Malware

Researchers Discover NodeCordRAT Embedded in Bitcoin-Themed npm Packages

Cybersecurity researchers have uncovered a new malware campaign involving three malicious npm packages that were used to distribute a previously undocumented remote access trojan named NodeCordRAT. The discovery highlights ongoing risks within open source ecosystems, particularly for developers working with cryptocurrency related libraries. Malicious Packages Identified The following npm packages were identified as part of […]

Researchers Discover NodeCordRAT Embedded in Bitcoin-Themed npm Packages Read More »

Black Cat Group Runs SEO Poisoning Malware Campaign Targeting Popular Software Searches

Cybersecurity authorities have linked the notorious Black Cat gang to an ongoing SEO poisoning campaign that targets popular software searches, tricking users into downloading malicious backdoors capable of stealing sensitive information. Fraudulent Sites Target Popular Software According to reports by CNCERT/CC and Beijing Weibu Online (ThreatBook), the threat actors manipulate search engine results on platforms

Black Cat Group Runs SEO Poisoning Malware Campaign Targeting Popular Software Searches Read More »

Two Chrome Extensions Found Stealing ChatGPT and DeepSeek Chats from 900,000 Users

Cybersecurity researchers have identified two malicious Chrome extensions that secretly collect user conversations from OpenAI ChatGPT and DeepSeek, along with browsing data, sending it to servers controlled by attackers. Together, these extensions have been installed by over 900,000 users worldwide. Identified Malicious Extensions The extensions are: These discoveries follow the earlier detection of Urban VPN

Two Chrome Extensions Found Stealing ChatGPT and DeepSeek Chats from 900,000 Users Read More »

Fake Booking Emails Lure Hotel Staff to BSoD-Themed Pages Delivering DCRat Malware

Cybersecurity experts have uncovered a new phishing campaign targeting the European hospitality industry, where hotel staff are deceived through fake Booking.com emails that lead to malicious software installation. The operation, tracked under the name PHALT#BLYX, relies on deceptive ClickFix style techniques combined with fake system error messages. Researchers from cybersecurity firm Securonix reported that the campaign

Fake Booking Emails Lure Hotel Staff to BSoD-Themed Pages Delivering DCRat Malware Read More »

New VVS Stealer Malware Targets Discord Accounts Using Obfuscated Python Code

Cybersecurity researchers have uncovered a new Python based information stealing malware known as VVS Stealer, also referred to as VVS $tealer, which is actively targeting Discord users by harvesting account credentials and authentication tokens. According to an analysis published by Palo Alto Networks Unit 42, this stealer has been circulating in underground Telegram channels since at least

New VVS Stealer Malware Targets Discord Accounts Using Obfuscated Python Code Read More »

Infostealers Allow Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting

Cybersecurity researchers are warning about a growing cybercrime cycle in which credentials stolen by infostealer malware are being used to compromise legitimate business websites and convert them into malware hosting platforms. According to recent findings from the Hudson Rock Threat Intelligence Team, this self reinforcing ecosystem allows attackers to repeatedly expand their infrastructure by turning

Infostealers Allow Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting Read More »

Transparent Tribe Initiates New RAT Attacks Targeting Indian Government and Academic Institutions

Cybersecurity researchers have attributed a new wave of targeted cyber espionage activity to the threat group known as Transparent Tribe, also tracked as APT36, aimed at Indian government bodies, academic institutions, and strategically significant organizations. According to a technical analysis published by CYFIRMA, the campaign relies on deceptive delivery methods, most notably a malicious Windows shortcut (LNK)

Transparent Tribe Initiates New RAT Attacks Targeting Indian Government and Academic Institutions Read More »

Silver Fox Targets Indian Users Using Tax-Themed Emails to Deliver ValleyRAT Malware

Cybersecurity researchers have identified a new phishing campaign targeting users in India, carried out by the China-linked threat actor known as Silver Fox. The operation uses income tax related email lures to distribute ValleyRAT, a modular remote access trojan also referred to as Winos 4.0. According to an analysis published by CloudSEK, the attack relies

Silver Fox Targets Indian Users Using Tax-Themed Emails to Deliver ValleyRAT Malware Read More »

DarkSpectre Browser Extension Campaigns Exposed After Affecting 8.8 Million Users Worldwide

Cybersecurity researchers have uncovered a large-scale malicious browser extension operation that has affected more than 8.8 million users across Google Chrome, Microsoft Edge, and Mozilla Firefox over a period exceeding seven years. The activity has been linked to a Chinese threat actor tracked by Koi Security under the name DarkSpectre. The investigation connects two previously

DarkSpectre Browser Extension Campaigns Exposed After Affecting 8.8 Million Users Worldwide Read More »

Modified Shai-Hulud Worm Detected Testing Payload on npm Registry

Cybersecurity researchers have uncovered a new variant of the Shai-Hulud worm on the npm registry, exhibiting subtle modifications compared to the previous wave detected last month. The compromised npm package, “@vietmoney/react-big-calendar“, was originally uploaded in March 2021 by a user named “hoquocdat” and was recently updated to version 0.26.2 on December 28, 2025. Since its initial

Modified Shai-Hulud Worm Detected Testing Payload on npm Registry Read More »