Cybercrime Archives - Page 9 Of 17

Malicious NuGet Package Posing as Tracer Fody Steals Cryptocurrency Wallet Data

December 16, 2025

Cybersecurity researchers have identified a malicious NuGet package that impersonates the popular .NET tracing library Tracer.Fody to steal cryptocurrency wallet information. The package, called “Tracer.Fody.NLog,” was uploaded by a user named “csnemess” on February 26, 2020, and has remained on the repository for nearly six years. It closely mimics the legitimate “Tracer.Fody” library maintained by […]

Malicious NuGet Package Posing as Tracer Fody Steals Cryptocurrency Wallet Data Read More »

Google to Shut Down Dark Web Monitoring Tool in February 2026

December 16, 2025

Google has confirmed that it will shut down its Dark Web report feature in February 2026, bringing an end to a service that allowed users to check whether their personal information appeared on underground online marketplaces. The decision comes less than two years after the tool was first introduced. According to the company, scans for

Google to Shut Down Dark Web Monitoring Tool in February 2026 Read More »

VolkLocker Ransomware Exposed After Hard Coded Master Key Enables Free Decryption

December 15, 2025

Cybersecurity researchers have exposed a critical design flaw in a new ransomware strain called VolkLocker, allowing victims to recover their files without paying a ransom. The malware is operated by the pro Russian hacktivist group CyberVolk, also known as GLORIAMIST, and is offered under a ransomware as a service model. The weakness lies in poor

VolkLocker Ransomware Exposed After Hard Coded Master Key Enables Free Decryption Read More »

Phantom Stealer Spreads via ISO Phishing Emails Targeting Russian Finance Sector

December 15, 2025

Cybersecurity researchers have revealed an active phishing operation targeting multiple sectors across Russia, with a strong focus on finance and accounting organizations. The campaign distributes Phantom Stealer through malicious ISO optical disc images attached to phishing emails. The activity, tracked as Operation MoneyMount ISO, was uncovered by analysts at Seqrite Labs. While finance and accounting

Phantom Stealer Spreads via ISO Phishing Emails Targeting Russian Finance Sector Read More »

Fake OSINT and GPT Utility GitHub Repositories Spread PyStoreRAT Malware Payloads

December 15, 2025

Cybersecurity researchers have uncovered a new malware distribution campaign that abuses GitHub hosted Python repositories to spread a previously undocumented JavaScript based Remote Access Trojan named PyStoreRAT. The operation relies on fake development tools, OSINT utilities, and GPT related projects to trick analysts and developers into executing malicious loader code. GitHub Repositories Hide Multi Stage

Fake OSINT and GPT Utility GitHub Repositories Spread PyStoreRAT Malware Payloads Read More »

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale

December 15, 2025

Cybersecurity researchers are warning about a new wave of highly advanced phishing kits that are enabling large scale credential theft by combining automation, artificial intelligence, and multi factor authentication bypass techniques. The newly observed toolkits, known as BlackForce, GhostFrame, InboxPrime AI, and Spiderman, represent a growing shift toward industrialized phishing operations. BlackForce Targets MFA Using

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale Read More »

NANOREMOTE Malware Abuses Google Drive API for Stealthy Control of Windows Systems

December 15, 2025

Cybersecurity researchers have revealed a sophisticated Windows backdoor called NANOREMOTE that leverages the Google Drive API for command-and-control (C2) operations. Elastic Security Labs reported that the malware shows code similarities with FINALDRAFT (aka Squidoor), another implant using Microsoft Graph API for C2, attributed to the suspected Chinese threat cluster REF7707 (also known as CL-STA-0049, Earth

NANOREMOTE Malware Abuses Google Drive API for Stealthy Control of Windows Systems Read More »

STAC6565 Focuses on Canada in Most Attacks While Gold Blade Spreads QWCrypt Ransomware

December 9, 2025

Canadian organizations have become the primary focus of a targeted cyber campaign led by the threat cluster STAC6565. Cybersecurity company Sophos investigated nearly 40 intrusions linked to the group between February 2024 and August 2025, finding strong overlaps with the hacking group Gold Blade, also tracked under names such as Earth Kapre, RedCurl, and Red

STAC6565 Focuses on Canada in Most Attacks While Gold Blade Spreads QWCrypt Ransomware Read More »

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

December 9, 2025

Cybersecurity researchers have identified four separate threat clusters using a malware loader called CastleLoader, reinforcing earlier assessments that this tool operates under a malware-as-a-service (MaaS) model, providing capabilities to multiple cybercriminal groups. The operator behind CastleLoader has been designated GrayBravo by Recorded Future’s Insikt Group, previously tracked as TAG-150. According to an analysis published by

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure Read More »

Android Malware FvncBot, SeedSnatcher, and ClayRat Now Feature Enhanced Data Theft Capabilities

December 8, 2025

Cybersecurity analysts have uncovered significant updates in multiple Android threat campaigns. Two newly identified malware families, named FvncBot and SeedSnatcher, have come to light, while researchers also report an upgraded strain of ClayRat circulating in active attacks. These findings were published by Intel 471, CYFIRMA, and Zimperium. FvncBot Targets Polish Banking Users With Advanced Fraud

Android Malware FvncBot, SeedSnatcher, and ClayRat Now Feature Enhanced Data Theft Capabilities Read More »