Malware-as-a-Service
Over 116,000 Minecraft systems infected in WeedHack malware campaign
A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. The malware is distributed through Minecraft-related malicious mods, clients, cheats, and utilities that are promoted over YouTube and SEO (search engine optimization) poisoning. WeedHack works as a malware-as-a-service (MaaS) infostealer operation that offers a dashboard for […]
BTMOB Android malware service generates custom phishing payloads
An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures. The malware provides a wide set of features that includes stealing specific data, intercepting financial transactions, capturing screenshots, and remote control capabilities. Cybersecurity company ESET says that BTMOB is openly advertised on […]
New CrystalRAT malware adds RAT, stealer and prankware features
A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities. The malware emerged in January with a tiered subscription model. Apart from the Telegram channel, the MaaS was also promoted on YouTube via a dedicated marketing channel that showcased its capabilities. Kaspersky researchers say in a report […]
Arkanix Stealer pops up as short-lived AI info-stealer experiment
An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. The project included a control panel and a Discord server for communication with users, but the author took them down without notification, just two months after the operation began. Arkanix offered many […]
New malware service guarantees phishing extensions on Chrome web store
A new malware-as-a-service (MaaS) called ‘Stanley’ promises malicious Chrome extensions that can clear Google’s review process and publish them to the Chrome Web Store. Researchers at end-to-end data security company Varonis named the project Stanley after the alias of the seller, who advertises easy phishing attacks by intercepting navigation and covering a webpage with an iframe […]
Cellik Android malware builds malicious versions from Google Play apps
A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed it in any app available on the Google Play Store. Specifically, attackers can select apps from Android’s official app store and create trojanized versions that appear trustworthy and keep the […]
New SantaStealer malware steals data from browsers, crypto wallets
A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. According to security researchers at Rapid7, the operation is a rebranding of a project called BluelineStealer, and the developer is ramping up the operation ahead of a planned launch before the end […]
DanaBot malware is back to infecting Windows after 6-month break
The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement’s Operation Endgame disrupted its activity in May. According to security researchers at Zscaler ThreatLabz, there is a new variant of DanaBot, version 669, that has a command-and-control (C2) infrastructure using Tor domains (.onion) and “backconnect” nodes. Zscaler also identified and […]
New Atroposia malware comes with a local vulnerability scanner
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. The malware is available for a $200 monthly subscription that unlocks advanced features such as hidden remote desktop, file system control, data exfiltration, clipboard theft, credential theft, cryptocurrency wallet theft, […]
Lumma infostealer malware returns after law enforcement disruption
The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. Although the Lumma malware-as-a-service (MaaS) platform suffered significant disruption from the law enforcement action, as confirmed by early June reports on infostealer activity, it didn’t shut down. The operators immediately acknowledged […]