#malware-distribution

[ follow ]
#social-engineering #supply-chain-attack #credential-theft #cybersecurity-threats #developer-tools-security
Information security
fromTheregister
2 days ago

Credential-stealing crew spoofs Ivanti, Fortinet, Cisco VPNs

Storm-2561 cybercriminals distribute fake VPN clients through manipulated search results to steal user credentials via malicious MSI installers.
fromTechCrunch
2 days ago

The FBI is investigating malware hidden inside games hosted on Steam | TechCrunch

The FBI is investigating a hacker suspected of publishing several video games laced with malware on the popular PC games store Steam. In its announcement looking for victims who may have been infected, the FBI listed the following games suspected of being developed by the same cybercriminal over the last two years, hosted on the Steam store but embedded with malware: BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova.
Games
Information security
fromSecurityWeek
4 days ago

'BlackSanta' Malware Activates EDR and AV Killer Before Detonating Payload

A Russian-speaking threat actor uses social engineering to distribute ISO files containing malware, targeting HR departments through fake resumes to bypass security defenses.
#developer-tools-security
more#developer-tools-security
Information security
fromTheregister
5 days ago

Fake job applications pack malware that disables EDR

Russian cybercriminals target HR teams with malicious CVs disguised as job applications to install malware that disables security tools and steals corporate data.
Information security
fromSecurityWeek
6 days ago

ClickFix Attack Uses Windows Terminal to Evade Detection

A new ClickFix attack variant bypasses Run dialog protections by instructing victims to use Windows Terminal for executing malicious PowerShell commands that lead to Lumma Stealer infections.
Information security
fromSecurityWeek
6 days ago

Cloned AI Tool Sites Distribute Malware in 'InstallFix' Campaign

InstallFix campaign uses cloned webpages and malvertising to distribute information-stealing malware through fake installation pages for popular development tools.
Information security
fromThe Hacker News
6 days ago

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Two Chrome extensions were compromised through ownership transfers, enabling attackers to inject malware, execute arbitrary code, and steal user data from thousands of users.
Marketing tech
fromComputerworld
1 week ago

Targeted advertising is also targeting malware

Malvertising has become the primary malware delivery vector globally, surpassing email and direct hacks, with AI enabling rapid distribution of adaptive malware across publishers.
Information security
fromSecuritymagazine
1 week ago

The Great Security Culture Shift: Building a Proactive Defense in an Era of Advanced Threats and Social Engineering

Hackers exploit DLL side-loading on trusted platforms like LinkedIn to deliver malware through seemingly legitimate file attachments, bypassing traditional security defenses and compromising entire corporate networks.
Information security
fromTheregister
1 week ago

Malware-laced OpenClaw installers get Bing AI search boost

Scammers exploited OpenClaw's popularity by creating fake installers on GitHub that appeared in Bing AI search results, distributing information stealers and malware to unsuspecting users.
Information security
fromBusiness Insider
1 week ago

Online ads just became the internet's biggest malware machine, report says

Malicious ads surpassed email as the primary malware delivery channel in 2025, accounting for over 60% of campaigns, with programmatic advertising instances growing 45% year-over-year.
#supply-chain-attack
Web frameworks
fromThe Hacker News
1 week ago

Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

Malicious Packagist PHP packages disguised as Laravel utilities distribute a cross-platform remote access trojan enabling full system compromise on Windows, macOS, and Linux.
Web frameworks
fromThe Hacker News
1 week ago

Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

Malicious Packagist PHP packages disguised as Laravel utilities distribute a cross-platform remote access trojan enabling full system compromise on Windows, macOS, and Linux.
more#supply-chain-attack
Information security
fromThe Hacker News
1 week ago

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Microsoft warns of phishing campaigns exploiting OAuth redirect mechanisms to bypass email and browser defenses, targeting government and public-sector organizations to deliver malware without stealing credentials.
Information security
fromThe Hacker News
2 weeks ago

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Threat actors distribute trojanized gaming utilities via browsers and chat platforms to deploy a multi-purpose RAT that establishes persistence through scheduled tasks and evades detection via Microsoft Defender exclusions.
Information security
fromTheregister
2 weeks ago

Next.js jobseekers targeted with malicious 'interview' repos

Hackers distribute malicious Next.js repositories that execute in-memory JavaScript on developers' machines through multiple attack vectors during normal development workflows.
Information security
fromEngadget
3 months ago

Hackers tricked ChatGPT, Grok and Google into helping them install malware

Attackers seed search results with AI-generated, promoted prompts instructing users to paste malicious terminal commands, enabling remote installation of malware.
Video games
fromGameSpot
5 months ago

Steam Game Update Reportedly Distributed Malware And Stole Money From Cancer Victim

A Steam game update distributed malware that stole cryptocurrency and creator fees from at least one streamer.
Information security
fromTheregister
6 months ago

Google warns of state-backed web hijack attack

A Chinese-linked actor used compromised edge devices to hijack captive portals and deliver signed malware updates to deploy backdoors for espionage.
Privacy technologies
fromArs Technica
7 months ago

GitHub abused to distribute payloads on behalf of malware-as-a-service

Malware-as-a-service operators have exploited GitHub to distribute malicious software, posing challenges for organizations relying on the platform.
[ Load more ]