Infostealer
Malicious Blender model files deliver StealC infostealing malware
A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. Blender is a powerful open-source 3D creation suite that can execute Python scripts for automation, custom user interface panels, add-ons, rendering processes, rigging tools, and pipeline integration. If the Auto Run feature is enabled, […]
ClickFix attack uses fake Windows Update screen to push malware
ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. ClickFix is a social-engineering attack where users are convinced to paste and execute in Windows Command Prompt code or commands that lead to running malware on the system. The attack […]
Rhadamanthys infostealer disrupted as cybercriminals lose server access
The Rhadamanthys infostealer operation has been disrupted, with numerous “customers” of the malware-as-a-service reporting that they no longer have access to their servers. Rhadamanthys is an infostealer malware that steals credentials and authentication cookies from browsers, email clients, and other applications. It is commonly distributed through campaigns promoted as software cracks, YouTube videos, or malicious […]
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. The action was announced on Telegram by Irina Volk, a police general and official from the Russian Ministry of Internal Affairs. “A group of hackers who created the infamous ‘Meduza’ virus have been […]
Google disputes false claims of massive Gmail data breach
Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. This claim began over the weekend and into today, with news stories claiming that millions of Gmail accounts were breached, with some outlets saying it […]
XWorm malware resurfaces with ransomware module, over 35 plugins
New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project last year. The latest variants, XWorm 6.0, 6.4, and 6.5, appear to be adopted by multiple threat actors and have support for plugins that allow a wide range of malicious activities. Malware operators can use […]
Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs
Microsoft Threat Intelligence reports that a new variant of the XCSSET macOS malware has been detected in limited attacks, incorporating several new features, including enhanced browser targeting, clipboard hijacking, and improved persistence mechanisms. XCSSET is a modular macOS malware that acts as an infostealer and cryptocurrency stealer, stealing Notes, cryptocurrency wallets, and browser data from […]
New FileFix attack uses steganography to drop StealC malware
A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing the StealC infostealer malware. FileFix is a new variant of the ClickFix family of attacks, which uses social engineering attacks to trick users into pasting malicious commands into operating system dialog boxes as supposed “fixes” for problems. The FileFix technique was […]
TamperedChef infostealer delivered through fraudulent PDF Editor
Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef. The campaign is part of a larger operation with multiple apps that can download each other, some of them tricking users into enrolling their system into residential proxies. More than […]
Malicious VSCode extension in Cursor IDE led to $500K crypto theft
A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto developer. Cursor AI IDE is an AI-powered development environment based on Microsoft’s Visual Studio Code. It includes support for Open VSX, an alternative […]