ICE confirms use of Paragon spyware in drug trafficking cases
The acting head of ICE, Todd Lyons, approved the use of Paragon's spyware by Homeland Security Investigations (HSI) to combat the exploitation of encrypted p...
Malware
20 articles
Simplifying MBA obfuscation with CoBRA
Mixed Boolean-Arithmetic (MBA) obfuscation disguises simple operations like x + y behind tangles of arithmetic and bitwise operators. Malware authors and sof...
Malicious Chrome Extension “ChatGPT Ad Blocker” Targets Users, Steals Conversations
Security researchers have uncovered a malicious Google Chrome extension named “ChatGPT Ad Blocker” designed to silently steal private AI conversations. The m...
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the troj...
Hackers Weaponize Venom Stealer via ClickFix Lures for Massive Data Exfiltration
Hackers are increasingly turning simple social engineering tricks into full-scale data theft operations, and a newly identified malware platform called Venom...
House Dems decry confirmed ICE usage of Paragon spyware
The trio of Democrats weren’t satisfied with Immigration and Customs Enforcement answers, and criticized the spyware’s use. The post House Dems decry confirm...
Claude Code leak used to push infostealer malware on GitHub
Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [.
NoVoice Android malware steals WhatsApp data via Google Play apps
The NoVoice operation, identified by McAfee, concealed malicious components within the com.facebook.
CrystalRAT malware-as-a-service offers remote access and prankware features
CrystalRAT, which first appeared in January, operates on a tiered subscription model and shares significant similarities with the WebRAT (Salat Stealer) malw...
WhatsApp warns of spyware in fake iPhone app
WhatsApp accused Italian spyware firm SIO of creating the fake app.
Microsoft Warns of WhatsApp Attachments Spreading Backdoor on Windows PCs
Microsoft warns of a WhatsApp attachments spreading VBS malware that installs backdoors on Windows PCs, giving hackers remote access and control systems.
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls
vSphere and BRICKSTORM Malware: A Defender's Guide
Written by: Stuart Carrera Introduction Building on recent BRICKSTORM research from Google Threat Intelligence Group (GTIG), this post explores the evolving ...
Storm Infostealer Sold as Service, Targets Browsers, Wallets and Accounts
New research from Varonis Threat Labs reveals Storm infostealer, a malicious subscription service that bypasses Google Chrome encryption.
Sophisticated CrystalX RAT Emerges
The malware can spy on victims, steal their information, and make configuration changes on devices. The post Sophisticated CrystalX RAT Emerges appeared firs...
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with...
Italian spyware vendor creates Fake WhatsApp app, targeting 200 users
WhatsApp blocked a fake app by Italian firm SIO/Asigint that targeted 200 users with spyware, urging them to reinstall the official app. WhatsApp has recentl...
Hooked on Linux: Rootkit Detection Engineering
In this second part of a two-part series, we explore Linux rootkit detection engineering, focusing on the limitations of static detection reliance, and the i...
WhatsApp warns users of fake app used to distribute spyware
The Meta subsidiary alleges that Italy’s SIO spyware manufacturer designed the phony app specifically for iPhones. Most of the impacted users are in Italy, a...
New CrystalRAT malware adds RAT, stealer and prankware features
A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilit...