Articles tagged "Malware"

Found 634 articles

Researchers at Cisco Talos have identified a new campaign by a Russian-speaking group known as UAT-11795, which is distributing fake installers for popular applications like Zoom, Webex, and MobaXterm. These malicious installers are designed to deliver the Starland Remote Access Trojan (RAT) and a memory-only implant called WLDR. The campaign has been targeting users primarily in the United States and Europe. This is concerning as it highlights the ongoing threat posed by financially motivated cybercriminals who exploit trusted software to gain access to sensitive systems. Users should be wary of downloading software from unofficial sources and ensure they are using legitimate installation files to protect against such attacks.

Read Original

Researchers have identified a new malware strain named GoSerpent, which has been targeting government and diplomatic entities in Southeast Asia since late 2025. Discovered by Kaspersky in February 2026, GoSerpent is designed for long-term access and intelligence gathering, indicating a sophisticated level of espionage. The malware's specific targets include various Southeast Asian governments and their associated diplomatic missions, raising concerns about national security and the potential for sensitive information to be compromised. The emergence of GoSerpent highlights the ongoing cyber threats faced by government institutions in the region, emphasizing the need for enhanced cybersecurity measures. As attacks like these become more common, governments must prioritize their defenses against such persistent threats.

Read Original
Actively Exploited

The Sandworm group, which is associated with Russia's military intelligence agency, the GRU, is targeting Ukrainian organizations using a deceptive approach called ClickFix. This technique involves creating fake CAPTCHA challenges that trick users into downloading malware. By exploiting social engineering tactics, the attackers aim to gain access to sensitive information. This method poses a significant risk to Ukrainian entities, as it can lead to data breaches and further cyber operations. The use of such sophisticated tactics reflects the ongoing cybersecurity threats faced by Ukraine amid its geopolitical tensions with Russia.

Read Original

The Daxin malware, a kernel-mode rootkit first identified in March 2022, has resurfaced, with researchers discovering it operating on a compromised system belonging to a manufacturer in Taiwan in 2026. This malware is particularly concerning because it can provide attackers with deep access to targeted systems, potentially leading to data theft or further exploitation. The resurgence of Daxin suggests that attackers are still actively using and developing sophisticated tools to breach security measures, particularly in regions like Taiwan, which is significant for its role in global technology supply chains. Companies in the region should enhance their defenses and monitor for any signs of compromise to mitigate the risks associated with this malware. The ongoing evolution of threats like Daxin emphasizes the need for continuous vigilance in cybersecurity practices.

Read Original
Actively Exploited

A new malware framework named OkoBot has emerged, capable of deploying over 20 different payloads aimed at stealing sensitive data, particularly cryptocurrency wallet seed phrases and user credentials. The framework is designed to infiltrate systems and extract valuable information from users, making it a significant threat to anyone dealing with cryptocurrencies. As cybercriminals increasingly target digital assets, this development raises alarms for individuals and businesses alike. Users are advised to enhance their security measures and remain vigilant against suspicious activities that may indicate an OkoBot attack. The rise of such tools underscores the ongoing risk of data breaches in the cryptocurrency space.

Read Original
Actively Exploited

A global phishing campaign has been detected that disguises a Lua loader as a TrueType font file to deploy remote access Trojans (RATs) and information stealers. Attackers are using this method to bypass security measures by making the malicious files appear innocuous. This tactic affects users who may inadvertently open these disguised files, leading to potential data breaches or unauthorized access to systems. The presence of such sophisticated phishing techniques raises concerns about the effectiveness of traditional email security measures. Users need to be vigilant about unexpected email attachments, even if they seem harmless, to avoid falling victim to these types of attacks.

Read Original

Researchers have discovered a targeted campaign exploiting the ViPNet update system, which is used by several large organizations in Russia. This campaign aims to deliver malicious modules to these entities, potentially compromising their secure networks. The nature of the attack suggests that it is focused on significant targets, indicating a high level of sophistication. With the ViPNet system being integral for secure communications, the implications of this breach could be severe, affecting the integrity of sensitive data and operations. Organizations using this software should be on high alert and consider implementing additional security measures to safeguard against these threats.

Read Original

Cybersecurity experts have identified a new malware named TELEPUZ that has been spreading since late April 2026 through compromised websites using ClickFix lures. This modular malware is designed to steal data and execute commands on infected systems. Researchers from Elastic Security Labs note that while the number of command-and-control domains associated with TELEPUZ is currently limited, its capabilities raise significant concerns for users and organizations. The lightweight nature of the malware makes it particularly dangerous, as it can easily evade detection. Users visiting infected sites are at risk, making it crucial for individuals and companies to remain vigilant about their online activities and security practices.

Read Original

A new piece of malware known as ClickLock Stealer is targeting macOS users by forcing them to input their login passwords. This infostealer operates by running a command in the Terminal that creates a fake system dialog asking for the password. If the victim cancels this request, the malware repeatedly kills various applications—including Finder and Terminal—every 210 milliseconds until the password is provided. Once the victim logs in again, the malware installs two LaunchAgents, allowing it to operate silently in the background. This type of attack is particularly concerning as it manipulates user behavior to extract sensitive information, highlighting the need for users to be cautious about unexpected prompts and commands.

Read Original
Actively Exploited

Over 20 Brazilian government websites have been hijacked as part of a campaign by a group known as PhantomEnigma. These sites were repurposed to deliver malware, which poses a significant risk to users who visit them. Researchers from ANY.RUN discovered previously unknown backdoor tactics and complex relationships within the cybercriminal infrastructure involved. This incident not only affects the integrity of government websites but also puts the data and security of users at risk, highlighting the ongoing challenges in protecting public digital resources. It serves as a reminder for both users and government agencies to remain vigilant against such attacks.

Read Original
Critical
OkoBot Malware Uses ClickFix, Hidden Browser Extensions to Steal Crypto Data

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Kaspersky has reported a new malware called OkoBot that specifically targets cryptocurrency users. The malware masquerades as fake software, tricking users into downloading it. Once installed, OkoBot steals sensitive information such as wallet files, seed phrases, and passwords, while also recording user activity within wallet applications. This poses a significant risk to cryptocurrency holders, as their assets could be compromised. Users need to be cautious about the software they install and ensure they are using legitimate applications to protect their digital currencies.

Read Original

Daxin, an advanced malware linked to a Chinese threat actor, has been detected again after a four-year gap, this time within a manufacturing firm in Taiwan. This kernel-mode rootkit, identified as 'srt64.sys', was first reported by Symantec in March 2022. Alongside Daxin, researchers have also discovered a new backdoor called Stupig, which has not been previously documented. The resurgence of Daxin raises concerns about targeted attacks on critical infrastructure, particularly in sectors like manufacturing that are vital to the economy. Organizations in Taiwan and similar industries need to be vigilant and reassess their cybersecurity measures to protect against these sophisticated threats.

Read Original

A group of Russian hackers, known as UAT-11795, is targeting users of popular video conferencing applications like WebEx and Zoom by distributing a trojanized version of their software. This malicious software, identified as Starland RAT, is designed to steal user credentials and cryptocurrency. The attackers are using sophisticated methods to infiltrate these widely used platforms, raising concerns for businesses and individuals who rely on them for communication. The spread of this malware could lead to significant financial losses for victims, as it compromises sensitive information. Users of these applications should be vigilant and ensure they are downloading software from official sources to protect against this threat.

Read Original

Cybersecurity researchers have identified a new Internet-of-Things (IoT) botnet framework called TuxBot v3 Evolution. This botnet appears to have been developed with some assistance from a large language model (LLM), although the results have not been entirely successful. Notably, when the developers prompted the AI to generate botnet code, it included a safety disclaimer that the developers did not remove. This incident raises concerns about the potential misuse of AI in creating malicious software. As IoT devices become more prevalent, any vulnerabilities or botnets that target them could impact a wide range of users and systems, making it crucial for manufacturers and users to enhance their security measures.

Read Original

Recently, researchers discovered that five malicious versions of AsyncAPI packages were uploaded to the Node Package Manager (npm). These packages contained a remote access trojan designed to steal user credentials and other sensitive information. This supply-chain attack poses a significant risk, as developers who unknowingly downloaded these infected packages could have their systems compromised. The incident highlights the vulnerabilities within the npm ecosystem and the importance of scrutinizing third-party packages before use. Developers and organizations should be vigilant about the packages they incorporate into their projects to avoid similar attacks in the future.

Read Original
Page 1 of 43Next