Malware Loader
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. The attacker is using the legitimate Deno to decode and execute a malicious payload directly into system memory, minimizing forensic evidence on the disk and […]
LummaStealer infections surge after CastleLoader malware campaigns
A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malware. LummaStealer, also known as LummaC2, is an infostealer operation running as a malware-as-a-service (MaaS) platform that was disrupted in May 2025 when multiple tech firms and law enforcement authorities seized 2,300 domains and the central command structure supporting the malicious […]
Gootloader now uses 1,000-part ZIP archives for stealthy delivery
The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives. In doing so, the malware, which is an archived JScript file, causes many tools to crash when trying to analyze it. According to researchers, the malicious file is successfully unpacked using the default […]
Hackers abuse leaked Shellter red team tool to deploy infostealers
Shellter Project, the vendor of a commercial AV/EDR evasion loader for penetration testing, confirmed that hackers used its Shellter Elite product in attacks after a customer leaked a copy of the software. The abuse has kept going for several months and even though security researchers caught the activity in the wild, Shellter did not receive a notification. […]
Bumblebee malware distributed via Zenmap, WinMRT SEO poisoning
The Bumblebee SEO poisoning campaign uncovered earlier this week abusing the RVTools brand is using more typosquatting domains mimicking other popular open-source projects. GeekFeed was able to find two cases leveraging the notoriety of Zenmap, the GUI for the Nmap network scanning tool, and the WinMTR tracerout utility. The Bumblebee malware loader has been pushed through at least two […]
Bumblebee malware returns after recent law enforcement disruption
The Bumblebee malware loader has been spotted in new attacks recently, more than four months after Europol disrupted it during ‘Operation Endgame’ in May. Believed to be the creation of TrickBot developers, the malware emerged in 2022 as a replacement for the BazarLoader backdoor to provide ransomware threat actors access to victim networks. Bumblebee typically achieves infection via phishing, malvertising, and […]
New Android malware ‘Necro’ infects 11 million devices via Google Play
A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks. This new version of the Necro Trojan was installed through malicious advertising software development kits (SDK) used by legitimate apps, Android game mods, and modified versions of popular software, such as Spotify, […]