Malware Archives • Page 25 of 131 • Daily CyberSecurity

Sophisticated CastleRAT Backdoor Uses Steam Community Pages as Covert C2 Resolver for Espionage CastleRAT, Steam C2 Resolver

Sophisticated CastleRAT Backdoor Uses Steam Community Pages as Covert C2 Resolver for Espionage

Do Son December 9, 2025

A sophisticated new Remote Access Trojan (RAT) has emerged, blending stealthy execution with powerful data theft capabilities...

LockBit 5.0 Resurfaces Stronger: New Variant Blinds Defenders by Disabling Windows ETW for Stealth Encryption LockBit LockBit 5.0 Resurgence, ETW Blinding Ransomware

LockBit LockBit 5.0 Resurgence, ETW Blinding Ransomware

LockBit 5.0 Resurfaces Stronger: New Variant Blinds Defenders by Disabling Windows ETW for Stealth Encryption

Do Son December 9, 2025

Just eighteen months ago, the cybersecurity world celebrated “Operation Cronos,” a massive law enforcement crackdown that promised...

“SeedSnatcher” Android Malware Targets Crypto Users, Using Overlay Phishing and BIP 39 Validation to Steal Seed Phrases SeedSnatcher Crypto Malware, Android Overlay Phishing

SeedSnatcher Crypto Malware, Android Overlay Phishing

“SeedSnatcher” Android Malware Targets Crypto Users, Using Overlay Phishing and BIP 39 Validation to Steal Seed Phrases

Do Son December 8, 2025

A dangerous new Android malware campaign dubbed “SeedSnatcher” is actively targeting cryptocurrency users by masquerading as a...

Stealth Supply Chain Attack: Malicious Rust Crate Used Unpinned Dependency for Silent Payload Upgrades Rust Typosquatting, Unpinned Dependency Attack

Rust Typosquatting, Unpinned Dependency Attack

Stealth Supply Chain Attack: Malicious Rust Crate Used Unpinned Dependency for Silent Payload Upgrades

Do Son December 8, 2025

A popular bioinformatics tool became the latest lure in a software supply chain attack, as threat actors...

CISA/NSA Warn of BRICKSTORM Backdoor: China APT Targets VMware and ADFS for Long-Term Espionage BRICKSTORM Backdoor, VMware Espionage

CISA/NSA Warn of BRICKSTORM Backdoor: China APT Targets VMware and ADFS for Long-Term Espionage

Do Son December 8, 2025

A new and sophisticated malware threat has emerged from the shadows of state-sponsored cyber espionage. The Cybersecurity...

Iran-Linked MuddyWater Deploys UDPGangster Backdoor, Using UDP Protocol for Covert C2 UDPGangster Backdoor, MuddyWater UDP C2

Iran-Linked MuddyWater Deploys UDPGangster Backdoor, Using UDP Protocol for Covert C2

Do Son December 8, 2025

A sophisticated new malware campaign attributed to the Iranian-linked threat group MuddyWater has been discovered targeting government...

Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain Intellexa Zero-Days, Predator Spyware

Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain

Do Son December 8, 2025

The mercenary spyware industry remains a persistent and adaptable threat, with the notorious vendor Intellexa continuing to...

ValleyRAT Targets English Job Seekers by Trojanizing Foxit PDF Reader with DLL Sideloading Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

ValleyRAT Targets English Job Seekers by Trojanizing Foxit PDF Reader with DLL Sideloading

Do Son December 8, 2025

A sophisticated malware campaign traditionally focused on Chinese-speaking targets has expanded its scope, now aggressively targeting English-speaking...

China APT UNC5174 Hijacks Discord API as Covert C2 Channel to Evade Detection and Conduct Espionage Discord C2, UNC5174 Espionage

China APT UNC5174 Hijacks Discord API as Covert C2 Channel to Evade Detection and Conduct Espionage

Do Son December 6, 2025

A sophisticated cyber-espionage campaign linked to the Chinese state-sponsored threat group UNC5174 has been discovered utilizing the...

Stealth Cryptominer Uses USB LNK and DLL Side-Loading to Deploy “Smart Mining” Evasion USB LNK Cryptominer, Smart Mining Evasion

Stealth Cryptominer Uses USB LNK and DLL Side-Loading to Deploy “Smart Mining” Evasion

Do Son December 5, 2025

In an era dominated by cloud vulnerabilities and phishing emails, a classic threat vector has made a...

Operation DUPEHIKE Hits Russian HR: Bonus Lure Delivers DUPERUNNER and Adaptix C2 via Process Injection AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

Operation DUPEHIKE Hits Russian HR: Bonus Lure Delivers DUPERUNNER and Adaptix C2 via Process Injection

Do Son December 5, 2025

A new, highly targeted espionage campaign dubbed Operation DUPEHIKE has been uncovered targeting corporate entities within the...

Patchwork APT Deploys StreamSpy Trojan, Hiding C2 Commands in WebSocket Traffic for Stealth Espionage Patchwork StreamSpy, WebSocket C2

Patchwork APT Deploys StreamSpy Trojan, Hiding C2 Commands in WebSocket Traffic for Stealth Espionage

Do Son December 5, 2025

The Patchwork APT group (also known as Bai Xiang or “White Elephant”), a cyberespionage actor believed to...

ShadyPanda Spyware Hacked 4.3 Million Users by Weaponizing Trusted Browser Extensions via Auto-Updates

Do Son December 4, 2025

A massive, long-running cyber-espionage campaign has been discovered operating in plain sight within the official Chrome and...

Matanbuchus 3.0 Downloader Pivots to Ransomware, Using Protobufs and QuickAssist for Stealth Access

Do Son December 4, 2025

A sophisticated C++ downloader known as Matanbuchus has resurfaced with a major technical overhaul, signaling a dangerous...

Water Saci Campaign Uses LLMs to Convert Malware to Python, Spreads Banking Trojan Via WhatsApp Worm

Do Son December 4, 2025

A sophisticated cyber-espionage campaign known as “Water Saci” has aggressively pivoted its tactics, leveraging artificial intelligence and...

Malicious Rust Package ‘evm-units’ Exposes Crypto Developers to Stealth Attacks Rust Crates.io Backdoor, EVM Stealth Loader

Malicious Rust Package ‘evm-units’ Exposes Crypto Developers to Stealth Attacks

Do Son December 3, 2025

A seemingly innocent utility for Ethereum developers has been unmasked as a sophisticated stealth loader. The Socket...

Next-Gen Stealer Arkanix Bypasses Chrome App-Bound Encryption Using C++ Process Injection Arkanix Stealer, App-Bound Encryption Bypass

Next-Gen Stealer Arkanix Bypasses Chrome App-Bound Encryption Using C++ Process Injection

Do Son December 2, 2025

A new, rapidly evolving threat has entered the crowded landscape of malware-as-a-service. Researchers at G DATA have...

The BOSS Breach: APT36 Pivots to Linux Espionage with “Silent” Shortcuts Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

The BOSS Breach: APT36 Pivots to Linux Espionage with “Silent” Shortcuts

Do Son December 2, 2025

A prominent state-aligned threat actor has significantly evolved its arsenal, launching a sophisticated campaign targeting the Linux-based...

Albiriox: The Russian ‘MaaS’ Android Trojan Redefining Mobile Fraud Albiriox, Android Banking Trojan

Albiriox: The Russian ‘MaaS’ Android Trojan Redefining Mobile Fraud

Do Son December 2, 2025

A sophisticated new Android banking trojan, dubbed “Albiriox,” has emerged from the cybercriminal underground, offering a potent...

New TangleCrypt Packer Hides EDR Killer, But Coding Flaws Cause Ransomware to Crash Unexpectedly RedLineCyber Clipboard Hijacker TangleCrypt Packer, STONESTOP EDR Killer Gamaredon APT - BoneSpy and PlainGnome

RedLineCyber Clipboard Hijacker TangleCrypt Packer, STONESTOP EDR Killer Gamaredon APT - BoneSpy and PlainGnome

New TangleCrypt Packer Hides EDR Killer, But Coding Flaws Cause Ransomware to Crash Unexpectedly

Do Son December 1, 2025

In the high-stakes game of ransomware, threat actors are constantly refining their camouflage. A new report from...