Trojan
CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. The two utilities have millions of users who rely on them for tracking the physical health of internal computer hardware and for comprehensive specifications of a […]
Malicious 7-Zip site distributes installer laced with proxy tool
A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user’s computer into a residential proxy node. Residential proxy networks use home user devices to route traffic with the goal of evading blocks and performing various malicious activities such as credential stuffing, phishing, and malware distribution. The new campaign […]
New Android malware uses AI to click on hidden browser ads
A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements. The mechanism relies on visual analysis based on machine learning instead of predefined JavaScript click routines, and does not involve script-based DOM-level interaction like classic click-fraud trojans. The threat actor is using TensorFlow.js, an open-source […]
Endgame Gear mouse config tool infected users with malware
Gaming peripherals maker Endgame Gear is warning that malware was hidden in its configuration tool for the OP1w 4k v2 mouse hosted on the official website between June 26 and July 9, 2025. The infected file was hosted on ‘endgamegear.com/gaming-mice/op1w-4k-v2,’ so users downloading the tool from that page during this period were infected. Endgame Gear […]
Android malware Anatsa infiltrates Google Play to target US banks
The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads. The malware becomes active on the device immediately after installing the app, tracking users launching North American banking apps and serving them an overlay that allows accessing the account, keylogging, or automating transactions. According […]
SonicWall warns of trojanized NetExtender stealing VPN logins
SonicWall is warning customers that threat actors are distributing a trojanized version of its NetExtender SSL VPN client used to steal VPN credentials. The fake software, which was discovered by SonicWall’s and Microsoft Threat Intelligence (MSTIC) researchers, mimics the legitimate NetExtender v10.3.2.27, the latest available version. The malicious installer file is hosted on a spoofed website […]
Trojanized RVTools push Bumblebee malware in SEO poisoning campaign
In response to our questions about the attack, Dell states that the malicious RVTools installer was not distributed from its sites but rather from fake typo-squatted domains. The company also states that the Dell-managed sites, Robware.net and RVTools.com, were taken offline as they are being targeted in DDoS attacks. “Dell Technologies operates two websites to distribute our RVTools […]
Russian military hackers deploy malicious Windows activators in Ukraine
The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. These attacks likely started in late 2023 and have now been linked by EclecticIQ threat analysts with Sandworm hackers based on overlapping infrastructure, consistent Tactics, Techniques and Procedures (TTPs), and frequently […]