecting crypto investors at risk of losing their hard-earned money.
Gentlemen Ransomware Gang Taps SystemBC for Botnet Attacks
Imagine your business's infrastructure being hijacked and turned into a fleet of malicious proxies - it's a harsh reality that's now hitting home for over 1,570 corporate victims who've fallen prey to the Gentlemen ransomware gang's SystemBC botnet attacks. Their compromised systems are being used to run proxy services for the malware, leaving defenders scrambling to respond.
Formbook Malware Exploits Obfuscation to Evade Detection
Staying one step ahead of threats just got tougher: Formbook malware's latest campaign combines DLL side-loading and obfuscated JavaScript to expertly evade detection. This sneaky tactic allows it to remain hidden, making it a formidable foe in the cybersecurity landscape.
Malware Campaigns Exploit Trusted Channels for Internal Access
Instead of smashing down the front door, attackers are now sneaking in by exploiting trusted channels and misdirecting trust - a subtle yet effective tactic that's leaving defenders, regulators, and users scrambling to respond. This quiet approach to breaching security is a growing concern, with multiple incidents revealing a common pattern of adversaries using third-party components to gain internal access.
Mirai Botnet Exploits DVR Flaw in TBK Devices
A Mirai-based malware campaign, known as Nexcorium, is actively exploiting a critical vulnerability (CVE-2024-3721) in TBK DVR devices, posing immediate risks to device owners and network defenders. This alarming development raises crucial questions about operational security and cyber risk management.
Malware Targets Israeli Water Systems with Precision Attacks
A newly discovered malware strain called ZionSiphon is threatening Israeli water systems with precision attacks, leaving experts concerned about the vulnerability of critical infrastructure. This sophisticated code can infiltrate and manipulate the machines that control pumps and filters, putting a city's taps at risk.
Ransomware Exploits QEMU VMs to Evade Endpoint Security
Malicious software can now secretly launch a virtual machine inside your computer, allowing it to evade detection and phone home to its operator - a chilling new tactic that exposes weaknesses in traditional endpoint defenses. This stealthy approach, recently spotted in the Payouts King ransomware, uses the QEMU emulator to create a hidden virtual machine and bypass security measures.
Underground Guides Expose Methods for Vetting Stolen Credit Card Shops
Buyers of stolen credit card data use a surprisingly rational approach to choosing an underground marketplace - they verify and vet potential shops just like they would any other purchase. Underground guides even provide step-by-step checks to help them evaluate carding shops based on data quality, reputation, and survivability.
Hackers exploit Marimo flaw to spread NKAbuse malware via Hugging Face
Hackers are exploiting a critical flaw in Marimo's reactive Python notebook to spread a new variant of NKAbuse malware, sneaking malicious payloads onto Hugging Face Spaces, a popular platform for sharing machine learning models. This alarming attack highlights the need for vigilance when it comes to defending against malware disguised as code-sharing tools.