Obfuscation Archives • Daily CyberSecurity

Weaponizing Conflict: ThreatLabz Exposes Mustang Panda’s Rapid PlugX Campaign in the Middle East Mustang Panda PlugX Backdoor

Weaponizing Conflict: ThreatLabz Exposes Mustang Panda’s Rapid PlugX Campaign in the Middle East

Do Son March 16, 2026

Recently, cybersecurity researchers at ThreatLabz have uncovered a new campaign by a China-nexus threat actor. The operation,...

TaxiSpy RAT: New Android Banking Trojan Targets Russian Financial Sector Android zero day flaw June 2026 security bulletin RuTaxi Trojan Android Banking Malware Pixel 9 zero-click exploit, Dolby UDC vulnerability CVE-2025-54957 NexusRoute Android RAT, India E-Challan Phishing ClayRat Self-Defense, Android Accessibility Abuse Android Trojan, AntiDot Android Malware "BadPack"

Android zero day flaw June 2026 security bulletin RuTaxi Trojan Android Banking Malware Pixel 9 zero-click exploit, Dolby UDC vulnerability CVE-2025-54957 NexusRoute Android RAT, India E-Challan Phishing ClayRat Self-Defense, Android Accessibility Abuse Android Trojan, AntiDot Android Malware "BadPack"

TaxiSpy RAT: New Android Banking Trojan Targets Russian Financial Sector

Do Son March 13, 2026

A highly sophisticated Android Banking Trojan has emerged, combining traditional financial theft with advanced Remote Access Trojan...

Weaponized Code: LTX Stealer Abuses Node.js to Bypass Antivirus LTX Stealer Node.js Malware

Weaponized Code: LTX Stealer Abuses Node.js to Bypass Antivirus

Do Son February 12, 2026

A new report by CYFIRMA has uncovered a sophisticated credential-stealing campaign that abuses legitimate software frameworks to...

Hiding in the Cloud: GuLoader Malware Evolves to Evade Detection GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

Hiding in the Cloud: GuLoader Malware Evolves to Evade Detection

Do Son February 11, 2026

Zscaler ThreatLabz has released a deep-dive analysis of GuLoader (also known as CloudEye), revealing how this long-standing...

The Invisible Predator: How VVS Stealer Abuses Pyarmor to Ghost Discord Accounts VVS Stealer, Pyarmor Obfuscation

The Invisible Predator: How VVS Stealer Abuses Pyarmor to Ghost Discord Accounts

Do Son January 5, 2026

A new, highly sophisticated malware strain is making the rounds on the cybercrime underground, targeting the massive...

New TangleCrypt Packer Hides EDR Killer, But Coding Flaws Cause Ransomware to Crash Unexpectedly RedLineCyber Clipboard Hijacker TangleCrypt Packer, STONESTOP EDR Killer Gamaredon APT - BoneSpy and PlainGnome

RedLineCyber Clipboard Hijacker TangleCrypt Packer, STONESTOP EDR Killer Gamaredon APT - BoneSpy and PlainGnome

New TangleCrypt Packer Hides EDR Killer, But Coding Flaws Cause Ransomware to Crash Unexpectedly

Do Son December 1, 2025

In the high-stakes game of ransomware, threat actors are constantly refining their camouflage. A new report from...

Extreme Stealth: Python Malware Hides Inside PNG-Disguised RAR, Injects Payload into cvtres.exe Python Malware Obfuscation, Steganographic RAR

Python Malware Obfuscation, Steganographic RAR

Extreme Stealth: Python Malware Hides Inside PNG-Disguised RAR, Injects Payload into cvtres.exe

Do Son November 24, 2025

Researchers at K7 Labs have discovered a highly obfuscated Python-based malware using multi-layer encoding, disguised archive formats,...

Telegram-Powered Phishing Campaign Targets European Businesses Using HTML Attachments to Steal Credentials

Do Son November 11, 2025

Researchers from Cyble Research and Intelligence Labs (CRIL) have uncovered a massive, multi-brand phishing campaign that uses...

Klopatra: New Android RAT Uses Hidden VNC and Commercial Obfuscation to Hijack European Banking Accounts Android zero day flaw June 2026 security bulletin RuTaxi Trojan Android Banking Malware Pixel 9 zero-click exploit, Dolby UDC vulnerability CVE-2025-54957 NexusRoute Android RAT, India E-Challan Phishing ClayRat Self-Defense, Android Accessibility Abuse Android Trojan, AntiDot Android Malware "BadPack"

Klopatra: New Android RAT Uses Hidden VNC and Commercial Obfuscation to Hijack European Banking Accounts

Do Son October 1, 2025

Cleafy’s Threat Intelligence team uncovered a new and highly sophisticated Android Remote Access Trojan (RAT) named Klopatra....

DarkCloud Stealer Evolves: New VB6 Obfuscation and Crypto Wallet Theft Make Malware More Dangerous Than Ever Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

DarkCloud Stealer Evolves: New VB6 Obfuscation and Crypto Wallet Theft Make Malware More Dangerous Than Ever

Do Son September 29, 2025

Recently, eSentire’s Threat Response Unit (TRU) identified a spear-phishing campaign targeting a manufacturing client that attempted to...

AI vs. AI: Microsoft Blocks Phishing Attack Using LLM-Generated Obfuscated Code AI-Obfuscation, SVG Phishing

AI vs. AI: Microsoft Blocks Phishing Attack Using LLM-Generated Obfuscated Code

Do Son September 26, 2025

Microsoft Threat Intelligence has revealed details of a credential phishing campaign that likely harnessed AI-generated code to...

DarkCloud Stealer: New Evasive Tactics Use Obfuscated Scripts & VB6 Payloads to Evade Detection

Do Son August 8, 2025

Unit 42 researchers have uncovered a significant shift in the distribution tactics of the DarkCloud Stealer malware,...

The Evolution of Evasion: Raspberry Robin Malware Upgrades with New Encryption & UAC Bypass Exploit Raspberry Robin, Malware Evasion

The Evolution of Evasion: Raspberry Robin Malware Upgrades with New Encryption & UAC Bypass Exploit

Do Son August 5, 2025

ThreatLabz has released a fresh technical update on Raspberry Robin, the elusive USB-propagated malware also known as...

SLOW#TEMPEST: Advanced Obfuscation Evades Static Analysis With CFG & Indirect Calls SLOW#TEMPEST, Malware Obfuscation

SLOW#TEMPEST: Advanced Obfuscation Evades Static Analysis With CFG & Indirect Calls

Do Son July 14, 2025

In late 2024, security researchers from Unit 42 uncovered a sophisticated new variant of the malware associated...

Stealthy WordPress Malware Uncovered: SEO Spam Plugin Mimics Your Domain to Evade Detection WordPress Malware, SEO Spam

Stealthy WordPress Malware Uncovered: SEO Spam Plugin Mimics Your Domain to Evade Detection

Do Son July 4, 2025

In a recent investigation, Kayleigh Martin, a Security Analyst at Sucuri, uncovered a cunning new tactic used...

Banana Squad Strikes Again: 60+ GitHub Repositories Trojanized in New Software Supply Chain Attack

Do Son June 20, 2025

A newly uncovered software supply chain campaign by the threat group Banana Squad has compromised more than...

Obscure VBScript “sostener.vbs” Unmasked: Fuels Multi-Stage RAT Delivery, Linked to Blind Eagle APT

Do Son June 16, 2025

In a deeply revealing investigation, Censys researchers have uncovered a web of malicious infrastructure revolving around a...

PureHVNC RAT Spreads Through Fake Job Offers and Multi-Stage Obfuscation PureHVNC RAT Job scam malware

PureHVNC RAT Spreads Through Fake Job Offers and Multi-Stage Obfuscation

Do Son May 30, 2025

A new wave of attacks uncovered by Netskope Threat Labs reveals a sophisticated global malware campaign delivering...

DOUBLELOADER Malware Uses ALCATRAZ Obfuscator to Evade Detection DOUBLELOADER malware, ALCATRAZ obfuscator

DOUBLELOADER Malware Uses ALCATRAZ Obfuscator to Evade Detection

Do Son May 26, 2025

Elastic Security Labs has identified a new malware family dubbed “DOUBLELOADER” that leverages ALCATRAZ—a game-hacking inspired obfuscator—to...

More_Eggs Malware Deep Dive: Abusing ieuinit.exe and Polymorphic JavaScript More_Eggs analysis, ieuinit.exe abuse

More_Eggs Malware Deep Dive: Abusing ieuinit.exe and Polymorphic JavaScript

Do Son May 20, 2025

More_Eggs is back—and it’s sneakier than ever. A new report by researcher Tonmoy Jitu dissects a recent...

Critical Alert 1 Active Exploit Detected Today