Malware Archives • Page 29 of 131 • Daily CyberSecurity

Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM hyper-V

Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM

Do Son November 6, 2025

In collaboration with the Georgian CERT, researchers from Bitdefender have uncovered a new wave of cyber-espionage activity...

APT-C-60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage

Do Son November 6, 2025

The JPCERT/CC Incident Response Group, led by malware analyst Yuma, has published a detailed report on a...

NGate NFC Malware Steals Cash from ATMs by Relaying EMV Data and PINs from Victim’s Phone NGate NFC Relay, ATM Cash-Out

NGate NFC Malware Steals Cash from ATMs by Relaying EMV Data and PINs from Victim’s Phone

Do Son November 5, 2025

The national incident response team CERT Polska has uncovered a new strain of Android-based NFC relay malware,...

SesameOp Backdoor Hijacks OpenAI Assistants API for Covert C2 and Espionage SesameOp OpenAI C2

SesameOp Backdoor Hijacks OpenAI Assistants API for Covert C2 and Espionage

Do Son November 4, 2025

In an example of how threat actors are adapting to modern AI ecosystems, Microsoft’s Incident Response –...

Generative AI Accelerates Malware Reverse Engineering: ChatGPT Breaks XLoader’s Multiple RC4 Encryption Layers in Hours AI Malware Analysis, XLoader Decryption

Generative AI Accelerates Malware Reverse Engineering: ChatGPT Breaks XLoader’s Multiple RC4 Encryption Layers in Hours

Do Son November 4, 2025

Check Point Research (CPR) has unveiled research showcasing how Generative AI tools—specifically ChatGPT—can accelerate malware reverse engineering,...

Operation Peek-A-Baku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy CVE-2024-36072 Water Gamayun, MSC EvilTwin

CVE-2024-36072 Water Gamayun, MSC EvilTwin

Operation Peek-A-Baku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy

Do Son November 4, 2025

Seqrite Labs’ APT Team has released a detailed report exposing the latest espionage operations conducted by the...

Rhysida Ransomware Abuses Microsoft Trusted Signing to Deploy OysterLoader Via Teams Malvertising Rhysida Malvertising, Trusted Signing Abuse

Rhysida Malvertising, Trusted Signing Abuse

Rhysida Ransomware Abuses Microsoft Trusted Signing to Deploy OysterLoader Via Teams Malvertising

Do Son November 4, 2025

The Rhysida ransomware gang, previously known as Vice Society, has launched an aggressive malvertising campaign leveraging Microsoft’s...

North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT Kimsuky HttpTroy, Lazarus BLINDINGCAN RAT

Kimsuky HttpTroy, Lazarus BLINDINGCAN RAT

North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT

Do Son November 3, 2025

Researchers at Gen Threat Labs have identified two new toolsets in active use by North Korean state-sponsored...

Kinsing Cryptominer Exploits Apache ActiveMQ RCE (CVE-2023-46604), Adds Sharpire Backdoor for Multi-Stage Intrusion Kinsing ActiveMQ RCE, Sharpire Backdoor

Kinsing Cryptominer Exploits Apache ActiveMQ RCE (CVE-2023-46604), Adds Sharpire Backdoor for Multi-Stage Intrusion

Do Son November 3, 2025

The AhnLab Security Intelligence Center (ASEC) has confirmed that the Kinsing threat actor — also known as...

Next-Gen Android Banking Trojan Hides in Digital ID App, Automates Crypto Wallet Theft and Evades Emulators Android/BankBot-YNRK, Crypto Wallet Automation

Android/BankBot-YNRK, Crypto Wallet Automation

Next-Gen Android Banking Trojan Hides in Digital ID App, Automates Crypto Wallet Theft and Evades Emulators

Do Son November 3, 2025

Cyfirma’s latest malware analysis has revealed a highly sophisticated Android banking trojan dubbed Android/BankBot-YNRK, which is actively...

Tangerine Turkey Cryptomining Worm Spreads Via USB Drives, Hides Payloads with VBScript and LOLBins Tangerine Turkey Cryptominer, VBScript Worm

Tangerine Turkey Cryptominer, VBScript Worm

Tangerine Turkey Cryptomining Worm Spreads Via USB Drives, Hides Payloads with VBScript and LOLBins

Do Son November 3, 2025

The Cybereason Security Services Team has exposed a stealthy, financially motivated campaign dubbed “Tangerine Turkey,” which uses...

PhantomRaven: 126 Malicious npm Packages Steal Developer Tokens and Secrets Using Hidden Dependencies npm RDD Supply Chain, Slopsquatting

PhantomRaven: 126 Malicious npm Packages Steal Developer Tokens and Secrets Using Hidden Dependencies

Do Son October 31, 2025

Koi Security has uncovered a massive supply-chain campaign dubbed PhantomRaven, which has silently infected the npm ecosystem...

Nation-State Espionage: Airstalk Malware Hijacks VMware AirWatch (MDM) API for Covert C2 Channel

Do Son October 31, 2025

Palo Alto Networks’ Unit 42 Threat Intelligence team has uncovered a sophisticated new malware family dubbed Airstalk,...

npm Typosquat Campaign: 10 Malicious Packages Deliver PyInstaller Infostealer via Fake CAPTCHA npm Typosquatting, PyInstaller Stealer

npm Typosquat Campaign: 10 Malicious Packages Deliver PyInstaller Infostealer via Fake CAPTCHA

Do Son October 30, 2025

The Socket Threat Research Team has uncovered an extensive supply chain attack targeting the npm ecosystem, involving...

Trigona Ransomware Attacks MS-SQL Servers Using Rust Scanner and BCP Utility to Deploy Payloads Trigona MS-SQL RaaS, Rust Scanner

Trigona Ransomware Attacks MS-SQL Servers Using Rust Scanner and BCP Utility to Deploy Payloads

Do Son October 30, 2025

The AhnLab Security Intelligence Center (ASEC) has published a new report revealing that the Trigona ransomware threat...

Stealthy Dual Malware Loader Uncovered: Executes TorNet & PureHVNC Simultaneously, Cloaked by MurmurHash2 axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

Stealthy Dual Malware Loader Uncovered: Executes TorNet & PureHVNC Simultaneously, Cloaked by MurmurHash2

Do Son October 30, 2025

Researchers from the Internet Initiative Japan (IIJ) have analyzed a previously unknown malware loader that can simultaneously...

Midnight Ransomware Decryption Flaw: Babuk Successor’s RSA Implementation Mistake Allows Free File Recovery

Do Son October 30, 2025

A new ransomware family called Midnight has emerged, borrowing heavily from the Babuk ransomware framework — but...

VSCode Supply Chain Compromise: 12 Malicious Extensions Steal Source Code and Open Remote Shells VSCode Source Code Theft, Malicious Extensions

VSCode Source Code Theft, Malicious Extensions

VSCode Supply Chain Compromise: 12 Malicious Extensions Steal Source Code and Open Remote Shells

Do Son October 30, 2025

The HelixGuard Threat Intelligence Team has uncovered a widespread supply chain compromise affecting the Visual Studio Code...

Lampion Banking Trojan Evolves: 700MB Bloatware DLL and ClickFix VBS Script Target Brazilian Users Lampion 700MB Bloatware, ClickFix VBS

Lampion Banking Trojan Evolves: 700MB Bloatware DLL and ClickFix VBS Script Target Brazilian Users

Do Son October 30, 2025

Researchers at BitSight have uncovered a long-running spam campaign operated by a Brazilian threat group behind the...

AhnLab Uncovers Gunra Ransomware: Dual-Platform Threat with Weak Linux Encryption Gunra Linux Weak Key, ChaCha20 rand()

AhnLab Uncovers Gunra Ransomware: Dual-Platform Threat with Weak Linux Encryption

Do Son October 29, 2025

The AhnLab Security Intelligence Center (ASEC) has published an in-depth analysis of the Gunra ransomware group, which...