Malware

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Cybersecurity researchers have identified four separate threat clusters using a malware loader called CastleLoader, reinforcing earlier assessments that this tool operates under a malware-as-a-service (MaaS) model, providing capabilities to multiple cybercriminal groups. The operator behind CastleLoader has been designated GrayBravo by Recorded Future’s Insikt Group, previously tracked as TAG-150. According to an analysis published by […]

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure Read More »

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deliver NetSupport RAT

A newly identified cyber campaign called JS#SMUGGLER is gaining attention after researchers observed attackers using compromised websites to distribute NetSupport RAT, a remote access tool capable of giving full control over victim devices. Security analysts from Securonix reported that the operation relies on several coordinated components including an obfuscated JavaScript loader, an HTML Application (HTA)

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deliver NetSupport RAT Read More »

MuddyWater Uses UDPGangster Backdoor in Targeted Campaign Across Turkey, Israel, and Azerbaijan

In a newly identified cyber espionage operation, the Iranian aligned group MuddyWater has been found using a previously unknown backdoor named UDPGangster. The malware relies on the User Datagram Protocol (UDP) to manage command and control traffic, a choice that helps attackers avoid traditional network monitoring defenses. Security analysts at Fortinet FortiGuard Labs report that

MuddyWater Uses UDPGangster Backdoor in Targeted Campaign Across Turkey, Israel, and Azerbaijan Read More »

Android Malware FvncBot, SeedSnatcher, and ClayRat Now Feature Enhanced Data Theft Capabilities

Cybersecurity analysts have uncovered significant updates in multiple Android threat campaigns. Two newly identified malware families, named FvncBot and SeedSnatcher, have come to light, while researchers also report an upgraded strain of ClayRat circulating in active attacks. These findings were published by Intel 471, CYFIRMA, and Zimperium. FvncBot Targets Polish Banking Users With Advanced Fraud

Android Malware FvncBot, SeedSnatcher, and ClayRat Now Feature Enhanced Data Theft Capabilities Read More »

Sneeit WordPress RCE Exploited in the Wild, and ICTBroadcast Bug Powering Frost Botnet Attacks

A severe security weakness found in the Sneeit Framework plugin for WordPress is currently being abused across live sites, based on information shared by Wordfence. The flaw, tracked as CVE-2025-6389 with a CVSS rating of 9.8, affects every version up to 8.3. Developers fixed the issue in version 8.4 released on August 5, 2025. The

Sneeit WordPress RCE Exploited in the Wild, and ICTBroadcast Bug Powering Frost Botnet Attacks Read More »

Silver Fox Distributes ValleyRAT in China Through Fake Microsoft Teams Installer

A new campaign linked to the threat actor Silver Fox is targeting Chinese speaking users through a deceptive installer that pretends to be Microsoft Teams. The operation appears to be a false flag attempt designed to resemble activity from a Russian group, although the final payload is ValleyRAT, a malware family associated with Chinese cybercrime

Silver Fox Distributes ValleyRAT in China Through Fake Microsoft Teams Installer Read More »

GoldFactory Targets Southeast Asia with Modified Banking Apps Behind 11,000 Plus Infections

Cybercriminals linked to the financially motivated group GoldFactory have launched a new wave of mobile attacks across Indonesia, Thailand, and Vietnam by posing as government authorities and local service providers. According to a technical assessment released by Group IB, the campaign has been active since October 2024 and relies on doctored versions of legitimate banking

GoldFactory Targets Southeast Asia with Modified Banking Apps Behind 11,000 Plus Infections Read More »

Brazil Faces Banking Trojan Spread Through WhatsApp Worm and RelayNFC Relay Fraud

Brazil is facing a growing wave of cyberattacks as the threat actor known as Water Saci rolls out a more advanced infection chain that spreads banking malware through WhatsApp Web and relies on layered delivery techniques using PDF and HTA files. WhatsApp Worm Used to Deliver Banking Trojan Threat analysts from Trend Micro reported that

Brazil Faces Banking Trojan Spread Through WhatsApp Worm and RelayNFC Relay Fraud Read More »

GlassWorm Resurfaces With 24 Malicious Extensions Masquerading as Popular Developer Tools

The notorious supply chain threat, GlassWorm, has resurfaced, targeting developers by infiltrating both the Microsoft Visual Studio Marketplace and Open VSX with 24 malicious extensions. These extensions impersonate widely-used developer frameworks and tools, including Flutter, React, Tailwind, Vim, and Vue. Originally documented in October 2025, GlassWorm uses the Solana blockchain to manage command-and-control operations, harvest

GlassWorm Resurfaces With 24 Malicious Extensions Masquerading as Popular Developer Tools Read More »

Iran Linked Hackers Hit Israeli Sectors With New MuddyViper Backdoor

Israeli organizations across academia, engineering, local government, manufacturing, technology, transportation, and utilities have become targets of a sophisticated campaign by Iranian-linked hackers deploying a new backdoor called MuddyViper. ESET attributed the attacks to the MuddyWater group, also known as Mango Sandstorm or TA450, linked to Iran’s Ministry of Intelligence and Security (MOIS). One Egyptian technology

Iran Linked Hackers Hit Israeli Sectors With New MuddyViper Backdoor Read More »