malware
FBI warnings are true—fake file converters do push malware
The FBI is warning that fake online document converters are being used to steal peoples’ information and, in worst-case scenarios, to deploy ransomware on victims’ devices. The warning came last week from the FBI Denver field office, after receiving an increasing number of reports about these types of tools. “The FBI Denver Field Office is […]
Microsoft Trust Signing service abused to code-sign malware
Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. Threat actors have long sought after code-signing certificates as they can be used to sign malware to appear like they are from a legitimate company. Signed malware also has the advantage of potentially bypassing security filters that would normally block unsigned […]
Steam pulls game demo infecting Windows with info-stealing malware
Valve has removed from its Steam store the game title ‘Sniper: Phantom’s Resolution’ following multiple users reporting that the demo installer infected their systems with information stealing malware. The game, published under the developer name ‘Sierra Six Studios,’ was supposed to be an early preview of the title with a release planned in the coming months. […]
RansomHub ransomware uses new Betruger ‘multi-function’ backdoor
A newly identified custom backdoor deployed in several recent ransomware attacks has been linked to at least one RansomHub ransomware-as-a-service (RaaS) operation affiliate. Symantec researchers who named this malware Betruger describe it as a “rare example of a multi-function backdoor” that was likely engineered for use in ransomware attacks. The malware’s capabilities include a wide range of […]
Malware campaign ‘DollyWay’ breached 20,000 WordPress sites
A malware operation dubbed ‘DollyWay’ has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. The campaign has evolved significantly in the past eight years, leveraging advanced evasion, re-infection, and monetization strategies. According to GoDaddy researcher Denis Sinegubko, DollyWay has been functioning as a large-scale scam redirection system in its […]
New Arcane infostealer infects YouTube, Discord users via game cheats
A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. According to Kaspersky, the malware has no links or code that overlaps with the Arcane Stealer V, which has been circulating on the dark web for years. The Arcane malware […]
Malicious Android ‘Vapor’ apps on Google Play installed 60 million times
Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. The operation was first uncovered by IAS Threat Lab, who categorized the malicious activity under the name “Vapor” and said it has been ongoing since early 2024. IAS identified 180 apps as part […]
Microsoft: New RAT malware used for crypto theft, reconnaissance
Microsoft has discovered a new remote access trojan (RAT) that employs “sophisticated techniques” to avoid detection, maintain persistence, and extract sensitive data. While the malware (dubbed StilachiRAT) hasn’t yet reached widespread distribution, Microsoft says it decided to publicly share indicators of compromise and mitigation guidance to help network defenders detect this threat and reduce its […]
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The campaigns were discovered by Proofpoint researchers, who characterized them as “highly targeted” in a thread on X. The malicious OAuth apps in this campaign are impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, […]
ClickFix attack delivers infostealers, RATs in fake Booking.com emails
Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. The campaign started in December 2024 and continues today, targeting employees at hospitality organizations such as hotels, travel agencies, and other businesses that use Booking.com for reservations. The threat […]