malware
Chinese cyberspies backdoor Juniper routers for stealthy access
Chinese hackers are deploying custom backdoors on Juniper Networks Junos OS MX routers that have reached end-of-life (EoL) and no longer receive security updates. The backdoors are primarily variants of the TinyShell malware, an open-source tool that facilitates data exchange and command execution on Linux systems, and which has been used by multiple threat groups over the years. […]
MassJacker malware uses 778,000 wallets to steal cryptocurrency
A newly discovered clipboard hijacking operation dubbed ‘MassJacker’ uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers. According to CyberArk, who discovered the MassJacker campaign, roughly 423 wallets linked to the operation contained $95,300 at the time of the analysis, but historical data suggests more significant transactions. Also, there’s a single […]
YouTubers extorted via copyright strikes to spread malware
Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos. The threat actors take advantage of the popularity of Windows Packet Divert (WPD) tools that are increasingly used in Russia as they help users bypass internet censorship and government-imposed restrictions on websites and online services. YouTube […]
Microsoft says malvertising campaign impacted 1 million PCs
Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. The company’s threat analysts detected these attacks in early December 2024 after observing multiple devices downloading malware from GitHub repos, malware that was later used to deploy a string of various other […]
Ethereum private key stealer on PyPI downloaded over 1,000 times
A malicious Python Package Index (PyPI) package named “set-utils” has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. The package disguises itself as a utility for Python, mimicking the popular “python-utils,” which has over 712 million downloads, and “utils,” which counts over 23.5 million installs. Researchers […]
BadBox malware disrupted on 500K infected Android devices
The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. The BadBox botnet is a cyber-fraud operation targeting primarily low-cost Android-based devices like TV streaming boxes, tablets, smart TVs, and smartphones. These devices either come pre-loaded with the BadBox […]
Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware
New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. In January, Zscaler discovered a Zloader malware sample that contained what appeared to be a new DNS tunneling feature. Further research by […]
New Eleven11bot botnet infects 86,000 devices for DDoS attacks
A new botnet malware named ‘Eleven11bot’ has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs), to conduct DDoS attacks. The botnet, which is loosely linked to Iran, has already launched distributed denial of service (DDoS) attacks targeting telecommunication service providers and online gaming servers. Eleven11bot was discovered by Nokia researchers […]
New polyglot malware hits aviation, satellite communication firms
A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. The malware delivers a backdoor called Sosano, which establishes persistence on the infected devices and allows the attackers to execute commands remotely. The activity was discovered by Proofpoint in October 2024, which states that the […]
Vo1d malware botnet grows to 1.6 million Android TVs worldwide
A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. This is according to an investigation by Xlab, which has been tracking the new campaign since last November, reporting that the botnet peaked on January 14, 2025, and […]