Malware Analysis Archives • Page 3 of 7 • Daily CyberSecurity

The Crypto-Con: Unmasking the Multi-Layered “REF1695” Mining Operation CNB Bot Malware REF1695 Threat Actor

The Crypto-Con: Unmasking the Multi-Layered “REF1695” Mining Operation

Do Son April 7, 2026

Cybersecurity researchers have shed light on a sophisticated, financially motivated threat actor that has been quietly building...

WhatsApp Under Siege: Microsoft Uncovers Global VBS Malware Campaign WhatsApp VBS Malware Living-off-the-Land (LotL)

WhatsApp Under Siege: Microsoft Uncovers Global VBS Malware Campaign

Do Son April 7, 2026

A new and highly sophisticated malware campaign is exploiting the trust users place in familiar communication platforms....

Fileless Remcos RAT Hijacks Trusted Windows Tools Remcos RAT Fileless Malware

Fileless Remcos RAT Hijacks Trusted Windows Tools

Do Son April 7, 2026

A sophisticated and carefully orchestrated malware campaign has been uncovered, marking a significant evolution in how attackers...

ResokerRAT Uses Telegram to Hijack Your PC and Disable Your Security Keys GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

ResokerRAT Uses Telegram to Hijack Your PC and Disable Your Security Keys

Do Son April 6, 2026

A new and sophisticated threat has emerged in the digital landscape, turning a popular messaging app into...

The Python Predator: PXA Stealer Surges 10% as it Targets Global Finance and Crypto in 2026 PXA Stealer Surge Q1 2026 Malware Trends

The Python Predator: PXA Stealer Surges 10% as it Targets Global Finance and Crypto in 2026

Do Son April 6, 2026

Following the high-profile takedowns of major players like Lumma and RedLine in 2025, CyberProof MDR analysts have...

The Malware That Chats Back: Inside G DATA’s Real-Time Notepad Encounter with the “Kiss Loader” Author Kiss Loader Early Bird APC Injection

The Malware That Chats Back: Inside G DATA’s Real-Time Notepad Encounter with the “Kiss Loader” Author

Do Son March 31, 2026

While analyzing a new piece of malware dubbed “Kiss Loader,” G DATA Security Center found themselves in...

The 25-Second Heist: Inside FAUX#ELEVATE’s “Inflated” Phishing Attack on French Corporations FAUX#ELEVATE Living-off-the-Land Attack

The 25-Second Heist: Inside FAUX#ELEVATE’s “Inflated” Phishing Attack on French Corporations

Do Son March 31, 2026

Cybersecurity researchers at Securonix have detailed the curtain on a sophisticated new threat campaign dubbed FAUX#ELEVATE. The...

The “Gentlemen” Ransomware Toolkit and the Lethal z1.bat Pre-Encryption Weapon TheGentlemen Ransomware z1.bat script

The “Gentlemen” Ransomware Toolkit and the Lethal z1.bat Pre-Encryption Weapon

Do Son March 30, 2026

Researchers have uncovered a “structured, maintained operational toolkit” belonging to an affiliate of TheGentlemen ransomware-as-a-service (RaaS) group....

Pay2Key’s New Linux Ransomware Strips Server Defenses to Hijack x64 and ARM64 Infrastructure Pay2Key Linux Ransomware Linux Server Security

Pay2Key’s New Linux Ransomware Strips Server Defenses to Hijack x64 and ARM64 Infrastructure

Do Son March 30, 2026

The landscape of Linux-based threats is shifting. While historically under-documented compared to Windows counterparts, a new report...

Beyond the Hook: Unmasking SnappyClient, the HijackLoader-Linked Stealth Stealer Targeting Crypto SnappyClient HijackLoader

Beyond the Hook: Unmasking SnappyClient, the HijackLoader-Linked Stealth Stealer Targeting Crypto

Do Son March 25, 2026

Security researchers at Zscaler ThreatLabz have unmasked a sophisticated new command-and-control (C2) framework implant they’ve dubbed SnappyClient....

VoidStealer Debuts Novel Debugger Bypass for Chrome and Edge Encryption VoidStealer ABE Bypass

VoidStealer Debuts Novel Debugger Bypass for Chrome and Edge Encryption

Do Son March 25, 2026

Researchers at Gen Threat Labs, led by Threat Researcher Vojtěch Krejsa, have identified VoidStealer—the first infostealer observed...

‘Speagle’ Malware Hijacks Security Software to Steal Missile Secrets TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

‘Speagle’ Malware Hijacks Security Software to Steal Missile Secrets

Do Son March 23, 2026

In a sophisticated display of “parasitic” engineering, a mysterious new threat has been discovered living within the...

New “StoatWaffle” Malware Emerges in North Korean “Contagious Interview” Campaign StoatWaffle WaterPlum

New “StoatWaffle” Malware Emerges in North Korean “Contagious Interview” Campaign

Do Son March 23, 2026

A new modular malware threat has been identified in the wild, signaling a shift in tactics for...

Weaponizing gcc: Inside the Stealthy ‘Hex’ Botnet’s On-Host Compilation Strategy Hex Botnet On-Host Compilation

Weaponizing gcc: Inside the Stealthy ‘Hex’ Botnet’s On-Host Compilation Strategy

Do Son March 21, 2026

Security researchers at Hunt Intelligence have exposed a growing 15-node botnet operation that utilizes a unique “on-host...

The Typosquatting Trap: Fake Telegram Portal Delivers Stealthy Memory-Resident Malware

Do Son March 20, 2026

Cybersecurity researchers have uncovered a deceptive campaign that uses a typosquatted website to impersonate the official Telegram...

The Judicial Decoy: Sophisticated Rust RAT Infiltrates Argentina’s Federal Courts Rust RAT Argentina Legal Cyberattack

The Judicial Decoy: Sophisticated Rust RAT Infiltrates Argentina’s Federal Courts

Do Son March 19, 2026

A highly sophisticated, multi-stage cyber infection chain has been uncovered targeting the heart of Argentina’s legal infrastructure....

The End of the Static Era: Trellix Uncovers Fully Fileless Remcos RAT Campaign Remcos RAT Fileless Malware

The End of the Static Era: Trellix Uncovers Fully Fileless Remcos RAT Campaign

Do Son March 16, 2026

In the ever-evolving arms race between hackers and defenders, the “static” era is officially over. A new...

Gaslighting Android: How the ‘Digital Lutera’ Attack Uses LSPosed to Bypass UPI SIM-Binding UPI SIM-Binding Bypass LSPosed Framework

Gaslighting Android: How the ‘Digital Lutera’ Attack Uses LSPosed to Bypass UPI SIM-Binding

Do Son March 12, 2026

According to a critical new report from CloudSEK, threat actors have moved beyond simple app modifications to...

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets pino-sdk-v2 npm Supply Chain Attack

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets

Do Son March 11, 2026

In the modern development landscape, supply chain attacks remain one of the most effective ways for threat...

Exploiting the Crisis: Chinese APTs Weaponize Middle East Tensions to Target Qatar with PlugX NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Exploiting the Crisis: Chinese APTs Weaponize Middle East Tensions to Target Qatar with PlugX

Do Son March 10, 2026

Following recent regional escalations, researchers have identified a sharp increase in activity from Chinese-nexus APT (Advanced Persistent...