Malware

Fake Chrome Extension Safery Steals Ethereum Wallet Seed Phrases via Sui Blockchain

bersecurity researchers have discovered a malicious Chrome extension masquerading as a legitimate Ethereum wallet that secretly steals users’ seed phrases through an advanced blockchain-based exfiltration technique. The extension, named “Safery: Ethereum Wallet,” was falsely promoted as a secure Ethereum wallet for managing cryptocurrency with customizable settings. It was first uploaded to the Chrome Web Store […]

Fake Chrome Extension Safery Steals Ethereum Wallet Seed Phrases via Sui Blockchain Read More »

WhatsApp ‘Maverick’ Malware Hijacks Browser Sessions to Target Brazil’s Biggest Banks

Cybersecurity researchers have uncovered a sophisticated banking malware campaign in Brazil involving a new threat called Maverick, which spreads via WhatsApp and targets banking users by hijacking browser sessions. The campaign shows strong links to a prior malware strain known as Coyote, though Maverick exhibits new propagation and remote control techniques. How Maverick Spreads Maverick

WhatsApp ‘Maverick’ Malware Hijacks Browser Sessions to Target Brazil’s Biggest Banks Read More »

Hackers Exploit Triofox Flaw to Install Remote Access Tools via Antivirus Feature

A critical vulnerability in the Triofox file-sharing platform is being actively exploited by threat actors to gain full system control. The attackers are using a clever technique: they are weaponizing the platform’s own built-in antivirus feature to download and execute remote access tools, effectively turning a security function into an attack vector. The Authentication Bypass

Hackers Exploit Triofox Flaw to Install Remote Access Tools via Antivirus Feature Read More »

Android Trojan ‘Fantasy Hub’ Turns Telegram into a Malware Service Hub for Hackers

A sophisticated new Android Remote Access Trojan (RAT) named “Fantasy Hub” is being marketed as Malware-as-a-Service (MaaS) on Russian-speaking Telegram channels. This malware provides attackers with comprehensive control over infected devices, posing a direct threat to both individual mobile banking users and enterprises with Bring Your Own Device (BYOD) policies. A Professionalized Cybercrime Service Fantasy

Android Trojan ‘Fantasy Hub’ Turns Telegram into a Malware Service Hub for Hackers Read More »

Malicious npm Package Discovered Targeting GitHub-Owned Repositories

Cybersecurity researchers have identified a malicious npm package, “@acitons/artifact”, that mimics GitHub’s legitimate “@actions/artifact” library. The goal appears to be the compromise of GitHub-owned repositories through build process manipulation and credential theft. This discovery highlights the growing threat of typosquatting attacks within open-source ecosystems that target trusted supply chains. Discovery and attacker intent According to

Malicious npm Package Discovered Targeting GitHub-Owned Repositories Read More »

GootLoader Returns Using New Font Trick to Conceal Malware on WordPress Sites

GootLoader has reemerged, showing fresh innovations in evasion and delivery. Recent investigations by Huntress found multiple infections since October 27, 2025, including rapid hands-on-keyboard intrusions that led to domain controller compromise within 17 hours in two cases. The loader now uses custom web fonts and other subtle tricks to hide malicious payloads on compromised WordPress

GootLoader Returns Using New Font Trick to Conceal Malware on WordPress Sites Read More »

Konni Hackers Turn Google Find Hub into Remote Data Wiping Tool

A North Korea linked actor known as Konni, also tracked as Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia, has run targeted campaigns that compromise Android and Windows systems, steal credentials, and gain remote control of victims’ devices. Researchers at the Genians Security Center say the group used social engineering to distribute malware disguised as

Konni Hackers Turn Google Find Hub into Remote Data Wiping Tool Read More »

Large-Scale ClickFix Phishing Campaign Targets Hotel Systems Using PureRAT Malware

A widespread phishing operation is targeting the hospitality sector, tricking hotel staff and guests into revealing sensitive credentials and payment data. The campaign uses compromised email accounts to impersonate legitimate booking platforms, then redirects victims to ClickFix-style pages that ultimately deliver PureRAT, a modular remote access trojan. Security firms link the activity to attacks active

Large-Scale ClickFix Phishing Campaign Targets Hotel Systems Using PureRAT Malware Read More »

GlassWorm Malware Found in Three VS Code Extensions with Thousands of Installations

Cybersecurity researchers have uncovered a new wave of the persistent GlassWorm campaign, revealing three malicious Visual Studio Code (VS Code) extensions designed to steal developer credentials and cryptocurrency. With thousands of combined installations, these extensions demonstrate a continued and evolving threat to the software development ecosystem. The Malicious Extensions and Their Reach The campaign involves

GlassWorm Malware Found in Three VS Code Extensions with Thousands of Installations Read More »

Zero-Click Samsung Flaw Used to Deliver LANDFALL Android Spyware Through WhatsApp

A critical security vulnerability in Samsung Galaxy Android devices was exploited as a zero-day to deploy a sophisticated commercial-grade spyware known as LANDFALL. The targeted attacks, focused in the Middle East, used a specially crafted image file sent through WhatsApp to compromise devices without any user interaction. The Exploited Vulnerability and Its Patch The flaw,

Zero-Click Samsung Flaw Used to Deliver LANDFALL Android Spyware Through WhatsApp Read More »