Topic: malware distribution
-
Massive YouTube Malware Ring Uncovered by Researchers
Security researchers uncovered the "YouTube Ghost Network," a deceptive malware operation using fake or hijacked channels to distribute harmful software and phishing links through enticing offers like free game cheats or cracked applications. The network employed a sophisticated structure with di...
Read More » -
Nation-State Hackers Use "Bulletproof" Blockchains to Spread Malware
State-sponsored hackers, including a North Korean group, are now hiding malware within public cryptocurrency blockchains, creating a resilient and nearly untouchable hosting platform. This technique, called "EtherHiding," embeds malicious code in smart contracts on blockchains like Ethereum, leve...
Read More » -
New MatrixPDF Toolkit Weaponizes PDFs for Phishing Attacks
MatrixPDF is a malicious toolkit that transforms harmless PDFs into phishing tools, redirecting users to credential harvesting pages or initiating malware downloads, and is marketed on underground forums and Telegram. The toolkit offers features like drag-and-drop importing, real-time previews, a...
Read More » -
Grok Users: Beware of Malicious Links You Click
Hackers are using Grok's chatbot to distribute malware by embedding malicious links in adult video ads, a method called "Grokking." This tactic not only infects users but also boosts the malware sites' search engine rankings due to Grok's responses being indexed by Google. Experts advise enabling...
Read More » -
TamperedChef Infostealer Spreads via Fake PDF Editor
A malware campaign is distributing the TamperedChef infostealer through fake PDF editing software promoted via Google Ads, using over 50 domains and counterfeit certificates to appear legitimate. The malware, disguised as AppSuite PDF Editor, activated data-stealing capabilities on August 21st, h...
Read More » -
ClickFix: The Silent Security Threat in Your Home
A new cyberattack called ClickFix is targeting both Mac and Windows users by bypassing standard security measures and spreading through deceptive emails, messages, or search results. The attack tricks users into copying and executing a single command in the terminal, which silently downloads malw...
Read More » -
TA585 Hackers Unleash Advanced New Attack Tools
TA585 is a sophisticated cybercriminal group known for its fully autonomous infrastructure, managing its own phishing campaigns, malware deployment, and hosting platforms without relying on external services. The group primarily distributes MonsterV2, a versatile malware suite that acts as a remo...
Read More » -
Malicious 'TradingView Premium' Ads Spread from Meta to Google
A malvertising campaign has expanded from Facebook to Google Ads, using fake offers of free TradingView Premium to distribute advanced information-stealing malware. The scam involves hijacking legitimate Google Ads accounts and verified YouTube channels, which are rebranded to impersonate Trading...
Read More » -
Criminals Sell RAT Malware as Legitimate RMM Tool
A cybercrime operation sells a malicious remote access trojan disguised as a legitimate remote management tool, using a fraudulent Extended Validation certificate to bypass security detection. The service, marketed via an AI-generated website, is sold for a monthly fee and distributed through phi...
Read More » -
Gambling Network Secretly Doubles as Cybercrime Infrastructure
A long-running cybercrime network, active since around 2011, disguises itself as an illegal online gambling service while operating a massive malware and command-and-control infrastructure primarily targeting Indonesian citizens. The operation uses an extensive network of over 328,000 domains, hi...
Read More » -
Gaming Industry Under Siege: DDoS, Data Theft & Malware Attacks
The gaming industry is experiencing escalating cyberattacks, including DDoS incidents and security breaches, threatening user data and virtual economies as the market grows to nearly $189 billion by 2025. Players, especially younger ones, often neglect security measures like strong passwords, mak...
Read More » -
Xubuntu Website Hacked to Distribute Malware
The Xubuntu website was compromised to distribute Windows malware, redirecting users attempting to download the Linux OS to a malicious file instead of legitimate installation media. The malware identified is a clipboard hijacker that targets Windows systems, replacing cryptocurrency wallet addre...
Read More » -
ClickFix Phishing Kit Exposed by Cybersecurity Experts
Palo Alto Networks has identified the IUAM ClickFix Generator, a phishing toolkit that enables even novice cybercriminals to create convincing fake browser verification pages to deploy malware. The toolkit allows customization of phishing pages, detects the user's device and OS to tailor maliciou...
Read More » -
AMOS Infostealer Targets macOS via Popular AI App
The cybercrime economy is increasingly fueled by sophisticated infostealer malware like AMOS, which harvests and sells stolen credentials, financial data, and session cookies to enable further fraud and network intrusions. Attackers distribute this malware through highly adaptive social engineeri...
Read More » -
Don't Paste That TikTok Code! The Dangerous Scam Explained
A dangerous scam on TikTok, known as ClickFix, tricks users into installing information-stealing malware by posing as helpful tech support or free software guides, convincing them to run malicious commands on their own computers. These fraudulent videos, which promote fake methods for accessing p...
Read More » -
North Korean Hackers Hide Malware on Blockchain
EtherHiding is a technique used by North Korean hackers to hide malware on public blockchains, making it hard for authorities to disrupt their activities. The UNC5342 group targets software developers through fake recruitment offers, infecting Windows, macOS, and Linux systems with a multi-stage ...
Read More » -
Atomic Stealer: How This Potent Mac Malware Infects Your System
A sophisticated malware campaign uses fraudulent search engine ads to impersonate popular software and targets Mac users with the Atomic Stealer information-stealing program. LastPass confirmed it was a prime target, with attackers using deceptive ads to direct users to counterfeit GitHub pages t...
Read More » -
Microsoft cancels 200 certificates for malicious Teams installers
Microsoft revoked 200 software-signing certificates to neutralize the Vanilla Tempest ransomware group's ability to distribute malware disguised as the Microsoft Teams installer, protecting users from cyberattacks. Vanilla Tempest used deceptive domains and SEO poisoning to trick users into downl...
Read More » -
Android Malware Uses AI to Click Hidden Ads
A new Android malware uses AI-powered visual analysis, specifically TensorFlow.js models, to identify and click on-screen ads with high accuracy, enabling sophisticated click fraud that mimics genuine user behavior. The malware is distributed through official and unofficial channels, including Xi...
Read More » -
Cybercriminals Are Exploiting YouTube's Blind Spots
YouTube's massive user base and algorithmic design are exploited by scammers to spread malware, hijack accounts, and run fraudulent schemes through deceptive videos that mimic legitimate content. Deepfake technology is increasingly used in cryptocurrency scams, with AI-generated videos of celebri...
Read More » -
ClayRat Spyware Infiltrates Android Devices in Russia
ClayRat is an Android spyware operation targeting Russian users through deceptive Telegram channels and fake websites, tricking them into installing malicious apps disguised as legitimate ones like WhatsApp and YouTube. Once installed, the spyware gains extensive access to sensitive data, includi...
Read More » -
Exploit Code Released for Critical BIND 9 DNS Vulnerability
A critical security flaw (CVE-2025-40778) in BIND 9 DNS resolvers allows remote cache poisoning, enabling attackers to redirect users to malicious sites or spread malware without authentication. The vulnerability affects recursive DNS servers and authoritative servers with recursion enabled, with...
Read More » -
Stealth Malware Campaign Infects Thousands via DNS TXT Abuse
The Detour Dog malware campaign has infected over 30,000 websites, using DNS TXT records for server-side attacks that remain hidden from most users, selectively targeting specific visitors for redirection or malware downloads. This attack operates by having compromised servers send DNS queries wi...
Read More » -
Global Threat Map: Real-Time Open-Source Security Platform
The Global Threat Map is an open-source platform that aggregates public threat intelligence feeds into a single, interactive visualization, offering a real-time overview of global cyber threats like malware and phishing with full transparency into its data sources. It uniquely provides detailed i...
Read More » -
Jordanian hacker admits selling access to 50 corporate networks
A Jordanian cybercriminal, Feras Khalil Ahmad Albashiti, pleaded guilty to selling unauthorized network access to dozens of companies, acting as an **initial access broker** for ransomware and data theft groups. His arrest followed a sting operation where he sold access to an undercover officer a...
Read More » -
Beware: Hackers Hijack Calendar Subscriptions for Attacks
Hackers exploit digital calendar subscriptions by using deceptive systems to deliver malicious content like phishing links and malware through third-party feeds. BitSight's investigation revealed that expired or hijacked domains were used in large-scale campaigns, affecting millions of users thro...
Read More » -
Dutch Police Seize 250 Servers in Bulletproof Hosting Crackdown
Dutch law enforcement dismantled a major bulletproof hosting service used exclusively by cybercriminals, seizing approximately 250 physical servers and taking thousands of virtual servers offline. The service facilitated serious criminal activities like ransomware, botnets, and phishing by ignori...
Read More » -
TikTok Videos Fueling New ClickFix Infostealer Attacks
A new wave of TikTok cyberattacks uses deceptive videos promising free premium software to trick users into executing malicious PowerShell commands, part of the ClickFix social engineering campaign. Executing the commands downloads Aura Stealer malware, which harvests sensitive data like password...
Read More » -
Gen AI Data Breaches Surge Over 100%
The enterprise security landscape is being reshaped by generative AI and cloud adoption, forcing a re-evaluation of controls to monitor data flows across unsanctioned personal applications and AI tools. Phishing remains a top threat for credential theft, increasingly targeting cloud logins, while...
Read More » -
Hacker sentenced to 7 years for major port cyberattacks
A Dutch court sentenced a man to seven years for hacking European ports' IT systems to facilitate large-scale cocaine importation, dismissing his appeal regarding evidence from a cracked encrypted chat service. The attacks involved using insider-placed malware to steal data and monitor port netwo...
Read More » -
The Hidden Vulnerabilities in Email Security
Email is the primary cyberattack vector, with malware, scams, and phishing attempts surging by over 130%, 30%, and 20% respectively, causing widespread operational disruptions. Over 78% of organizations experienced an email breach last year, with phishing and impersonation being the most common m...
Read More » -
Windows SMB Flaw Exploited, OAuth Apps Hijacked
Digital security faces escalating threats including active exploitation of critical Windows SMB and WSUS vulnerabilities, alongside attackers hijacking trusted OAuth applications to create persistent cloud backdoors. The attack surface is expanding dramatically as interconnected systems link oper...
Read More » -
Rising Google Ads MCC Takeover Scams: How Phishing Attacks Work
A surge in sophisticated phishing attacks is compromising Google Ads Manager accounts, allowing fraudsters to drain advertising budgets of tens of thousands of dollars within hours, even bypassing two-factor authentication. Attackers use deceptive emails that mimic legitimate Google invitations, ...
Read More » -
Cybercriminals Lose Control: Rhadamanthys Infostealer Shut Down
The Rhadamanthys infostealer malware service has been disrupted, with criminal subscribers losing access to their data-collection servers, possibly due to law enforcement actions by German authorities. Subscribers reported that their administrative panels now require certificate-based authenticat...
Read More » -
First Android Malware Using Generative AI Discovered
A novel Android malware called "PromptSpy" is the first to use generative AI, specifically Google's Gemini, to automate on-screen navigation and lock itself in the recent apps list, making it hard to remove and increasing its adaptability across devices. The malware deploys a remote-control VNC...
Read More »