Malware Archives • Page 29 of 129 • Daily CyberSecurity

UNC5142 Uses EtherHiding to Deploy Malware via BNB Smart Chain Smart Contracts UNC5142 EtherHiding, Resilient C2

UNC5142 Uses EtherHiding to Deploy Malware via BNB Smart Chain Smart Contracts

Do Son October 20, 2025

A new joint analysis by Mandiant Threat Defense and Google Threat Intelligence Group (GTIG) has exposed a...

FortiGuard Tracks HoldingHands Malware Shift: Cross-Regional APT Uses Task Scheduler Hijack to Evade Detection HoldingHands Rootkit, Cross-Regional APT

HoldingHands Rootkit, Cross-Regional APT

FortiGuard Tracks HoldingHands Malware Shift: Cross-Regional APT Uses Task Scheduler Hijack to Evade Detection

Do Son October 20, 2025

FortiGuard Labs has uncovered a sophisticated cross-regional campaign that has gradually expanded from China to Taiwan, Japan,...

North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module

Do Son October 20, 2025

A new report from NTT Security Japan has spotlighted an evolved malware family known as OtterCandy, attributed...

North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2 North Korea EtherHiding, Blockchain C2

North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2

Do Son October 20, 2025

Google Threat Intelligence Group (GTIG) has uncovered a new campaign by the North Korean threat actor UNC5342,...

North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft

Do Son October 17, 2025

A new report from Cisco Talos has exposed a malware campaign linked to Famous Chollima, a North...

Maverick Fileless Trojan Turns Infected Phones into WhatsApp Worms to Steal Banking and UPI Credentials

Do Son October 17, 2025

Researchers from Kaspersky’s Global Research and Analysis Team (GReAT) have uncovered a massive fileless malware campaign targeting...

Stealth Stealer: PhantomVAI Loader Uses Steganography in Images to Inject Katz Stealer and Evade Sandboxes

Do Son October 16, 2025

Researchers from Palo Alto Networks’ Unit 42 have uncovered a multi-stage phishing campaign delivering a new stealthy...

GhostBat RAT Android Malware Targets Indian Users with Fake RTO Apps and Telegram Bot C2 GhostBat RAT, RTO App Phishing

GhostBat RAT Android Malware Targets Indian Users with Fake RTO Apps and Telegram Bot C2

Do Son October 15, 2025

A new report from Cyble Research and Intelligence Labs (CRIL) has uncovered a sophisticated Android malware campaign...

Sekoia Exposes PolarEdge Backdoor: Custom mbedTLS C2 Compromising Cisco, QNAP, and Synology Devices PolarEdge TLS Backdoor, Custom C2

Sekoia Exposes PolarEdge Backdoor: Custom mbedTLS C2 Compromising Cisco, QNAP, and Synology Devices

Do Son October 15, 2025

Sekoia Threat Detection & Response (TDR) researchers have published an in-depth technical analysis of the PolarEdge Backdoor,...

SVG Smuggling: Fake Colombian Judicial Lure Deploys AsyncRAT via Malicious HTA File SVG Smuggling, AsyncRAT

SVG Smuggling: Fake Colombian Judicial Lure Deploys AsyncRAT via Malicious HTA File

Do Son October 14, 2025

Seqrite Threat Research Labs has uncovered a targeted phishing campaign in Spanish designed to trick Colombian users...

Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks SolyxImmortal Malware Python Info-Stealer Discord Webhook C2, Supply Chain Abuse

SolyxImmortal Malware Python Info-Stealer Discord Webhook C2, Supply Chain Abuse

Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks

Do Son October 14, 2025

The Socket Threat Research Team has uncovered a growing trend among malicious package developers: leveraging Discord webhooks...

Astaroth Malware Uses Steganography in GitHub Images for Covert C2 Backup and Brazilian Bank Theft Astaroth GitHub C2, Steganography

Astaroth Malware Uses Steganography in GitHub Images for Covert C2 Backup and Brazilian Bank Theft

Do Son October 14, 2025

The McAfee Threat Research team has uncovered a new and sophisticated Astaroth malware campaign — using GitHub...

New Stealit Infostealer Abuses Node.js SEA Feature and Telegram C2 in Malware-as-a-Service Campaign Stealit Node.js SEA, Telegram C2

New Stealit Infostealer Abuses Node.js SEA Feature and Telegram C2 in Malware-as-a-Service Campaign

Do Son October 13, 2025

FortiGuard Labs has identified a new and active Stealit malware campaign that abuses the Node.js Single Executable...

Massive RDP Botnet Unleashed: 100,000+ IPs in Coordinated Global Scanning Campaign Targeting US RDP Botnet, Coordinated Scanning CVE-2024-21888 & CVE-2024-21893

RDP Botnet, Coordinated Scanning CVE-2024-21888 & CVE-2024-21893

Massive RDP Botnet Unleashed: 100,000+ IPs in Coordinated Global Scanning Campaign Targeting US

Do Son October 13, 2025

GreyNoise Intelligence has issued an alert about a massive coordinated botnet operation targeting Remote Desktop Protocol (RDP)...

New Rust Backdoor ChaosBot Uses Discord as Covert C2 Channel to Target Financial Services ChaosBot Discord C2, Rust Backdoor

New Rust Backdoor ChaosBot Uses Discord as Covert C2 Channel to Target Financial Services

Do Son October 13, 2025

The eSentire Threat Response Unit (TRU) identified a new Rust-based backdoor—dubbed ChaosBot—deployed inside a financial services organization’s...

Akira Ransomware Revives SonicWall Flaw CVE-2024-40766, Uses ‘UnPAC the Hash’ to Breach Networks

Do Son October 13, 2025

Between July and August 2025, global security teams have observed a resurgence in Akira ransomware incidents targeting...

North Korean APT “Contagious Interview” Floods npm Registry with 338 Malicious Packages to Steal Crypto North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean APT “Contagious Interview” Floods npm Registry with 338 Malicious Packages to Steal Crypto

Do Son October 11, 2025

The Socket Threat Research Team has sounded the alarm on an escalating wave of malicious npm activity...

RondoDox Botnet Unleashed: New Malware Uses ‘Exploit Shotgun’ to Target 50+ Router and IoT Flaws AdaptixC2 Abuse, Russian Cybercrime RondoDox Botnet, Exploit Shotgun China Cyber Power, Red Hackers Nvidia cyberattack

AdaptixC2 Abuse, Russian Cybercrime RondoDox Botnet, Exploit Shotgun China Cyber Power, Red Hackers Nvidia cyberattack

RondoDox Botnet Unleashed: New Malware Uses ‘Exploit Shotgun’ to Target 50+ Router and IoT Flaws

Do Son October 10, 2025

Trend Micro has uncovered a rapidly expanding botnet campaign dubbed RondoDox, which is targeting a wide spectrum...

Chaos Ransomware Evolves to C++, Uses Destructive Extortion to Delete Large Files and Hijack Bitcoin Clipboard Chaos-C++ Ransomware, Destructive Extortion

Chaos-C++ Ransomware, Destructive Extortion

Chaos Ransomware Evolves to C++, Uses Destructive Extortion to Delete Large Files and Hijack Bitcoin Clipboard

Do Son October 9, 2025

FortiGuard Labs has identified a new, highly destructive variant of the Chaos ransomware, marking a major shift...

Mustang Panda APT Uses Hidden DLL and EnumFontsW to Launch Stealthy Tibet-Themed Campaign axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

Mustang Panda APT Uses Hidden DLL and EnumFontsW to Launch Stealthy Tibet-Themed Campaign

Do Son October 8, 2025

A new phishing campaign analyzed by malware researcher 0x0d4y has uncovered fresh insights into Mustang Panda’s evolving...