Malware

Tsundere Botnet Expands by Using Game Lures and an Ethereum Based C2 System on Windows

Security analysts have revealed new insights about the Tsundere botnet, a rapidly expanding malware operation that targets Windows systems. Active since mid 2025, the threat uses JavaScript based payloads delivered from a remote command and control server, allowing attackers to execute arbitrary commands and flexibly modify botnet behavior. Propagation and Infection Mechanisms Although its initial […]

Tsundere Botnet Expands by Using Game Lures and an Ethereum Based C2 System on Windows Read More »

New Sturnus Android Trojan Silently Captures Encrypted Chats and Takes Control of Devices

A newly identified Android banking trojan called Sturnus is raising significant concern among security researchers due to its advanced ability to steal credentials, monitor encrypted messaging apps, and take full control of infected devices. According to ThreatFabric, which analyzed the malware, Sturnus is designed for high level financial fraud and advanced surveillance, making it a

New Sturnus Android Trojan Silently Captures Encrypted Chats and Takes Control of Devices Read More »

TamperedChef Malware Spreads Through Fake Software Installers in a Continuing Global Campaign

A global malvertising operation known as TamperedChef is actively spreading malware through fake installers disguised as trusted software. Attackers are using deceptive tactics to make users download harmful programs, allowing them to establish remote access and persistent control over infected systems. Recent findings from the Acronis Threat Research Unit show that the campaign remains active,

TamperedChef Malware Spreads Through Fake Software Installers in a Continuing Global Campaign Read More »

Python Based WhatsApp Worm Spreads Eternidade Stealer Across Devices in Brazil

Cybersecurity analysts have uncovered a new campaign that combines social engineering with WhatsApp account hijacking to spread a Delphi based banking trojan known as Eternidade Stealer. This large scale operation specifically targets users in Brazil and relies on a Python powered WhatsApp worm to propagate malicious attachments. How the Campaign Operates Research from Trustwave SpiderLabs

Python Based WhatsApp Worm Spreads Eternidade Stealer Across Devices in Brazil Read More »

EdgeStepper Implant Redirects DNS Queries to Deliver Malware Through Compromised Software Updates

A China aligned threat actor known as PlushDaemon has been identified using a new Go based network backdoor called EdgeStepper. This tool enables adversary in the middle attacks by hijacking DNS queries and redirecting them to malicious infrastructure. Through this method, attackers can compromise legitimate software update channels and deliver harmful payloads. How the Attack

EdgeStepper Implant Redirects DNS Queries to Deliver Malware Through Compromised Software Updates Read More »

Researchers Explain Tuoni C2’s Involvement in a 2025 Real-Estate Cyberattack Attempt

Cybersecurity analysts have shared new details about a cyberattack attempt that targeted a major real estate company in the United States. The attackers used an emerging command and control framework known as Tuoni. Although the intrusion was unsuccessful, the campaign reveals a concerning trend where red team tools are frequently abused for malicious operations. Tuoni

Researchers Explain Tuoni C2’s Involvement in a 2025 Real-Estate Cyberattack Attempt Read More »

Seven NPM Packages Use Adspect Cloaking to Lure Users to Crypto Scam Pages

Security analysts have identified a group of seven npm packages created by a single threat actor who used Adspect cloaking to mislead visitors and redirect them to fraudulent crypto themed websites. These packages relied on traffic filtering techniques to separate real victims from security professionals, allowing attackers to hide malicious behavior while pushing unsuspecting users

Seven NPM Packages Use Adspect Cloaking to Lure Users to Crypto Scam Pages Read More »

New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT

Security analysts have identified a new wave of cyberattacks that rely on the ClickFix method to trick victims into running harmful commands. This activity is being monitored by eSentire under the name EVALUSION. The attackers are deploying two serious threats, the Amatera Stealer and the NetSupport RAT, through deceptive phishing pages that imitate security checks.

New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT Read More »

Dragon Breath Deploys RONINGLOADER to Disable Security Tools and Install Gh0st RAT

A threat actor known as Dragon Breath has launched a sophisticated operation using a multi layered tool called RONINGLOADER. This loader is designed to disable major endpoint security products, evade modern defenses, and ultimately deploy a modified version of Gh0st RAT. The campaign mainly targets Chinese speaking victims and relies on trojanized installers that appear

Dragon Breath Deploys RONINGLOADER to Disable Security Tools and Install Gh0st RAT Read More »

North Korean Hackers Abuse JSON Services to Deliver Malware Covertly

Researchers have uncovered that North Korean threat actors behind the Contagious Interview campaign are increasingly leveraging JSON storage services to host and deploy malicious payloads. These platforms allow attackers to operate covertly while blending in with normal traffic. Tactics and Techniques According to NVISO researchers Bart Parys, Stef Collart, and Efstratios Lontzetidis, the actors now

North Korean Hackers Abuse JSON Services to Deliver Malware Covertly Read More »