Trojan Malware

Trojanized Gaming Tools Distribute Java Based RAT Through Browsers and Chat Platforms

Cybersecurity researchers are warning that attackers are disguising malicious software as popular gaming utilities to infect unsuspecting users. The campaign relies on browser downloads and chat platform sharing to deliver a Java based remote access trojan, enabling full control over compromised systems. According to the Microsoft Threat Intelligence team, the infection process begins with a malicious downloader […]

Trojanized Gaming Tools Distribute Java Based RAT Through Browsers and Chat Platforms Read More »

SmartLoader Attack Leverages Trojanized Oura MCP Server to Deploy StealC Infostealer

Cybersecurity researchers have uncovered a sophisticated campaign using a trojanized Model Context Protocol (MCP) server linked to Oura Health to deliver the StealC information stealer. According to Straiker’s AI Research (STAR) Labs, attackers cloned the legitimate Oura MCP server—which normally connects AI assistants to Oura Ring health data—and created fake forks, contributor accounts, and a deceptive infrastructure to build

SmartLoader Attack Leverages Trojanized Oura MCP Server to Deploy StealC Infostealer Read More »

Lazarus Campaign Injects Malicious Packages into npm and PyPI Ecosystems

Cybersecurity researchers have uncovered a new wave of malicious packages in the npm and Python Package Index (PyPI) ecosystems linked to the North Korea-backed Lazarus Group. The campaign, dubbed graphalgo, has been active since May 2025 and leverages fake recruitment efforts to compromise developer systems. Campaign Overview Attackers create a convincing narrative around a fictitious company

Lazarus Campaign Injects Malicious Packages into npm and PyPI Ecosystems Read More »

Bloody Wolf Targets Uzbekistan and Russia with NetSupport RAT via Spear-Phishing Campaign

Cybersecurity researchers have linked a targeted cyber campaign to the threat actor known as Bloody Wolf, which is actively infecting systems in Uzbekistan and Russia through spear-phishing emails that deliver the NetSupport Remote Access Trojan. The activity is being monitored by cybersecurity firm Kaspersky under the tracking name Stan Ghouls. The group has been operational

Bloody Wolf Targets Uzbekistan and Russia with NetSupport RAT via Spear-Phishing Campaign Read More »

Compromised dYdX npm and PyPI Packages Spread Wallet Stealers and RAT Malware

Cybersecurity researchers have uncovered a software supply chain attack involving compromised packages on npm and the Python Package Index (PyPI) that were used to distribute cryptocurrency wallet stealers and remote access malware. The malicious activity targeted developer tools associated with the dYdX v4 protocol, a decentralized exchange used for margin and perpetual trading. The affected package versions are listed below. Affected Packages

Compromised dYdX npm and PyPI Packages Spread Wallet Stealers and RAT Malware Read More »

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deliver NetSupport RAT

A newly identified cyber campaign called JS#SMUGGLER is gaining attention after researchers observed attackers using compromised websites to distribute NetSupport RAT, a remote access tool capable of giving full control over victim devices. Security analysts from Securonix reported that the operation relies on several coordinated components including an obfuscated JavaScript loader, an HTML Application (HTA)

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deliver NetSupport RAT Read More »

Android Malware FvncBot, SeedSnatcher, and ClayRat Now Feature Enhanced Data Theft Capabilities

Cybersecurity analysts have uncovered significant updates in multiple Android threat campaigns. Two newly identified malware families, named FvncBot and SeedSnatcher, have come to light, while researchers also report an upgraded strain of ClayRat circulating in active attacks. These findings were published by Intel 471, CYFIRMA, and Zimperium. FvncBot Targets Polish Banking Users With Advanced Fraud

Android Malware FvncBot, SeedSnatcher, and ClayRat Now Feature Enhanced Data Theft Capabilities Read More »

Android Trojan ‘Fantasy Hub’ Turns Telegram into a Malware Service Hub for Hackers

A sophisticated new Android Remote Access Trojan (RAT) named “Fantasy Hub” is being marketed as Malware-as-a-Service (MaaS) on Russian-speaking Telegram channels. This malware provides attackers with comprehensive control over infected devices, posing a direct threat to both individual mobile banking users and enterprises with Bring Your Own Device (BYOD) policies. A Professionalized Cybercrime Service Fantasy

Android Trojan ‘Fantasy Hub’ Turns Telegram into a Malware Service Hub for Hackers Read More »

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine

A previously unidentified threat actor, aligned with Russian interests, has been discovered impersonating the cybersecurity firm ESET in a sophisticated phishing campaign against Ukrainian targets. The attacks, detected in May 2025, involved distributing malicious software installers that deployed a stealthy backdoor known as Kalambur. Deceptive Phishing Lures and Communication Channels The group, tracked by ESET

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine Read More »

Researchers Discover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Information

Cybersecurity researchers have exposed two sophisticated Android trojans, BankBot-YNRK and DeliveryRAT, which are actively stealing sensitive financial information from users worldwide. These malware families employ advanced evasion techniques and abuse core phone functionalities to commit fraud and data theft on a significant scale. BankBot-YNRK: A Highly Evasive Banking Trojan Analyzed by CYFIRMA, BankBot-YNRK is a dangerous malware

Researchers Discover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Information Read More »