Malware

New “Cavalry Werewolf” Attack Targets Russian Agencies With FoalShell and StallionRAT

A threat actor, tracked by security researchers as Cavalry Werewolf, has been observed targeting Russian government organisations and critical industry networks, using malware families known as FoalShell and StallionRAT. Cybersecurity vendor BI.ZONE links this cluster to multiple other tracked groups, including SturgeonPhisher, Silent Lynx, Comrade Saiga, ShadowSilk, and Tomiris, which suggests overlapping toolsets and tactics. […]

New “Cavalry Werewolf” Attack Targets Russian Agencies With FoalShell and StallionRAT Read More »

Confucius Hackers Target Pakistan With WooperStealer and Anondoor Malware

A persistent threat actor known as Confucius has been linked to a fresh phishing campaign focused on Pakistan, deploying information stealers and, more recently, a Python-based backdoor. Security firms have observed the group using malware families such as WooperStealer and Anondoor to harvest sensitive data and to establish longer-term access on compromised systems. Background and

Confucius Hackers Target Pakistan With WooperStealer and Anondoor Malware Read More »

Android Spyware Masquerades as Signal Encryption Plugin and ToTok Pro, Users at Risk

Cybersecurity experts have uncovered two dangerous Android spyware campaigns known as ProSpy and ToSpy, targeting users in the United Arab Emirates (U.A.E.). These malicious campaigns disguise themselves as popular apps such as Signal Encryption Plugin and ToTok Pro to trick unsuspecting victims into installing spyware on their devices. Fake Apps and Distribution Tactics According to

Android Spyware Masquerades as Signal Encryption Plugin and ToTok Pro, Users at Risk Read More »

Android Banking Trojan “Klopatra” Hides VNC Access to Take Control of Smartphones

A newly discovered Android banking trojan named Klopatra has infected more than 3,000 devices, with the majority of cases reported in Spain and Italy. The malware, identified by the Italian fraud prevention company Cleafy in late August 2025, is a sophisticated remote access trojan (RAT) that leverages Hidden Virtual Network Computing (VNC) for remote control,

Android Banking Trojan “Klopatra” Hides VNC Access to Take Control of Smartphones Read More »

Phantom Taurus, a China-Linked Hacker Group, Targets Governments With Stealth Malware

Over the past two and a half years, a China-linked, state-aligned cyber espionage group, known as Phantom Taurus, has been observed targeting government and telecommunications organizations across Africa, the Middle East, and Asia. The group focuses on intelligence collection, aiming to obtain sensitive diplomatic and defense-related data, often aligning its operations with major geopolitical events

Phantom Taurus, a China-Linked Hacker Group, Targets Governments With Stealth Malware Read More »

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations

Threat actors are exploiting the popularity of artificial intelligence (AI) by embedding malware into fake productivity and AI-enhanced tools, according to a recent Trend Micro report. This campaign, known as EvilAI, is targeting organizations worldwide across regions such as Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region. Global Impact and Targeted

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations Read More »

SVG Files Weaponized to Deliver PureMiner, Steal Sensitive Information

A recent phishing campaign targeting Ukrainian organizations abuses Scalable Vector Graphics, SVG, files as the initial infection vector. The attackers use embedded HTML, spoofed interfaces, and chained fileless stages to deliver two payloads, PureMiner, and Amatera Stealer. The campaign relies on user deception, legitimate tools, and memory-only execution to evade detection and harvest credentials, browser

SVG Files Weaponized to Deliver PureMiner, Steal Sensitive Information Read More »

Researchers Reveal Phishing Campaigns Distributing CountLoader and PureRAT

Researchers have uncovered a new phishing campaign that impersonates Ukrainian government organizations to distribute CountLoader, which subsequently delivers Amatera Stealer and PureMiner. According to Fortinet FortiGuard Labs researcher Yurren Wan, “The phishing emails carry malicious Scalable Vector Graphics (SVG) files designed to deceive recipients into opening dangerous attachments.” In the attack scenarios analyzed by cybersecurity

Researchers Reveal Phishing Campaigns Distributing CountLoader and PureRAT Read More »

New macOS XCSSET Variant Targets Firefox Using Clipper and Persistence Module

Cybersecurity experts have identified a new variant of the well-known macOS malware XCSSET, now observed in limited-scale attacks. According to a report from the Microsoft Threat Intelligence team, this updated version introduces key changes that include browser-focused attacks, clipboard hijacking, and improved persistence techniques. The malware uses strong encryption, obfuscation methods, and run-only compiled AppleScripts

New macOS XCSSET Variant Targets Firefox Using Clipper and Persistence Module Read More »

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers

A malware-based proxy network called REM Proxy is driven by SystemBC, providing roughly 80% of the botnet’s capacity to its users, according to the latest research from Black Lotus Labs at Lumen Technologies. “REM Proxy is a large-scale network that also offers access to about 20,000 Mikrotik routers and multiple open proxies discovered online,” the

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers Read More »