BTMOB Android RAT poses significant threat with easy-to-use builder
First identified in February 2025, BTMOB evolved from the SpySolr malware.
20 articles
First identified in February 2025, BTMOB evolved from the SpySolr malware.
Operators of the malicious Glassworm botnet have been targeting software developers since at least early 2025
CrowdStrike has dismantled the Glassworm botnet in an operation aided by Google and Shadowserver, stripping the operators’ access to infrastructure that help...
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels a...
Glassworm infected developers through poisoned tools and packages until a coordinated takedown killed all four of its C2 channels at once. On May 26, 2026, a...
A newly observed Android malware strain, known as BTMOB, is raising concerns among cybersecurity researchers due to its powerful remote access capabilities a...
The attack campaign employs SEO poisoning to elevate fake installation pages in search engine results, leading developers searching for AI tools like Google ...
Chinese-language phishing-as-a-service (PhaaS) communities are expanding in an area historically dominated by Russian-speaking cybercriminal groups. The Goog...
BTMOB Android RAT sold as a service with a no-code builder for fast, regional phishing lures
The European Union is preparing to issue a landmark penalty against Google under its Digital Markets Act (DMA), marking a significant escalation in regulator...
The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise
Hackers are actively exploiting a critical vulnerability in the KnowledgeDeliver Learning Management System (LMS) to deploy the BLUEBEAM web shell, according...
Tycoon 2FA bypasses MFA on Entra ID and Google Workspace. We map telemetry fingerprints across both platforms, ship detection rules for both tiers, and conta...
Written by: Jamie Collier While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is ...
Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to ...
The Trapdoor campaign initially distributed seemingly legitimate utility apps, such as PDF readers, through the Google Play Store.
Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipel...
Google API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make ...
Android users are being targeted by a large-scale malware campaign that silently subscribes victims to premium mobile services without their knowledge. The m...
Google Cloud API keys may continue functioning for up to 23 minutes after deletion, exposing a significant security gap that could allow attackers to retain ...