Topic: malware persistence
-
Stop Malware Persistence: A Wazuh Defense Guide
Malware persistence allows attackers to maintain long-term access to compromised systems by using techniques like scheduled tasks, boot scripts, and system process modifications. Successful persistence leads to severe consequences, including extended undetected operations, data exfiltration, and ...
Read More » -
First Android Malware Using Generative AI Discovered
A novel Android malware called "PromptSpy" is the first to use generative AI, specifically Google's Gemini, to automate on-screen navigation and lock itself in the recent apps list, making it hard to remove and increasing its adaptability across devices. The malware deploys a remote-control VNC...
Read More » -
Microsoft: SesameOp Malware Exploits OpenAI API in Attacks
Microsoft discovered the SesameOp backdoor, which exploits the OpenAI Assistants API as a covert command-and-control channel to maintain persistent access in compromised systems. The malware evades detection by using legitimate cloud services for communication, blending malicious traffic with nor...
Read More » -
The Rise of Thinking Malware
ESET researchers discovered PromptSpy, the first known Android malware that integrates a generative AI model (Google's Gemini) into its core execution to analyze a device's screen and generate adaptive navigation instructions. The malware's primary AI-driven function is to maintain persistence by...
Read More » -
Google: AI-Powered Malware Is Now in Active Use
Google has identified new AI-driven malware families like PromptFlux and PromptSteal that use large language models to dynamically generate malicious scripts, enabling them to evade detection and operate more flexibly. These malware variants employ AI for various malicious purposes, including sel...
Read More » -
Beware: Spyware Poses as Signal and ToTok Messaging Apps
Cybersecurity experts discovered two spyware operations, ProSpy and ToSpy, which impersonate updates for Signal and ToTok to target Android users, particularly in the UAE, through fake websites. These malicious apps steal sensitive data like contacts, messages, and files by tricking users into gr...
Read More » -
Chinese Mustang Panda Hackers Use CoolClient Backdoor to Spread Infostealers
Mustang Panda has deployed an updated CoolClient backdoor with enhanced capabilities to steal browser credentials and clipboard data, targeting government entities across Asia and beyond. The malware uses new distribution methods, compromising legitimate software for initial access, and introduce...
Read More » -
ClayRat Spyware Evolves with New Android Threats
The ClayRat Android spyware has evolved with significantly expanded surveillance and remote-control capabilities, including advanced keylogging and screen recording, posing a major threat to personal and corporate security. It abuses Android's Accessibility Services and SMS permissions to seize n...
Read More » -
APT37 Hackers Use Google Find Hub to Wipe Android Data
North Korean hackers are using Google's Find Hub service to remotely wipe Android devices and track locations, primarily targeting South Koreans through KakaoTalk messages and linked to known threat groups like APT37 and Kimsuky. The attack begins with spear-phishing messages impersonating author...
Read More » -
Beware: Noodlophile Infostealer Masks as Fake Legal Notices
A global cyber campaign uses fake legal notices via spear-phishing emails to distribute the Noodlophile infostealer, impersonating law firms to create urgency and steal sensitive data. The malware employs sophisticated techniques like DLL side-loading and disguised malicious files to bypass secur...
Read More » -
Malicious Solidity VSCode Extension Backdoors Developers
SleepyDuck malware disguised as a Solidity extension in the Open VSX registry has been downloaded over 53,000 times, targeting developers using AI-driven IDEs like Cursor and Windsurf. It uses an Ethereum smart contract for command-and-control, ensuring persistence by retrieving instructions from...
Read More » -
Ukraine's Military Targeted in Deceptive Charity Malware Attack
A Russian-aligned threat group (Void Blizzard/Laundry Bear) targeted Ukrainian military personnel in late 2025/early 2026 using a fake charity scheme to deploy the PluggyApe backdoor malware. The attack used personalized messages on encrypted apps to trick victims into downloading malicious files...
Read More » -
Chrome Zero-Day Used to Spread LeetAgent Spyware
A zero-day vulnerability in Google Chrome (CVE-2025-2783) was exploited via phishing in Operation ForumTroll, allowing attackers to escape Chrome's sandbox and deploy spyware developed by Memento Labs. The attack delivered LeetAgent spyware, which executed commands, stole files, and communicated ...
Read More »