Malware & Ransomware News

A new malware campaign is delivering both Gh0st RAT and CloverPlus adware simultaneously. This dual threat allows attackers to control systems and generate revenue. Security teams must enhance their defenses against this evolving threat.

FUD Crypt is a new malware-as-a-service that allows hackers to create Microsoft-signed malware easily. This poses a significant risk as it can bypass security measures. Cybersecurity teams must remain vigilant against these sophisticated threats.

A global operation led to the arrest of four individuals and the seizure of over 50 domains linked to DDoS-for-hire services, impacting more than 75,000 users worldwide.

A trojanized Slack installer is giving attackers hidden access to your machine. This threat targets millions of users, posing risks to personal and corporate data. Stay vigilant and ensure you download software from official sites.

How It Works The adware, initially perceived as harmless, has morphed into a serious threat. The update from Dragon Boss, rolled out in March 2025, created a method for the malware to maintain persistence on infected systems. This means it can continue to operate even after reboots or system updates. Who's Being Targeted This malware primarily targets users of

A phishing email disguised as a DHL shipment notification tricks users into installing remote access software. This malware can lead to further attacks, including ransomware. Stay vigilant and check email sources carefully.

The PowMix botnet is targeting the Czech workforce with advanced evasion techniques, posing a significant cybersecurity threat.

A new tactic called APK malformation is found in over 3000 Android malware samples, complicating detection efforts. This poses significant risks to users. Researchers have released tools to help combat this threat.

ZionSiphon malware targets Israeli water systems, aiming to disrupt operations. Although currently flawed, its potential for future attacks raises serious concerns.

Bluesky's app outages are due to a sophisticated DDoS attack, with claims of responsibility from the hacker group 313 Team. Despite the disruptions, Bluesky assures users that their data remains secure.

A new malware called Steaelite combines ransomware and data theft into one tool. It automates attacks, making it a serious threat to organizations. Cybersecurity defenses need to adapt quickly to counter this evolving risk.

Nexcorium, a new Mirai variant, exploits TBK DVR vulnerabilities and outdated TP-Link routers to execute DDoS attacks, expanding its botnet operations significantly.

Sophos analysts report an increase in the abuse of QEMU by threat actors, particularly in campaigns linked to PayoutsKing ransomware, which utilizes hidden virtual machines to evade detection and facilitate data theft.

AgingFly malware has been detected in Ukraine, targeting government and hospital systems to steal sensitive data. This poses a serious security risk to users. Authorities recommend blocking certain file types to mitigate the threat.

Threat actors are using n8n webhooks to deliver malware through phishing emails. This tactic has increased significantly, posing serious risks to users. Security teams must act to mitigate these threats.

Autovista is facing a ransomware attack that's disrupting services in Europe and Australia. Customers are advised to monitor updates and take precautions. The company is working to resolve the issue and restore applications.

A sophisticated adware campaign attributed to Dragon Boss Solutions has compromised over 25,000 endpoints worldwide, raising significant security concerns due to its ability to disable antivirus software and exploit unsecured update channels.

A new infostealer named NWHStealer is spreading through fake VPN sites and gaming mods. It's designed to steal passwords and cryptocurrency wallet information. Users must be cautious when downloading software to avoid falling victim.

A new report reveals that PRC state-sponsored hackers are using Brickstorm malware for persistent access in government and IT systems. Organizations are urged to act on the provided IoCs.

Microsoft's latest update enhances Windows security against RDP threats, introducing new warning dialogs and default restrictions on resource sharing to combat phishing attacks.

JanaWare ransomware is targeting Turkish citizens through sophisticated phishing tactics and advanced evasion techniques, leveraging a customized version of the Adwind RAT for its operations.

A new variant of the PlugX USB worm is spreading globally, using DLL sideloading techniques to evade detection and target sensitive data across multiple continents.

A new malware, Omnistealer, is stealing passwords and crypto wallets using blockchain technology. Over 300,000 credentials compromised, affecting various sectors. Protect your data now!

Hackers are exploiting the Obsidian Shell Commands plugin to deliver malware to financial sector professionals, utilizing advanced social engineering tactics and sophisticated techniques akin to recent high-profile attacks.

Hackers are exploiting vulnerabilities in Call of Duty: WWII, putting players' PCs at risk. Meanwhile, scammers are targeting families of the incarcerated. Stay alert to protect your data!

A ransomware attack at the Paris museum led to a €600,000 gold heist. Meanwhile, the Shai Hulud worm is compromising npm packages, stealing secrets. Cybersecurity vigilance is crucial.

A new Android banking trojan is linked to forced labor scams affecting mobile banking users. Trafficked individuals are exploited to distribute this malware. Awareness is crucial to combat this alarming trend.

A new social engineering campaign exploits Obsidian to deliver the PhantomPulse RAT, primarily targeting individuals in the financial and cryptocurrency sectors through LinkedIn and Telegram. This highlights significant vulnerabilities in legitimate applications.

Hackers are using MSBuild.exe to launch fileless attacks, evading detection. This trend poses serious risks to organizations relying on traditional security measures. It's crucial to adapt and enhance security strategies to combat these evolving threats.

Scans for the EncystPHP webshell have been detected, targeting vulnerable FreePBX systems. This trend underscores the need for stronger security measures. Stay informed and protect your systems from evolving cyber threats.

VIPERTUNNEL, a Python-based backdoor, is targeting US and UK businesses by disguising itself in fake DLL files and employing advanced obfuscation techniques to evade detection.

APT37, also known as ScarCruft, has been using Facebook to socially engineer targets into downloading RokRAT malware, leveraging trust-building tactics and sophisticated delivery methods.

JanelaRAT, a financial malware, is increasingly targeting users in Latin America with sophisticated phishing tactics and social engineering. Understanding its evolving methods is crucial for prevention.

A new Android malware implant has been discovered using Google Gemini for persistence tasks. This poses a significant risk to Android users, especially those downloading apps from untrusted sources. Stay informed about the evolving tactics of malware developers.

Advantest, a semiconductor testing specialist, has been hit by a ransomware attack. The company is now implementing incident response measures. This incident underscores the rising threat of ransomware in tech.

A fraud investigation has revealed sophisticated Python malware with advanced obfuscation techniques. This poses significant risks to organizations, particularly in finance. Immediate action is needed to mitigate potential threats.

Hackers are exploiting AI trust to deliver the AMOS Stealer, targeting Mac users. This malware uses social engineering to bypass traditional defenses, posing significant risks. Stay informed and protect your devices from this evolving threat.

A new malware, notnullOSX, is targeting cryptocurrency wallets worth over $10,000. Users in Taiwan, Vietnam, and Spain are particularly at risk. This malware tricks victims into downloading it, leading to potential theft of their crypto assets.

The CPUID website has been compromised, delivering trojanized versions of HWMonitor, CPU-Z, and PerfMonitor that deploy the STX RAT. Users downloading these tools may face serious malware risks. Immediate action is advised.

A malicious JavaScript file named cbmjlzan.JS was found in a phishing email. Only 15 antivirus programs flagged it, raising concerns about detection. Stay vigilant against such threats.

Cracked software is a hidden danger in many organizations. Employees often download these versions without realizing the risks. Discover five effective strategies to mitigate these threats.

STX RAT, a new remote access trojan, is targeting the finance sector with advanced stealth tactics, posing a significant threat to sensitive data.

A phishing campaign is exploiting Google Cloud Storage to deliver the Remcos RAT, making detection challenging and increasing risks for users.

A new stealthy malware campaign named RoningLoader has emerged, targeting Chinese-speaking users. It cleverly disguises itself as trusted software to evade detection, posing serious risks to security tools. Organizations must remain vigilant against this sophisticated threat.

A new malware campaign by the Silver Fox APT group is delivering ValleyRAT through a fake Telegram installer. This poses serious risks to users who may unknowingly install it. Stay vigilant and only download software from trusted sources.

A new tool automates the creation of packets that trigger BPF malware, drastically cutting analysis time. This impacts sectors like telecommunications and government. Swift action is needed to combat these stealthy threats.

ChipSoft, a major Dutch healthcare software vendor, has suffered a ransomware attack, affecting hospitals across the Netherlands and Belgium. The incident raises concerns about patient data security and highlights vulnerabilities in the healthcare sector.

The Masjesu botnet is a stealthy DDoS-for-hire service targeting IoT devices, utilizing evasive tactics and advanced obfuscation techniques to avoid detection.

LucidRook, a sophisticated Lua-based malware, is targeting Taiwanese NGOs and universities through spear-phishing attacks, utilizing advanced evasion techniques and fake security software. Recent intelligence indicates a broader campaign affecting multiple sectors.

A new malicious Chrome extension, Amazing Refresh, is hijacking user clicks and monetizing traffic without consent. This poses risks to both users and website owners. Immediate action is needed to remove the extension and protect users.