Info Stealer
Google ads for shared ChatGPT, Grok guides push macOS infostealer malware
A new AMOS infostealer campaign is abusing Google search ads to lure users into Grok and ChatGPT conversations that appear to offer “helpful” instructions but ultimately lead to installing the AMOS info-stealing malware on macOS. The campaign was first spotted by researchers at cybersecurity company Kaspersky yesterday, while Huntress managed security platform published a more detailed report earlier today. […]
Malicious VSCode extensions on Microsoft’s registry drop infostealers
Two malicious extensions on Microsoft’s Visual Studio Code Marketplace infect developers’ machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and hijack browser sessions. The marketplace hosts extensions for the popular VSCode integrated development environment (IDE) to extend functionality or add customization options. The two malicious extensions, called Bitcoin Black and Codo […]
Police disrupts Rhadamanthys, VenomRAT, and Elysium malware operations
Law enforcement authorities from nine countries have taken down over 1,000 servers used by the Rhadamanthys infolstealer, VenomRAT, and Elysium botnet malware operations in the latest phase of Operation Endgame, an international action targeting cybercrime. The joint action, coordinated by Europol and Eurojust, was also supported by multiple private partners, including Cryptolaemus, Shadowserver, Spycloud, Cymru, Proofpoint, CrowdStrike, […]
DanaBot malware is back to infecting Windows after 6-month break
The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement’s Operation Endgame disrupted its activity in May. According to security researchers at Zscaler ThreatLabz, there is a new variant of DanaBot, version 669, that has a command-and-control (C2) infrastructure using Tor domains (.onion) and “backconnect” nodes. Zscaler also identified and […]
Vidar Stealer 2.0 adds multi-threaded data theft, better evasion
Security researchers are warning that Vidar Stealer infections are likely to increase after the malware developer released a new major version with upgraded capabilities. According to an announcement from the developer this month, Vidar 2.0 has been rewritten in C, supports multi-threading data stealing, bypasses Chrome’s app-bound encryption, and features more advanced evasion mechanisms. Infostealer […]
Fake Mac fixes trick users into installing new Shamos infostealer
A new infostealer malware targeting Mac devices, called ‘Shamos,’ is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. The new malware, which is a variant of the Atomic macOS Stealer (AMOS), was developed by the cybercriminal group “COOKIE SPIDER,” and is used to steal data and credentials stored in web browsers, […]
NPM package ‘is’ with 2.8M weekly downloads infected devs with malware
The popular NPM package ‘is’ has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. This occurred after maintainer accounts were hijacked via phishing, followed by unauthorized owner changes that went unnoticed for several hours, potentially compromising many developers who downloaded the new releases. The ‘is’ […]
Lumma infostealer malware returns after law enforcement disruption
The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. Although the Lumma malware-as-a-service (MaaS) platform suffered significant disruption from the law enforcement action, as confirmed by early June reports on infostealer activity, it didn’t shut down. The operators immediately acknowledged […]
Atomic macOS infostealer adds backdoor for persistent attacks
Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as ‘AMOS’) that comes with a backdoor, to attackers persistent access to compromised systems. The new component allows executing arbitrary remote commands, it survives reboots, and permits maintaining control over infected hosts indefinitely. MacPaw’s cybersecurity division Moonlock analyzed the backdoor in Atomic malware after a […]
‘Stargazers’ use fake Minecraft mods to steal player passwords
A large-scale malware campaign specifically targets Minecraft players with malicious mods and cheats that infect Windows devices with infostealers that steal credentials, authentication tokens, and cryptocurrency wallets. The campaign, discovered by Check Point Research, is conducted by the Stargazers Ghost Network and leverages the Minecraft massive modding ecosystem and legitimate services like GitHub to reach a […]