Italian spyware vendor creates Fake WhatsApp app, targeting 200 users
WhatsApp blocked a fake app by Italian firm SIO/Asigint that targeted 200 users with spyware, urging them to reinstall the official app. WhatsApp has recentl...
Malware
20 articles
Hooked on Linux: Rootkit Detection Engineering
In this second part of a two-part series, we explore Linux rootkit detection engineering, focusing on the limitations of static detection reliance, and the i...
WhatsApp warns users of fake app used to distribute spyware
The Meta subsidiary alleges that Italy’s SIO spyware manufacturer designed the phony app specifically for iPhones. Most of the impacted users are in Italy, a...
New CrystalRAT malware adds RAT, stealer and prankware features
A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilit...
'NoVoice' Android malware on Google Play infected 2.3 million devices
A new Android malware named NoVoice was found on Google Play, hidden in more than 50 apps that were downloaded at least 2.3 million times.
New DeepLoad Malware Dropped in ClickFix Attacks
The malware steals credentials, installs a malicious browser extension, and can spread via USB drives. The post New DeepLoad Malware Dropped in ClickFix Atta...
New Venom Stealer MaaS Platform Automates Continuous Data Theft
Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next.
Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
Today, most malware are called “fileless†because they try to reduce their footprint on the infected computer filesystem to the bare minimum. But they ne...
Alleged RedLine malware developer extradited to United States
A man has appeared in federal court in Austin, Texas, after being extradited to the United States to face charges related to his alleged role as a key develo...
Hackers Hijack Axios npm Package to Spread RATs
Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn
PyPI Telnyx Python SDK Backdoored to Steal Credentials on Windows, macOS, and Linux
Telnyx Python SDK on PyPI, using a multi‑stage WAV steganography payload to steal credentials across Windows, macOS, and Linux systems. The backdoor lives in...
A laughing RAT: CrystalX combines spyware, stealer, and prankware features
Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities.
Malware detectors trained on one dataset often stumble on another
Machine learning models built to catch malware on Windows systems are typically evaluated on data that closely resembles their training set. In practice, the...
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack
Attackers compromised the npm account of the lead maintainer of Axios, a widely used JavaScript HTTP client library, and used it to publish malicious version...
Sophisticated CrySome RAT examined
Windows environments are at risk of significant compromise with the new, advanced CrySome remote access trojan, which integrates antivirus-killing and hidden...
RoadK1ll malware enables stealthy network pivoting
RoadK1ll functions as a lightweight reverse tunneling implant, designed to blend into normal network traffic and transform an infected machine into a relay p...
Attackers hijack Axios npm account to spread RAT malware
Threat actors hijacked the npm account of Axios to distribute RAT malware via malicious package updates. Threat actors compromised the npm account of Axios, ...
LiteLLM ditches Delve after malware attack
The incident occurred shortly after LiteLLM had obtained two security compliance certifications from Delve.
Venom Stealer Raises Stakes With Continuous Credential Harvesting
Licensed malware with built-in persistence and automation enables attackers to continuously siphon credentials, session data, and cryptocurrency assets. The ...