From bytecode to bytes: automated magic packet generation
By applying symbolic execution and the Z3 theorem prover to BPF bytecode, we’ve automated the generation of malware trigger packets, cutting analysis time fr...
Malware
20 articles
Evasive Masjesu DDoS Botnet Targets IoT Devices
Focused on persistence, the botnet does not engage in widespread infection and avoids blacklisted IPs and critical infrastructure entities. The post Evasive ...
Masjesu Botnet Targets Routers in Commercial DDoS Attacks
Hackers are abusing the Masjesu botnet to run high-volume DDoS-for-hire attacks against routers, gateways, and other exposed IoT infrastructure, turning ever...
Chaos malware expands from routers to Linux cloud servers
Chaos, Go-based malware first documented by Lumen’s Black Lotus Labs, has historically targeted routers and edge devices. A new variant observed in March 202...
New ClickFix Attack Uses Node.js Malware via Tor to Steal Crypto
Netskope Threat Labs report a new ClickFix attack using fake CAPTCHAs to deploy Tor-backed NodeJS malware and drain crypto wallets on Windows.
ComfyUI Servers Hijacked for Cryptomining, Proxy Botnet Ops
Hackers are aggressively hijacking Internet-exposed ComfyUI servers and converting them into high‑value cryptomining rigs and proxy botnet nodes, abusing wea...
Novel ResokerRAT malware exploits Telegram API to target Windows systems
Windows systems are being subjected to intrusions involving the newly emergent ResokerRAT malware, which leverages Telegram Bot API to facilitate remote trac...
Palo Alto weaponizes Vertex AI agents as double agents
Palo Alto Networks researchers demonstrated how AI agents built on Google Cloud's Vertex AI platform could be compromised and turned into double agents, enab...
Spyware maker avoids jail time in landmark case
Bryan Fleming, the first convicted spyware maker in over a decade, has been sentenced to time served and a $5,000 fine, avoiding jail time after pleading gui...
New Microsoft Defender Update Issued for Windows 11, Windows 10, and Server Images
Microsoft has rolled out a fresh security intelligence update for Microsoft Defender Antivirus to help secure Windows 11, Windows 10, and Windows Server imag...
SparkCat malware returns on app stores, targeting cryptocurrency users
The malware, identified by cybersecurity firm Kaspersky, has appeared in apps on both iOS and Android platforms, primarily targeting cryptocurrency users in ...
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
This week had real hits. The key software got tampered with.
North Korea’s Modular Malware Strategy Hides Attribution, Defies Takedowns
North Korea’s cyber program is shifting from monolithic “families” to a modular, portfolio-style malware ecosystem designed to survive exposure, frustrate at...
Poisoned Axios Package Spreads Cross-Platform Malware via Phantom Dependency
Hackers hijacked the npm account of Axios’s lead maintainer. They used it to push two malicious releases that silently installed a cross‑platform remote acce...
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Infiniti Stealer: a new...
Image or Malware? Read until the end and answer in comments :)
A malicious email delivered a .cmd malware that escalates privileges, bypasses antivirus, downloads payloads, sets persistence, and self-deletes.
UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles
North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages.
Axios maintainer’s post mortem confirms social engineering by UNC1069
Jason Saayman says he installed a remote access trojan disguised as a Teams update.
Storm infostealer bypasses Chrome encryption, targets crypto wallets
Discovered by Varonis Threat Labs, Storm infostealer operates as a malicious subscription service, targeting multiple browsers like Chrome, Edge, Firefox, an...
Chaos malware now targeting 64-bit Linux servers
Analysis of China-nexus groups also discovers double-pronged strategy, one on immediacy, the other around long dwell times.