MaaS Archives • Daily CyberSecurity

FBI and Indonesian Authorities Dismantle Prolific “W3LL” Phishing Empire W3LL Phishing Kit MFA Bypass Takedown

FBI and Indonesian Authorities Dismantle Prolific “W3LL” Phishing Empire

Do Son April 15, 2026

The FBI Atlanta Field Office, in a first-of-its-kind joint investigation with Indonesian law enforcement, has successfully dismantled...

Inside the Global “MaaS” Engine of the K99 Scam Compound K99 Malware Biometric Hijacking

Inside the Global “MaaS” Engine of the K99 Scam Compound

Do Son April 14, 2026

For three years, a phantom has been haunting the digital landscape of Southeast Asia, leaving a trail...

New ClickFix Campaign Unveiled: Modular NodeJS Malware Targets Windows Users Node.js Infostealer ClickFix Campaign

New ClickFix Campaign Unveiled: Modular NodeJS Malware Targets Windows Users

Do Son April 10, 2026

Netskope Threat Labs has uncovered a sophisticated new ClickFix campaign targeting Windows users with a high-quality, custom-built...

Storm: 2026’s Newest Infostealer Bypasses Chrome to Hijack Your MFA Sessions Storm Infostealer Session Cookie Theft

Storm: 2026’s Newest Infostealer Bypasses Chrome to Hijack Your MFA Sessions

Do Son April 9, 2026

A new and highly efficient threat has emerged on underground cybercrime networks, signaling a significant shift in...

Venom Stealer Bypasses Chrome and “Auto-Cracks” Tonkeeper Wallets Venom Stealer Crypto Drainer MaaS

Venom Stealer Bypasses Chrome and “Auto-Cracks” Tonkeeper Wallets

Do Son April 8, 2026

A new Malware-as-a-Service (MaaS) platform is making waves in the cybercrime underground, promising operators an automated pipeline...

Trolling as a Service: How the New CrystalX RAT Uses “Prankware” to Torture Its Victims CrystalX RAT Prankware

Trolling as a Service: How the New CrystalX RAT Uses “Prankware” to Torture Its Victims

Do Son April 7, 2026

In the world of cybercrime, malware is typically designed for one of two things: stealthy espionage or...

The AI Evolution of Mobile Malware: SURXRAT V5 Combines Surveillance, Ransomware, and LLMs SURXRAT V5 AI-Assisted Android Malware

The AI Evolution of Mobile Malware: SURXRAT V5 Combines Surveillance, Ransomware, and LLMs

Do Son February 25, 2026

The Android malware landscape is undergoing a significant transformation, shifting away from simple data theft toward professionalized,...

The Startup Stealer: How AI and Discord Powered the Arkanix MaaS Operation Arkanix Stealer Malware-as-a-Service (MaaS)

The Startup Stealer: How AI and Discord Powered the Arkanix MaaS Operation

Do Son February 23, 2026

The cybercrime underground is increasingly mirroring the legitimate tech industry, adopting customer-centric marketing, tiered subscriptions, and even...

The Fake IT Threat: “TrustConnect” Malware-as-a-Service Masquerades as Legitimate RMM Software TrustConnect Malware Fake RMM MaaS

The Fake IT Threat: “TrustConnect” Malware-as-a-Service Masquerades as Legitimate RMM Software

Do Son February 23, 2026

A new report from Proofpoint sheds light TrustConnect, detailing the rise of a new Malware-as-a-Service (MaaS) that...

Industrialized Theft: GoldFactory Malware Hijacks Tax Season via Fake ‘Coretax’ Apps Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Industrialized Theft: GoldFactory Malware Hijacks Tax Season via Fake ‘Coretax’ Apps

Do Son February 23, 2026

As tax season approaches, cybersecurity defenders are tracking a massive escalation in mobile banking fraud. According to...

Mac Users Beware: “MacSync” Malware Tricks You Into Hacking Yourself MacSync Malware macOS ClickFix

Mac Users Beware: “MacSync” Malware Tricks You Into Hacking Yourself

Do Son January 23, 2026

A sophisticated new malware campaign is targeting macOS users with a lethal combination of social engineering and...

SantaStealer Unwrapped: New MaaS Info-Stealer Rebrands Blueline to Steal Crypto and Credentials SantaStealer MaaS, Blueline Rebrand

SantaStealer Unwrapped: New MaaS Info-Stealer Rebrands Blueline to Steal Crypto and Credentials

Do Son December 17, 2025

As the 2025 holiday season approaches, cybercriminals are unwrapping a new tool designed to spoil the festivities....

Frogblight Android Banking Trojan Targets Turkey via Fake E-Gov Smishing and WebView Frogblight Banking Trojan, Turkey Smishing

Frogblight Android Banking Trojan Targets Turkey via Fake E-Gov Smishing and WebView

Do Son December 16, 2025

A new and evolving Android banking Trojan dubbed “Frogblight” has been discovered targeting individuals in Turkey, masquerading...

GrayBravo MaaS Deploys CastleRAT Backdoor, Hiding C2 with Steam Profile Dead Drop Resolvers GrayBravo MaaS, CastleRAT Steam C2

GrayBravo MaaS Deploys CastleRAT Backdoor, Hiding C2 with Steam Profile Dead Drop Resolvers

Do Son December 10, 2025

A sprawling cybercriminal ecosystem continues to expand its reach, launching sophisticated attacks against the global logistics and...

Matanbuchus 3.0 Downloader Pivots to Ransomware, Using Protobufs and QuickAssist for Stealth Access

Do Son December 4, 2025

A sophisticated C++ downloader known as Matanbuchus has resurfaced with a major technical overhaul, signaling a dangerous...

Albiriox: The Russian ‘MaaS’ Android Trojan Redefining Mobile Fraud Albiriox, Android Banking Trojan

Albiriox: The Russian ‘MaaS’ Android Trojan Redefining Mobile Fraud

Do Son December 2, 2025

A sophisticated new Android banking trojan, dubbed “Albiriox,” has emerged from the cybercriminal underground, offering a potent...

New MaaS Operator TAG-150 Uses ClickFix Lure and Custom CastleLoader to Compromise 469 US Devices TAG-150 CastleLoader, ClickFix MaaS NetSupport RAT ClickFix, Multi-Cluster RMM

TAG-150 CastleLoader, ClickFix MaaS NetSupport RAT ClickFix, Multi-Cluster RMM

New MaaS Operator TAG-150 Uses ClickFix Lure and Custom CastleLoader to Compromise 469 US Devices

Do Son December 1, 2025

A new and aggressive player has entered the cybercrime arena. A recent report from Darktrace sheds light...

Fantasy Hub RAT MaaS Uncovered: Russian Spyware Uses Telegram Bot and WebRTC to Hijack Android Devices Fantasy Hub MaaS, Android RAT WebRTC

Fantasy Hub RAT MaaS Uncovered: Russian Spyware Uses Telegram Bot and WebRTC to Hijack Android Devices

Do Son November 10, 2025

Researchers at zLabs have uncovered a sophisticated Android Remote Access Trojan (RAT) known as Fantasy Hub, being...

Booking.com Phishing Campaign Hijacks Hotel Accounts to Deliver PureRAT via ClickFix Lure PureRAT ClickFix, Booking.com Phishing

Booking.com Phishing Campaign Hijacks Hotel Accounts to Deliver PureRAT via ClickFix Lure

Do Son November 7, 2025

Threat analysts at Sekoia.io have uncovered a global phishing operation that has been targeting the hospitality industry...

Lumma Infostealer MaaS Campaign Uses NSIS/AutoIt and MEGA Cloud to Steal Credentials via Pirated Software Lumma MaaS, NSIS AutoIt

Lumma Infostealer MaaS Campaign Uses NSIS/AutoIt and MEGA Cloud to Steal Credentials via Pirated Software

Do Son October 23, 2025

Researchers at the Genians Security Center (GSC) have uncovered an active Lumma Infostealer campaign leveraging AutoIt scripts,...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

MaaS

FBI and Indonesian Authorities Dismantle Prolific “W3LL” Phishing Empire

Inside the Global “MaaS” Engine of the K99 Scam Compound

New ClickFix Campaign Unveiled: Modular NodeJS Malware Targets Windows Users

Venom Stealer Bypasses Chrome and “Auto-Cracks” Tonkeeper Wallets

Trolling as a Service: How the New CrystalX RAT Uses “Prankware” to Torture Its Victims

The AI Evolution of Mobile Malware: SURXRAT V5 Combines Surveillance, Ransomware, and LLMs

The Startup Stealer: How AI and Discord Powered the Arkanix MaaS Operation

The Fake IT Threat: “TrustConnect” Malware-as-a-Service Masquerades as Legitimate RMM Software

SantaStealer Unwrapped: New MaaS Info-Stealer Rebrands Blueline to Steal Crypto and Credentials

Frogblight Android Banking Trojan Targets Turkey via Fake E-Gov Smishing and WebView

GrayBravo MaaS Deploys CastleRAT Backdoor, Hiding C2 with Steam Profile Dead Drop Resolvers

Matanbuchus 3.0 Downloader Pivots to Ransomware, Using Protobufs and QuickAssist for Stealth Access

Albiriox: The Russian ‘MaaS’ Android Trojan Redefining Mobile Fraud

Fantasy Hub RAT MaaS Uncovered: Russian Spyware Uses Telegram Bot and WebRTC to Hijack Android Devices

Booking.com Phishing Campaign Hijacks Hotel Accounts to Deliver PureRAT via ClickFix Lure

Lumma Infostealer MaaS Campaign Uses NSIS/AutoIt and MEGA Cloud to Steal Credentials via Pirated Software