Infostealer
Malicious VSCode extension in Cursor IDE led to $500K crypto theft
A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto developer. Cursor AI IDE is an AI-powered development environment based on Microsoft’s Visual Studio Code. It includes support for Open VSX, an alternative […]
Aeza Group sanctioned for hosting ransomware, infostealer servers
The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns. The Treasury’s Office of Foreign Assets Control (OFAC) claims that Aeza’s services were utilized by the BianLian ransomware gang, […]
No, the 16 billion credentials leak is not a new data breach
News broke today about “one of the largest data breaches in history,” sparking wide media coverage filled with warnings and fear-mongering. However, it appears to just be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks. To be clear, this is not a new data breach, or […]
US offers $10M for tips on state hackers tied to RedLine malware
The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected creator, Russian national Maxim Alexandrovich Rudometov. The same bounty covers leads on state hackers’ use of this malware in cyber operations targeting critical infrastructure […]
Dark Partners cybercrime gang fuels large-scale crypto heists
A sprawling network of fake AI, VPN, and crypto software download sites is being used by the “Dark Partner” threat actors to conduct a crypto theft attacks worldwide. Masquerading as popular apps, these cloned sites deliver the Poseiden (macOS) and Lumma (Windows) infostealers and malware loaders like Payday. This malware is used to steal cryptocurrency […]
TikTok videos now push infostealer malware in ClickFix attacks
Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks. As Trend Micro recently discovered, the threat actors behind this TikTok social engineering campaign are using videos likely generated using AI that ask viewers to run commands claiming to activate Windows and Microsoft Office, as well […]
Lumma infostealer malware operation disrupted, 2,300 domains seized
Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains and part of its infrastructure backbone worldwide. This effort involved multiple tech companies and law enforcement authorities, resulting in Microsoft’s seizure of approximately 2,300 domains after legal action against the malware on May 13, 2025. At the […]
StealC malware enhanced with stealth upgrades and data theft tools
The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements. The latest version of StealC was actually made available to cybercriminals in March 2025, but Zscaler researchers who analyzed it just published a detailed write-up. In the weeks that followed its release, several […]
Infostealer campaign compromises 10 npm packages, targets devs
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems. The campaign targeted multiple cryptocurrency-related packages, and the popular ‘country-currency-map’ package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated […]
ClickFix attack delivers infostealers, RATs in fake Booking.com emails
Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. The campaign started in December 2024 and continues today, targeting employees at hospitality organizations such as hotels, travel agencies, and other businesses that use Booking.com for reservations. The threat […]