Information Stealer
Malicious Blender model files deliver StealC infostealing malware
A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. Blender is a powerful open-source 3D creation suite that can execute Python scripts for automation, custom user interface panels, add-ons, rendering processes, rigging tools, and pipeline integration. If the Auto Run feature is enabled, […]
ClickFix attack uses fake Windows Update screen to push malware
ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. ClickFix is a social-engineering attack where users are convinced to paste and execute in Windows Command Prompt code or commands that lead to running malware on the system. The attack […]
Police disrupts Rhadamanthys, VenomRAT, and Elysium malware operations
Law enforcement authorities from nine countries have taken down over 1,000 servers used by the Rhadamanthys infolstealer, VenomRAT, and Elysium botnet malware operations in the latest phase of Operation Endgame, an international action targeting cybercrime. The joint action, coordinated by Europol and Eurojust, was also supported by multiple private partners, including Cryptolaemus, Shadowserver, Spycloud, Cymru, Proofpoint, CrowdStrike, […]
DanaBot malware is back to infecting Windows after 6-month break
The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement’s Operation Endgame disrupted its activity in May. According to security researchers at Zscaler ThreatLabz, there is a new variant of DanaBot, version 669, that has a command-and-control (C2) infrastructure using Tor domains (.onion) and “backconnect” nodes. Zscaler also identified and […]
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. The action was announced on Telegram by Irina Volk, a police general and official from the Russian Ministry of Internal Affairs. “A group of hackers who created the infamous ‘Meduza’ virus have been […]
Malicious NPM packages fetch infostealer for Windows, Linux, macOS
Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. The packages were uploaded to npm on July 4, and remained undetected for a long period due to multiple layers of obfuscation that helped escape standard static analysis mechanisms. According to researchers at […]
Hackers steal Discord accounts with RedTiger-based infostealer
Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. The malware can also steal credentials stored in the browser, cryptocurrency wallet data, and game accounts. RedTiger is a Python-based penetration testing suite for Windows and Linux that bundles options for scanning networks and cracking […]
Iranian hackers targeted over 100 govt orgs with Phoenix backdoor
State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor. The threat actor is also known as Static Kitten, Mercury, and Seedworm, and it typically targets government and private organizations in the Middle East region. Starting August 19, the hackers launched a phishing campaign from […]
Vidar Stealer 2.0 adds multi-threaded data theft, better evasion
Security researchers are warning that Vidar Stealer infections are likely to increase after the malware developer released a new major version with upgraded capabilities. According to an announcement from the developer this month, Vidar 2.0 has been rewritten in C, supports multi-threading data stealing, bypasses Chrome’s app-bound encryption, and features more advanced evasion mechanisms. Infostealer […]
Fake Mac fixes trick users into installing new Shamos infostealer
A new infostealer malware targeting Mac devices, called ‘Shamos,’ is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. The new malware, which is a variant of the Atomic macOS Stealer (AMOS), was developed by the cybercriminal group “COOKIE SPIDER,” and is used to steal data and credentials stored in web browsers, […]