#malware
#malware

2 hours ago

Information security

North Korea's hijack of one of the web's most used open source projects was likely weeks in the making | TechCrunch

4 hours ago

Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

Compromised npm packages can rapidly affect numerous systems, highlighting the need for enhanced security in software development processes.

Node JS

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Information security

The man who discovered the ILOVEYOU virus is now fighting Russian drones using the same playbook - Silicon Canals

Mikko Hypponen says the age of viruses is over - now he's building defences against drones - Silicon Canals

Mikko Hyppönen is applying cybersecurity methods to develop anti-drone systems at Sensofusion, focusing on drone communication detection.

2 days ago

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

2 hours ago

North Korea's hijack of one of the web's most used open source projects was likely weeks in the making | TechCrunch

A North Korean cyberattack compromised the Axios project, highlighting security vulnerabilities in open source software development.

4 hours ago

Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

Compromised npm packages can rapidly affect numerous systems, highlighting the need for enhanced security in software development processes.

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

36 malicious npm packages disguised as Strapi CMS plugins facilitate exploitation and credential harvesting.

The man who discovered the ILOVEYOU virus is now fighting Russian drones using the same playbook - Silicon Canals

Mikko Hyppönen has transitioned from cybersecurity to anti-drone defense, focusing on systems for law enforcement and military clients.

Mikko Hypponen says the age of viruses is over - now he's building defences against drones - Silicon Canals

Mikko Hyppönen is applying cybersecurity methods to develop anti-drone systems at Sensofusion, focusing on drone communication detection.

2 days ago

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

Android Alert: 50 Google Play Apps Linked to 'NoVoice' Malware Reached 2.3M Downloads

NoVoice malware infiltrated Google Play Store, downloaded over 2.3 million times, exposing sensitive data on millions of devices.

Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users

Apple's macOS update introduces a warning system to prevent users from executing potentially harmful commands in Terminal.

Information security

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

fromTechRepublic

5 hours ago

Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users

Apple's macOS update introduces a warning system to prevent users from executing potentially harmful commands in Terminal.

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

macOS users are targeted by a ClickFix campaign delivering a Python-based information stealer through a fake Cloudflare verification page.

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Qilin and Warlock ransomware use BYOVD techniques to disable security tools on compromised hosts.

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

A Russian national was sentenced to two years for managing a botnet used in ransomware attacks against U.S. companies.

fromwww.theguardian.com

We Know You Can Pay a Million by Anja Shortland review the terrifying new world of ransomware

Ransomware originated from a 1989 stunt by Joseph L Popp Jr, who used a Trojan virus to extort money under the guise of HIV prevention.

8 hours ago

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Qilin and Warlock ransomware use BYOVD techniques to disable security tools on compromised hosts.

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

A Russian national was sentenced to two years for managing a botnet used in ransomware attacks against U.S. companies.

fromwww.theguardian.com

We Know You Can Pay a Million by Anja Shortland review the terrifying new world of ransomware

Ransomware originated from a 1989 stunt by Joseph L Popp Jr, who used a Trojan virus to extort money under the guise of HIV prevention.

Apple issues warning to iPhone users over stealthy attack: Act NOW

Apple has released critical iOS updates to protect against the DarkSword cyberattack method targeting vulnerable devices.

4 days ago

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

fromBleepingComputer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

fromInfoQ

4 days ago

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

fromBleepingComputer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

Information security

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

Information security

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

Information security

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft warns of phishing campaigns exploiting the U.S. tax season to steal credentials and deliver malware.

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Threat actors are using AitM phishing to compromise TikTok for Business accounts, targeting business accounts for malvertising and malware distribution.

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft warns of phishing campaigns exploiting the U.S. tax season to steal credentials and deliver malware.

more#phishing

#north-korea

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean threat actors use StoatWaffle malware via malicious VS Code projects to steal data and execute commands on infected systems.

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean threat actors use StoatWaffle malware via malicious VS Code projects to steal data and execute commands on infected systems.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Information security

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

fromTechRepublic

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

more#whatsapp

Privacy professionals

FBI Warns of Data Security Risks From China-Made Mobile Apps

Foreign-developed mobile applications pose significant data security risks, particularly those from China, according to an FBI alert.

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

fromAxios

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

Axios npm package compromised, posing a new supply chain threat

Malicious versions of axios were published on npm, installing a Remote Access Trojan on multiple operating systems.

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

fromAxios

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

Axios npm package compromised, posing a new supply chain threat

Malicious versions of axios were published on npm, installing a Remote Access Trojan on multiple operating systems.

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Speagle malware hijacks Cobra DocGuard infrastructure to harvest and exfiltrate sensitive data while masking communications as legitimate server traffic.

GlassWorm malware surfaces in development environments

GlassWorm operation compromised over 400 software components across GitHub, npm, and development marketplaces using supply-chain attacks and blockchain-based command-and-control infrastructure.

fromInfoQ

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Speagle malware hijacks Cobra DocGuard infrastructure to harvest and exfiltrate sensitive data while masking communications as legitimate server traffic.

GlassWorm malware surfaces in development environments

GlassWorm operation compromised over 400 software components across GitHub, npm, and development marketplaces using supply-chain attacks and blockchain-based command-and-control infrastructure.

more#supply-chain-attack

Popular AI gateway startup LiteLLM ditches controversial startup Delve | TechCrunch

LiteLLM is terminating its relationship with Delve for security certifications after a malware incident and will seek a new compliance auditor.

Delve did the security compliance on LiteLLM, an AI project hit by malware | TechCrunch

Malware was discovered in the popular open source project LiteLLM, compromising user credentials and causing significant security concerns.

fromInfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

Compromised LiteLLM packages executed a three-stage payload targeting sensitive data in cloud environments before being removed from PyPI.

Popular AI gateway startup LiteLLM ditches controversial startup Delve | TechCrunch

LiteLLM is terminating its relationship with Delve for security certifications after a malware incident and will seek a new compliance auditor.

Delve did the security compliance on LiteLLM, an AI project hit by malware | TechCrunch

Malware was discovered in the popular open source project LiteLLM, compromising user credentials and causing significant security concerns.

fromInfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

Compromised LiteLLM packages executed a three-stage payload targeting sensitive data in cloud environments before being removed from PyPI.

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad malware uses ClickFix tactics and AI-assisted obfuscation to evade detection and steal credentials immediately.

TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Russian state-sponsored group TA446 is using the DarkSword exploit kit to target iOS devices through phishing emails.

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

A sophisticated malware campaign targets Web3 support teams using deceptive links to deliver malicious executables and establish persistent communication with threat actors.

US news

Alleged RedLine Malware Administrator Extradited to US

Hambardzum Minasyan has been extradited to the US for his alleged involvement in the RedLine malware operation.

Privacy technologies

fromZDNET

5 telltale signs that your phone has been compromised (and how to combat them)

Phone hacking can be detected through signs like battery drain, slow performance, unfamiliar logins, and reduced storage space.

fromTechRepublic

Nearly 7M Email Addresses Exposed in Crunchyroll Third-Party Breach

Crunchyroll was breached through a third-party vendor, compromising user data and internal systems via a support agent's account.

fromArs Technica

Self-propagating malware poisons open source software and wipes Iran-based machines

CanisterWorm, as Aikido has named the malware, targets organizations' CI/CD pipelines used for rapid development and deployment of software. Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector.

Information security

Roam Research

fromInfoWorld

New 'StoatWaffle' malware autoexecutes attacks on developers

StoatWaffle malware communicates with a C2 server to execute various commands and targets browser data and Keychain databases on macOS.

Stryker Says Malicious File Found During Probe Into Iran-Linked Attack

Stryker identified a malicious file used in a cyberattack by the Iran-linked group Handala, disrupting operations but finding no evidence of malware or ransomware.

FBI says Iranian hackers are using Telegram to steal data in malware attacks | TechCrunch

Iranian government hackers exploit Telegram to steal data from dissidents and journalists through malware disguised as legitimate apps.

fromComputerworld

Chrome encryption bypass discovered: New malware steals passwords and cookies

The bypass requires neither privilege escalation nor code injection, making it a stealthier approach compared to alternative ABE bypass methods.

Information security

Widely used Trivy scanner compromised in ongoing supply-chain attack

Aqua Security's Trivy vulnerability scanner has been compromised, affecting developers and organizations using it.

Information security

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, an open-source vulnerability scanner, was compromised twice in a month, delivering malware that stole sensitive CI/CD secrets.

fromArs Technica

Widely used Trivy scanner compromised in ongoing supply-chain attack

Aqua Security's Trivy vulnerability scanner has been compromised, affecting developers and organizations using it.

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, an open-source vulnerability scanner, was compromised twice in a month, delivering malware that stole sensitive CI/CD secrets.

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

AI is transforming cybercrime by enabling personalized phishing, deepfakes, and malware that evade traditional security measures.

Law enforcement shuts down botnet made of tens of thousands of hacked routers | TechCrunch

Law enforcement agencies globally shut down SocksEscort, a botnet compromising over 369,000 routers across 163 countries used for financial crimes, ransomware, DDoS attacks, and CSAM distribution.

14,000 routers are infected by malware that's highly resistant to takedowns

A 14,000-device botnet called KadNap primarily compromises unpatched Asus routers to create a takedown-resistant proxy network for cybercrime using peer-to-peer Kademlia architecture.

Information security

KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet

Information security

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown

Roam Research

fromArs Technica

14,000 routers are infected by malware that's highly resistant to takedowns

A 14,000-device botnet called KadNap primarily compromises unpatched Asus routers to create a takedown-resistant proxy network for cybercrime using peer-to-peer Kademlia architecture.

Information security

KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet

Information security

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown

China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks

A China-linked APT group targets South American telecommunications infrastructure with three new implants across Windows, Linux, and edge devices since 2024.

fromComputerworld

The Coruna exploit: Why iPhone users should be concerned

Coruna is a sophisticated nation-state malware toolkit exploiting 23 vulnerabilities across five chains to steal data, cryptocurrency, and personal information while respecting Apple's Lockdown Mode.

APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine

Russian state-sponsored APT28 deployed two new malware families, BadPaw and MeowMeow, targeting Ukrainian entities through phishing emails with Ukrainian-language lures about border crossing appeals.