GigaWiper is a newly discovered modular malware that enables attackers to carry out both backdoor and wiper functions, allowing them to choose how destructive their attacks can be. This malware draws elements from various existing malware families, making it more versatile and dangerous. While specific targets have not been disclosed, the presence of such a tool poses a significant threat to organizations, as it can lead to data loss and operational disruptions. The ability to customize the attack increases the potential impact on victims, making it critical for companies to stay vigilant and enhance their cybersecurity measures. Understanding how GigaWiper operates can help in developing better defenses against such dual-purpose malware.
Articles tagged "Malware"
Found 634 articles
Hackread – Cybersecurity News, Data Breaches, AI and More
Researchers from Dr.Web have identified a new backdoor named Siggen that targets Windows developers. This malware spreads through infected Visual Studio projects and utilizes Steam for command and control (C2) operations. Once installed, it can steal sensitive information, including user credentials and cryptocurrency data. The incident poses a significant risk to developers who may unknowingly incorporate these malicious projects into their work, potentially compromising their systems and data. The use of a popular platform like Steam for C2 makes it a notable concern for the developer community and highlights the need for vigilance against such threats.
Zimbra has patched a serious vulnerability that allows attackers to execute malicious code through specially crafted emails. When a user opens one of these emails, the embedded code runs without their consent, posing a significant security risk. This flaw affects users of Zimbra's email software, which is widely used by organizations for communication. The potential for exploitation makes it crucial for users to update their systems promptly. Patching this vulnerability helps protect against unauthorized access and data breaches, which could have serious consequences for affected organizations.
A new version of the RedHook malware for Android has been discovered using a technique that exploits the Wireless Debugging feature, known as Wireless ADB. This allows attackers to gain shell-level access to devices without needing a physical connection to a computer. This development raises concerns because it can enable unauthorized control over affected devices, putting personal data and privacy at risk. Users of Android devices, especially those with Wireless ADB enabled, should be particularly vigilant. Researchers emphasize the need for users to disable this feature when not in use to mitigate potential risks.
A recent report by QiAnXin, a Chinese cybersecurity firm, reveals that the Silver Fox group is using a new Remote Access Trojan (RAT) called MODBEACON, which is developed in Rust. Although their methods, such as SEO poisoning and fake software installers, may seem basic, the group's operation is more intricate, involving several distributors. This complexity raises concerns about the potential reach and effectiveness of their attacks. Organizations and users need to be vigilant about the software they download and the links they click to avoid falling victim to these tactics. The emergence of this Rust-based RAT signifies a shift in how attackers are developing malware, possibly making it harder to detect and mitigate.
A new remote access trojan (RAT) named MODBEACON has been linked to the Chinese cybercrime group Silver Fox. This malware, which is built using the Rust programming language, employs gRPC streaming for its command-and-control (C2) traffic, making it more challenging to detect and analyze. Researchers from QiAnXin noted that while the group may seem low-tech, they are actively using SEO poisoning techniques to distribute malicious software through fake installers. This development is concerning as it indicates a shift towards more sophisticated methods of malware distribution, potentially impacting users who unknowingly download compromised software. Organizations and individuals should be cautious of suspicious downloads and ensure they have strong cybersecurity measures in place.
The Hacker News
A recently exposed hacker server has revealed the inner workings of a cybercrime operation known as WP-SHELLSTORM, which has targeted over 1.4 million WordPress sites. Although not all the sites were successfully hacked, the exposed data included hacking tools, activity logs, and a list of potential targets. The operation highlights how attackers can orchestrate mass website breaches, raising concerns about the security of WordPress sites. Website owners need to ensure their systems are secure to prevent unauthorized access and potential data breaches. This incident serves as a reminder of the ongoing vulnerabilities within popular content management systems like WordPress.
Researchers have identified 222 GitHub repositories that are distributing malware disguised as fake Go packages. This investigation began with a suspicious Go module that claimed to be a DNS and subdomain scanning tool. As the researchers dug deeper, they uncovered a larger network of malicious activities involving loaders, stealers, remote access Trojans (RATs), and cryptominers. This incident poses a significant risk to developers and users who might unknowingly install these harmful packages, potentially compromising their systems and data. It's crucial for the software development community to remain vigilant and verify the authenticity of packages before integration.
GigaWiper is a newly identified piece of malware that combines different malicious functions, including a standalone wiper, ransomware encryption, and a multi-pass wiping command. This malware is designed for system-level sabotage, making it particularly dangerous for both individuals and organizations. Researchers have noted that it could severely disrupt operations by permanently deleting important data and encrypting files for ransom. The full impact of GigaWiper is still being assessed, but its destructive capabilities raise significant concerns for cybersecurity professionals and users alike. Companies need to be vigilant and implement strong security measures to protect against such invasive attacks.
Hackers have compromised the GitHub repository of the Injective Labs SDK project and used it to distribute a malicious package on npm, the Node Package Manager. This malicious package is designed to steal private keys and mnemonic seed phrases from users' cryptocurrency wallets. Developers and users who downloaded the affected package could find their digital assets at risk. This incident raises significant concerns about the security of open-source projects and the potential for similar attacks on other repositories. Users are urged to be cautious and verify the integrity of packages before installation to protect their cryptocurrency holdings.
The Armored Likho APT group is reportedly using a sophisticated toolkit that includes AI-generated malware alongside existing threats like the BusySnake Stealer, a Python-based tool designed to siphon off sensitive information. This group is known for its modular approach, which allows them to adapt their methods and tools quickly, making it difficult for organizations to defend against their attacks. The use of obfuscated remote access trojans (RATs) and network tunneling tools like Go2Tunnel adds another layer of complexity to their operations. As a result, businesses and individuals need to be vigilant about their cybersecurity measures to protect against these evolving threats. Given the capabilities of this APT group, the potential for data breaches and unauthorized access remains high, raising concerns for organizations that store sensitive information.
Researchers at Huntress have discovered a threat actor using a technique called vibe-coded PowerShell to map out Active Directory networks. This method allows attackers to gather detailed information about network configurations and user accounts, which can be crucial for planning further attacks. The use of PowerShell in this context is concerning, as it is a legitimate tool that can be exploited for malicious purposes. Companies with Active Directory environments should be particularly vigilant, as this type of reconnaissance can lead to more severe security breaches. The findings emphasize the need for organizations to monitor their networks for unusual PowerShell activity and tighten their security measures.
Help Net Security
Microsoft has rolled out a security update to address a serious vulnerability in its Malware Protection Engine, specifically CVE-2026-50656. This flaw, which affects Windows 10 and Windows 11, allows authenticated attackers to escalate their privileges to SYSTEM-level by exploiting improper link resolution before file access. The vulnerability was brought to light on June 10, and it poses a significant risk as it can be exploited with relatively low complexity. Users of affected systems should prioritize applying this update to safeguard their devices against potential attacks that could compromise system security.
Infosecurity Magazine
Operation First Light 2026, an initiative funded by the Chinese government and coordinated by Interpol, has resulted in the arrest of 5,811 individuals involved in cybercrime across multiple countries. This large-scale operation targeted various criminal activities, including online fraud and the distribution of malware. The collaboration aims to enhance international law enforcement's ability to combat cyber threats and improve global security. The significant number of arrests suggests a considerable crackdown on organized cybercrime networks, which could disrupt ongoing illegal activities. This operation not only highlights the growing global concern over cybercrime but also emphasizes the role of international cooperation in addressing these challenges.
A new ransomware strain called GodDamn has been identified by cybersecurity researchers, specifically the Threat Hunter Team at Symantec. This ransomware uses a malicious kernel driver named PoisonX to disable endpoint security measures, allowing it to operate without detection. GodDamn was first observed in the wild on May 21, 2026, and is believed to be a rebranding of an earlier ransomware known as Beast. The use of PoisonX is particularly concerning as it directly undermines the defenses that companies rely on to protect their systems. Organizations need to be vigilant and update their security protocols to defend against this new threat.