Malware Archives • Page 30 of 131 • Daily CyberSecurity

Next-Gen Android Trojan Herodotus Mimics Human Typing to Bypass Behavioral Biometrics Anti-Fraud Systems Herodotus Human Typing, Behavioral Biometrics Bypass

Herodotus Human Typing, Behavioral Biometrics Bypass

Next-Gen Android Trojan Herodotus Mimics Human Typing to Bypass Behavioral Biometrics Anti-Fraud Systems

Do Son October 29, 2025

Cybersecurity researchers at ThreatFabric have discovered a new Android banking Trojan dubbed Herodotus, a malware strain that...

BlueNoroff APT Launches AI-Enhanced Espionage on macOS, Using GPT-4o Images in Fake GhostCall Meetings NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

BlueNoroff APT Launches AI-Enhanced Espionage on macOS, Using GPT-4o Images in Fake GhostCall Meetings

Do Son October 29, 2025

The North Korean APT group BlueNoroff — also known as Sapphire Sleet, APT38, Alluring Pisces, Stardust Chollima,...

WhatsApp antitrust API probe India SIM-Binding Mandate Messaging App KYC WhatsApp DMA Interoperability BirdyChat Haiket Denmark Social Media Ban CVE-2025-55177 WhatsApp vulnerability, zero-click flaw npm Malware, System Wipe WhatsApp Windows App, WebView2 Downgrade WhatsApp Ban, US House NSO WhatsApp, Pegasus Spyware WhatsApp iPad iPadOS app

Water Saci Evolves: Multi-Layered WhatsApp Worm Uses IMAP Email for Covert C2 and Session Hijacking

Do Son October 29, 2025

Researchers from Trend Research have identified a major evolution in the Water Saci malware campaign, marking one...

Rhadamanthys Infostealer Hides in Ren’Py Visual Novel Games, Deploys Malware via Fake 1 Million Second Loading Screen Rhadamanthys Ren'Py, Fake Game Stealer

Rhadamanthys Infostealer Hides in Ren’Py Visual Novel Games, Deploys Malware via Fake 1 Million Second Loading Screen

Do Son October 29, 2025

Researchers at the AhnLab Security Intelligence Center (ASEC) have uncovered a new malware campaign in which the...

First Ever: Android Baohuo Backdoor Hides in Telegram X Clone, Uses Redis Database for C2 Commands

Do Son October 28, 2025

Cybersecurity experts at Doctor Web have identified a highly sophisticated Android backdoor hiding in maliciously modified versions...

Lazarus Group Attacks with DreamLoader Malware, Leveraging DLL Sideloading and Microsoft Graph API for Stealth C2 North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Lazarus Group Attacks with DreamLoader Malware, Leveraging DLL Sideloading and Microsoft Graph API for Stealth C2

Do Son October 28, 2025

Security researchers at Lab52 have uncovered a new campaign by the Lazarus Group, in which threat actors...

Caminho Loader-as-a-Service Uses LSB Steganography to Hide .NET Payloads in Archive.org Images Caminho LSB Steganography, Loader-as-a-Service 2023 Threat Report

Caminho LSB Steganography, Loader-as-a-Service 2023 Threat Report

Caminho Loader-as-a-Service Uses LSB Steganography to Hide .NET Payloads in Archive.org Images

Do Son October 28, 2025

Arctic Wolf Labs has uncovered a sophisticated Loader-as-a-Service (LaaS) operation dubbed “Caminho” — a Brazilian-origin malware loader...

GhostGrab Android Malware Combines Covert Monero Mining with Financial Credential Theft Qinglong Vulnerability Active Exploitation GhostGrab Hybrid Malware, Monero Mining

Qinglong Vulnerability Active Exploitation GhostGrab Hybrid Malware, Monero Mining

GhostGrab Android Malware Combines Covert Monero Mining with Financial Credential Theft

Do Son October 28, 2025

CYFIRMA Threat Intelligence has released an in-depth technical report on GhostGrab, a sophisticated Android malware family that...

RedTiger Infostealer Weaponizes Python Red-Teaming Tool to Hack Discord Accounts and Steal Crypto Wallets RedTiger Discord Theft, Python Red-Teaming

RedTiger Discord Theft, Python Red-Teaming

RedTiger Infostealer Weaponizes Python Red-Teaming Tool to Hack Discord Accounts and Steal Crypto Wallets

Do Son October 28, 2025

Netskope Threat Labs has discovered a rapidly spreading Python-based infostealer dubbed RedTiger, which is being repurposed from...

NetSupport RAT Campaign Abuses ClickFix to Infect Hosts; 3 Threat Clusters Use RMM for Covert Access TAG-150 CastleLoader, ClickFix MaaS NetSupport RAT ClickFix, Multi-Cluster RMM

TAG-150 CastleLoader, ClickFix MaaS NetSupport RAT ClickFix, Multi-Cluster RMM

NetSupport RAT Campaign Abuses ClickFix to Infect Hosts; 3 Threat Clusters Use RMM for Covert Access

Do Son October 27, 2025

eSentire’s Threat Response Unit (TRU) has exposed a major wave of malicious campaigns abusing the NetSupport Manager...

Agenda Ransomware Bypasses EDR by Deploying Linux Binary on Windows via Splashtop; Steals Veeam Credentials ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

Agenda Ransomware Bypasses EDR by Deploying Linux Binary on Windows via Splashtop; Steals Veeam Credentials

Do Son October 27, 2025

Trend Research has uncovered a highly sophisticated ransomware campaign by the Agenda group, also known as Qilin,...

YouTube Ghost Network Exposed: Coordinated Channels Spread Infostealer Malware via Game/Software Cracks

Do Son October 27, 2025

Check Point Research (CPR) has uncovered a sophisticated, large-scale malware distribution campaign on YouTube, dubbed the “YouTube...

Python RAT Disguised as Minecraft Client Uses Telegram Bot API for Cross-Platform Command & Control Python RAT Telegram, Minecraft Lure

Python RAT Disguised as Minecraft Client Uses Telegram Bot API for Cross-Platform Command & Control

Do Son October 27, 2025

Researchers from Netskope have uncovered a new cross-platform Python-based Remote Access Trojan (RAT) disguised as a popular...

Warlock Ransomware Hits US Firms Exploiting SharePoint Zero-Day, Linked to China’s CamoFei APT Warlock Ransomware, SharePoint Zero-Day

Warlock Ransomware Hits US Firms Exploiting SharePoint Zero-Day, Linked to China’s CamoFei APT

Do Son October 24, 2025

Researchers from Symantec and Carbon Black have published a detailed analysis of Warlock ransomware, a newly emerging...

PhantomCaptcha Spyware Targets Ukraine NGOs with Fake Cloudflare Lure to Deploy WebSocket RAT

Do Son October 24, 2025

Researchers from SentinelLABS, in collaboration with the Digital Security Lab of Ukraine, have exposed a coordinated spearphishing...

Pakistan-Linked TransparentTribe APT Deploys AI-Assisted DeskRAT Malware Against India’s BOSS Linux Systems

Do Son October 24, 2025

The Sekoia Threat Detection & Research (TDR) Team has identified a new wave of cyber espionage activity...

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage Chinese APT Overlap, Zingdoor ShadowPad

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage

Do Son October 23, 2025

Symantec’s investigation uncovered a complex web of interconnected Chinese espionage operations, with infrastructure and tooling overlapping multiple...

Socket Uncovers Malicious NuGet Typosquat “Netherеum.All” Exfiltrating Wallet Keys via Solana-Themed C2 NuGet Typosquat, Homoglyph Attack

Socket Uncovers Malicious NuGet Typosquat “Netherеum.All” Exfiltrating Wallet Keys via Solana-Themed C2

Do Son October 23, 2025

Researchers from Socket’s Threat Research Team have uncovered an active homoglyph typosquat on NuGet impersonating the widely...

Chinese Hackers Exploit Exposed ASP.NET Keys to Deploy TOLLBOOTH IIS Backdoor and Kernel Rootkit Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Chinese Hackers Exploit Exposed ASP.NET Keys to Deploy TOLLBOOTH IIS Backdoor and Kernel Rootkit

Do Son October 23, 2025

Researchers from Elastic Security Labs, in collaboration with Texas A&M University System (TAMUS) Cybersecurity, have uncovered a...

Iran-Linked MuddyWater Deploys Phoenix v4 Backdoor via Compromised Emails and NordVPN Exit Node

Do Son October 23, 2025

Researchers at Group-IB Threat Intelligence have uncovered a new global phishing and espionage campaign conducted by the...