VulnHub

Security researchers have identified a new Android banking trojan called Mirax, which is targeting users across Europe. This malware utilizes a method known as Malware-as-a-Service (MaaS) to infect devices, allowing cybercriminals to gain remote access and turn affected smartphones into residential proxy nodes. By doing this, attackers can route their malicious activities through the compromised devices, making it harder to trace their actions back to them. This poses a significant risk to users, as their personal data and banking information could be at risk. The emergence of Mirax highlights ongoing vulnerabilities in mobile security and the need for users to remain vigilant against such threats.

Kaspersky has reported that SparkCat malware has resurfaced on app stores, specifically targeting cryptocurrency users in Asia. This malware has been found in applications available for both iOS and Android devices. Users downloading these apps may unknowingly expose their sensitive information, such as cryptocurrency wallet details, to attackers. This resurgence is particularly concerning given the increasing popularity of cryptocurrency among users, making them prime targets for cybercriminals. As the malware spreads, it underlines the need for users to be vigilant about the apps they download and the permissions they grant.

The latest ThreatsDay Bulletin highlights a range of pressing cybersecurity threats impacting various systems. Researchers are reporting on the alarming trend of chaining together minor vulnerabilities to create significant backdoors, which could allow attackers to gain unauthorized access. Additionally, there are ongoing concerns about Android rootkits and methods for evading AWS CloudTrail logging, raising red flags for cloud security. These developments underscore the need for organizations to stay vigilant and proactive in patching software and monitoring their systems for unusual activity. With cyber threats evolving quickly, it’s crucial for companies to keep their defenses updated and educate their teams on the latest risks.

Recent reports indicate that cybercriminals are increasingly using cloud phones, which are virtualized Android devices hosted on remote servers, to carry out financial fraud schemes. These devices provide attackers with anonymity and the capability to manipulate phone numbers, making it easier for them to bypass traditional security measures. As a result, victims can include individuals and businesses alike, potentially leading to significant financial losses. Security experts warn that the rise of these technologies poses a growing risk to online transactions and personal data. Companies and users need to be vigilant and adopt more stringent security practices to mitigate these threats.

Researchers have discovered a serious vulnerability in Android that allows attackers to hijack mobile payment applications using a technique called LSPosed-based runtime manipulation. This attack can bypass security measures such as SIM binding, which is intended to protect users' financial transactions. As a result, anyone using affected payment apps could be at risk of fraud and unauthorized transactions. This incident highlights the ongoing challenges in mobile security, especially for users who rely on their devices for financial activities. Users should be cautious and consider reviewing their app security settings until further protections are implemented.

The latest Security Affairs Malware newsletter covers several significant malware threats that have emerged recently. Notably, a group identified as Stan Ghouls is targeting users in Russia and Uzbekistan using the NetSupport Remote Access Trojan (RAT), which allows attackers to control infected systems remotely. Another concerning development is the discovery of ZeroDayRAT, a new spyware designed to infiltrate both Android and iOS devices. Additionally, researchers have uncovered a Linux botnet named SSHStalker, which utilizes old-school IRC methods to compromise new victims. These activities demonstrate the evolving tactics of cybercriminals and emphasize the need for users and organizations to remain vigilant against these persistent threats.

Researchers have identified a new spyware kit called ZeroDayRAT, which is being distributed via Telegram. This toolkit is said to allow attackers to fully compromise both iOS and Android devices, functioning at a level typically associated with resources available to nation-states. The implications of this spyware are significant, as it can potentially give hackers complete access to personal data and device controls. Users of mobile devices, especially those who may be targeted for sensitive information, should be particularly cautious. The emergence of such advanced tools raises serious concerns about mobile security and privacy.

Bitdefender has identified a new Android malware campaign that uses Hugging Face, a platform typically associated with artificial intelligence and machine learning. This malware, classified as a Remote Access Trojan (RAT), is designed to gain unauthorized access to Android devices, potentially compromising user data and privacy. The campaign raises concerns as it exploits a legitimate platform to distribute malicious software, making it harder for users to detect the threat. Users of Android devices should be particularly cautious and ensure they download apps only from trusted sources to avoid falling victim to this malware. The implications are significant, especially for those who may unknowingly install infected applications, leading to data theft or device control by attackers.

ESET researchers have uncovered a spyware campaign targeting individuals in Pakistan that employs romance scam tactics. This operation uses a malicious app masquerading as a chat service, which facilitates conversations through WhatsApp but primarily serves to steal data from infected devices. The malware is identified as GhostChat, and it appears to be part of a larger surveillance effort by the same threat actor. This incident is particularly concerning as it exploits personal relationships and trust, potentially affecting many unsuspecting users who are seeking companionship online. The implications of such spyware are significant, as it not only compromises personal data but also raises issues of privacy and security in digital communications.

The Black Lotus Labs team at Lumen Technologies has taken significant action against the AISURU and Kimwolf botnets by null-routing over 550 command-and-control (C2) servers since early October 2025. These botnets have gained notoriety for their ability to commandeer devices and use them in distributed denial-of-service (DDoS) attacks. By cutting off access to these C2 nodes, researchers aim to disrupt the operations of these botnets, which primarily target Android devices. This move is crucial as it not only protects potential victims from being exploited but also highlights the ongoing battle against cybercriminals who leverage such networks for malicious activities. The impact of these botnets underscores the need for continued vigilance in cybersecurity practices, especially for users of vulnerable devices.