New Torg Grabber infostealer malware targets 728 crypto wallets
A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. [.
Malware
20 articles
Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER
Elastic Security Labs observed two custom malware components targeting a South Asian financial institution: a modular backdoor with USB-based spreading and a...
Stryker says malware was involved in recent cyberattack as production lines reopen
The medical device firm Stryker said it is ramping production lines back up two weeks after alleged Iranian cyber actors wiped more than 200,000 company devi...
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secure...
Trivy Supply Chain Attack Expands With New Compromised Docker Images
New Trivy Docker images 0.69.
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still igno...
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening bl...
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the co...
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified deve...
GSocket Backdoor Delivered Through Bash Script, (Fri, Mar 20th)
Yesterday, I discovered a malicious Bash script that installs a GSocket backdoor on the victim's computer. I don't know the source of the script not how it i...
Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers
Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra Do...
Financial Brands Targeted in Global Mobile Banking Malware Surge
Mobile banking malware targets over 1200 financial apps globally, shifting fraud to user devices
New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct dev...
Analyzing the Current State of AI Use in Malware
Unit 42 research explores how AI is currently used in malware, from superficial integrations to advanced decision-making, and its future impact. The post Ana...
From Invitation to Infection: How SILENTCONNECT Delivers ScreenConnect
SILENTCONNECT is a multi-stage loader that leverages VBScript, in-memory PowerShell execution, and PEB masquerading to silently deploy the ScreenConnect RMM ...
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data
Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats
The Vidar 2.
Boggy Serpens Threat Assessment
Iranian threat group Boggy Serpens' cyberespionage evolves with AI-enhanced malware and refined social engineering. Unit 42 details their persistent targeting.
Iranian Cyber Threat Evolution: From MBR Wipers to Identity Weaponization
The evolution of Iranian cyber operations in broad context: from custom wiper malware to misuse of legitimate admin tools and more. The post Iranian Cyber Th...
Free real estate: GoPix, the banking Trojan living off your memory
Kaspersky GReAT experts describe the unprecedentedly complex Brazilian banking Trojan GoPix that employs memory-only implants, Proxy AutoConfig (PAC) files f...