Malware Archives • Page 27 of 129 • Daily CyberSecurity

Kinsing Cryptominer Exploits Apache ActiveMQ RCE (CVE-2023-46604), Adds Sharpire Backdoor for Multi-Stage Intrusion Kinsing ActiveMQ RCE, Sharpire Backdoor

Kinsing Cryptominer Exploits Apache ActiveMQ RCE (CVE-2023-46604), Adds Sharpire Backdoor for Multi-Stage Intrusion

Do Son November 3, 2025

The AhnLab Security Intelligence Center (ASEC) has confirmed that the Kinsing threat actor — also known as...

Next-Gen Android Banking Trojan Hides in Digital ID App, Automates Crypto Wallet Theft and Evades Emulators Android/BankBot-YNRK, Crypto Wallet Automation

Android/BankBot-YNRK, Crypto Wallet Automation

Next-Gen Android Banking Trojan Hides in Digital ID App, Automates Crypto Wallet Theft and Evades Emulators

Do Son November 3, 2025

Cyfirma’s latest malware analysis has revealed a highly sophisticated Android banking trojan dubbed Android/BankBot-YNRK, which is actively...

Tangerine Turkey Cryptomining Worm Spreads Via USB Drives, Hides Payloads with VBScript and LOLBins Tangerine Turkey Cryptominer, VBScript Worm

Tangerine Turkey Cryptominer, VBScript Worm

Tangerine Turkey Cryptomining Worm Spreads Via USB Drives, Hides Payloads with VBScript and LOLBins

Do Son November 3, 2025

The Cybereason Security Services Team has exposed a stealthy, financially motivated campaign dubbed “Tangerine Turkey,” which uses...

PhantomRaven: 126 Malicious npm Packages Steal Developer Tokens and Secrets Using Hidden Dependencies npm RDD Supply Chain, Slopsquatting

PhantomRaven: 126 Malicious npm Packages Steal Developer Tokens and Secrets Using Hidden Dependencies

Do Son October 31, 2025

Koi Security has uncovered a massive supply-chain campaign dubbed PhantomRaven, which has silently infected the npm ecosystem...

Nation-State Espionage: Airstalk Malware Hijacks VMware AirWatch (MDM) API for Covert C2 Channel

Do Son October 31, 2025

Palo Alto Networks’ Unit 42 Threat Intelligence team has uncovered a sophisticated new malware family dubbed Airstalk,...

npm Typosquat Campaign: 10 Malicious Packages Deliver PyInstaller Infostealer via Fake CAPTCHA npm Typosquatting, PyInstaller Stealer

npm Typosquat Campaign: 10 Malicious Packages Deliver PyInstaller Infostealer via Fake CAPTCHA

Do Son October 30, 2025

The Socket Threat Research Team has uncovered an extensive supply chain attack targeting the npm ecosystem, involving...

Trigona Ransomware Attacks MS-SQL Servers Using Rust Scanner and BCP Utility to Deploy Payloads Trigona MS-SQL RaaS, Rust Scanner

Trigona Ransomware Attacks MS-SQL Servers Using Rust Scanner and BCP Utility to Deploy Payloads

Do Son October 30, 2025

The AhnLab Security Intelligence Center (ASEC) has published a new report revealing that the Trigona ransomware threat...

Stealthy Dual Malware Loader Uncovered: Executes TorNet & PureHVNC Simultaneously, Cloaked by MurmurHash2 axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

Stealthy Dual Malware Loader Uncovered: Executes TorNet & PureHVNC Simultaneously, Cloaked by MurmurHash2

Do Son October 30, 2025

Researchers from the Internet Initiative Japan (IIJ) have analyzed a previously unknown malware loader that can simultaneously...

Midnight Ransomware Decryption Flaw: Babuk Successor’s RSA Implementation Mistake Allows Free File Recovery

Do Son October 30, 2025

A new ransomware family called Midnight has emerged, borrowing heavily from the Babuk ransomware framework — but...

VSCode Supply Chain Compromise: 12 Malicious Extensions Steal Source Code and Open Remote Shells VSCode Source Code Theft, Malicious Extensions

VSCode Source Code Theft, Malicious Extensions

VSCode Supply Chain Compromise: 12 Malicious Extensions Steal Source Code and Open Remote Shells

Do Son October 30, 2025

The HelixGuard Threat Intelligence Team has uncovered a widespread supply chain compromise affecting the Visual Studio Code...

Lampion Banking Trojan Evolves: 700MB Bloatware DLL and ClickFix VBS Script Target Brazilian Users Lampion 700MB Bloatware, ClickFix VBS

Lampion Banking Trojan Evolves: 700MB Bloatware DLL and ClickFix VBS Script Target Brazilian Users

Do Son October 30, 2025

Researchers at BitSight have uncovered a long-running spam campaign operated by a Brazilian threat group behind the...

AhnLab Uncovers Gunra Ransomware: Dual-Platform Threat with Weak Linux Encryption Gunra Linux Weak Key, ChaCha20 rand()

AhnLab Uncovers Gunra Ransomware: Dual-Platform Threat with Weak Linux Encryption

Do Son October 29, 2025

The AhnLab Security Intelligence Center (ASEC) has published an in-depth analysis of the Gunra ransomware group, which...

Next-Gen Android Trojan Herodotus Mimics Human Typing to Bypass Behavioral Biometrics Anti-Fraud Systems Herodotus Human Typing, Behavioral Biometrics Bypass

Herodotus Human Typing, Behavioral Biometrics Bypass

Next-Gen Android Trojan Herodotus Mimics Human Typing to Bypass Behavioral Biometrics Anti-Fraud Systems

Do Son October 29, 2025

Cybersecurity researchers at ThreatFabric have discovered a new Android banking Trojan dubbed Herodotus, a malware strain that...

BlueNoroff APT Launches AI-Enhanced Espionage on macOS, Using GPT-4o Images in Fake GhostCall Meetings NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

BlueNoroff APT Launches AI-Enhanced Espionage on macOS, Using GPT-4o Images in Fake GhostCall Meetings

Do Son October 29, 2025

The North Korean APT group BlueNoroff — also known as Sapphire Sleet, APT38, Alluring Pisces, Stardust Chollima,...

India SIM-Binding Mandate Messaging App KYC WhatsApp DMA Interoperability BirdyChat Haiket Denmark Social Media Ban CVE-2025-55177 WhatsApp vulnerability, zero-click flaw npm Malware, System Wipe WhatsApp Windows App, WebView2 Downgrade WhatsApp Ban, US House NSO WhatsApp, Pegasus Spyware WhatsApp iPad iPadOS app

Water Saci Evolves: Multi-Layered WhatsApp Worm Uses IMAP Email for Covert C2 and Session Hijacking

Do Son October 29, 2025

Researchers from Trend Research have identified a major evolution in the Water Saci malware campaign, marking one...

Rhadamanthys Infostealer Hides in Ren’Py Visual Novel Games, Deploys Malware via Fake 1 Million Second Loading Screen Rhadamanthys Ren'Py, Fake Game Stealer

Rhadamanthys Infostealer Hides in Ren’Py Visual Novel Games, Deploys Malware via Fake 1 Million Second Loading Screen

Do Son October 29, 2025

Researchers at the AhnLab Security Intelligence Center (ASEC) have uncovered a new malware campaign in which the...

First Ever: Android Baohuo Backdoor Hides in Telegram X Clone, Uses Redis Database for C2 Commands

Do Son October 28, 2025

Cybersecurity experts at Doctor Web have identified a highly sophisticated Android backdoor hiding in maliciously modified versions...

Lazarus Group Attacks with DreamLoader Malware, Leveraging DLL Sideloading and Microsoft Graph API for Stealth C2 North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Lazarus Group Attacks with DreamLoader Malware, Leveraging DLL Sideloading and Microsoft Graph API for Stealth C2

Do Son October 28, 2025

Security researchers at Lab52 have uncovered a new campaign by the Lazarus Group, in which threat actors...

Caminho Loader-as-a-Service Uses LSB Steganography to Hide .NET Payloads in Archive.org Images Caminho LSB Steganography, Loader-as-a-Service 2023 Threat Report

Caminho LSB Steganography, Loader-as-a-Service 2023 Threat Report

Caminho Loader-as-a-Service Uses LSB Steganography to Hide .NET Payloads in Archive.org Images

Do Son October 28, 2025

Arctic Wolf Labs has uncovered a sophisticated Loader-as-a-Service (LaaS) operation dubbed “Caminho” — a Brazilian-origin malware loader...

GhostGrab Android Malware Combines Covert Monero Mining with Financial Credential Theft Qinglong Vulnerability Active Exploitation GhostGrab Hybrid Malware, Monero Mining

Qinglong Vulnerability Active Exploitation GhostGrab Hybrid Malware, Monero Mining

GhostGrab Android Malware Combines Covert Monero Mining with Financial Credential Theft

Do Son October 28, 2025

CYFIRMA Threat Intelligence has released an in-depth technical report on GhostGrab, a sophisticated Android malware family that...