malware
New Koske Linux malware hides in cute panda images
A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory. Researchers from cybersecurity company AquaSec analyzed Koske and described it as “a sophhisticated Linux threat.” Based on the observed adaptive behavior, the researchers believe that […]
Hacker sneaks infostealer malware into early access Steam game
A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. A few days ago, the hacker (also tracked as Larva-208), injected malicious binaries into the Chemia game files hosted on Steam. Chemia is a survival crafting game from developer ‘Aether Forge Studios,’ which is […]
NPM package ‘is’ with 2.8M weekly downloads infected devs with malware
The popular NPM package ‘is’ has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. This occurred after maintainer accounts were hijacked via phishing, followed by unauthorized owner changes that went unnoticed for several hours, potentially compromising many developers who downloaded the new releases. The ‘is’ […]
Lumma infostealer malware returns after law enforcement disruption
The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. Although the Lumma malware-as-a-service (MaaS) platform suffered significant disruption from the law enforcement action, as confirmed by early June reports on infostealer activity, it didn’t shut down. The operators immediately acknowledged […]
Coyote malware abuses Windows accessibility framework for data theft
A new variant of the banking trojan ‘Coyote’ has begun abusing a Windows accessibility feature, Microsoft’s UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. Microsoft UIA is a Windows accessibility framework designed to allow assistive technologies to interact with, inspect, and control user interface […]
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), a threat actor already linked to Russia’s military intelligence service (GRU). The NCSC revealed in a detailed technical analysis of the Authentic Antics malware dated May 6th that it is stealing credentials and OAuth 2.0 tokens that […]
Microsoft Teams voice calls abused to push Matanbuchus malware
The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. Matanbuchus is a malware-as-a-service operation seen promoted on the dark web first in early 2021. It was advertised as a $2,500 Windows loader that executes malicious payloads directly in memory to evade detection. In June 2022, threat analyst Brad […]
Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices
Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet, accusing them of running a global ad fraud scheme against the company’s advertising platforms. The BadBox 2.0 malware botnet is a cybercrime operation that utilizes infected Android Open Source Project (AOSP) devices, including smart TVs, streaming boxes, and other connected devices […]
LameHug malware uses AI LLM to craft Windows data-theft commands in real-time
A novel malware family named LameHug is using a large language model (LLM) to generate commands to be executed on compromised Windows systems. LameHug was discovered by Ukraine’s national cyber incident response team (CERT-UA) and attributed the attacks to Russian state-backed threat group APT28 (a.k.a. Sednit, Sofacy, Pawn Storm, Fancy Bear, STRONTIUM, Tsar Team, Forest Blizzard). The […]
North Korean XORIndex malware hidden in 67 malicious npm packages
North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. The packages collectively count more than 17,000 downloads and were discovered by researchers at package security platform Socket, who assess them to be part of the continued Contagious Interview operation. Socket researchers […]