Topic
Malware.
52 stories of advisories, analysis, and defensive guidance in this topic.
Brief: TCLBANKER banking trojan targets banks, fintech, and crypto services
The Hacker News reported that TCLBANKER targets dozens of banking, fintech, and cryptocurrency organizations and spreads through social and productivity channels. Defenders should
Defender Guidance: TCLBANKER banking trojan targets banks, fintech, and crypto services
The Hacker News reported that TCLBANKER targets dozens of banking, fintech, and cryptocurrency organizations and spreads through social and productivity channels. Defenders should
Detection Notes: TCLBANKER banking trojan targets banks, fintech, and crypto services
The Hacker News reported that TCLBANKER targets dozens of banking, fintech, and cryptocurrency organizations and spreads through social and productivity channels. Defenders should
Risk Brief: TCLBANKER banking trojan targets banks, fintech, and crypto services
The Hacker News reported that TCLBANKER targets dozens of banking, fintech, and cryptocurrency organizations and spreads through social and productivity channels. Defenders should
Brief: Fake Call History apps linked to CallPhantom campaign
The Hacker News reported that fake call-history apps connected to CallPhantom reached millions of downloads and targeted users in India and the APAC region. Mobile security teams s
Defender Guidance: Fake Call History apps linked to CallPhantom campaign
The Hacker News reported that fake call-history apps connected to CallPhantom reached millions of downloads and targeted users in India and the APAC region. Mobile security teams s
Detection Notes: Fake Call History apps linked to CallPhantom campaign
The Hacker News reported that fake call-history apps connected to CallPhantom reached millions of downloads and targeted users in India and the APAC region. Mobile security teams s
Risk Brief: Fake Call History apps linked to CallPhantom campaign
The Hacker News reported that fake call-history apps connected to CallPhantom reached millions of downloads and targeted users in India and the APAC region. Mobile security teams s
Brief: PamDOORa Linux PAM backdoor advertised on underground markets
The Hacker News reported that PamDOORa, a Linux PAM backdoor, was advertised by a threat actor and included SSH backdoor and credential-harvesting claims. Defenders should audit PA
Defender Guidance: PamDOORa Linux PAM backdoor advertised on underground markets
The Hacker News reported that PamDOORa, a Linux PAM backdoor, was advertised by a threat actor and included SSH backdoor and credential-harvesting claims. Defenders should audit PA
Detection Notes: PamDOORa Linux PAM backdoor advertised on underground markets
The Hacker News reported that PamDOORa, a Linux PAM backdoor, was advertised by a threat actor and included SSH backdoor and credential-harvesting claims. Defenders should audit PA
Risk Brief: PamDOORa Linux PAM backdoor advertised on underground markets
The Hacker News reported that PamDOORa, a Linux PAM backdoor, was advertised by a threat actor and included SSH backdoor and credential-harvesting claims. Defenders should audit PA
Brief: PCPJack worm activity raises concern for self-propagating malware
BleepingComputer and SecurityWeek reported on PCPJack worm activity. The available public coverage supports defensive review of exposed services, patching, and lateral movement con
Defender Guidance: PCPJack worm activity raises concern for self-propagating malware
BleepingComputer and SecurityWeek reported on PCPJack worm activity. The available public coverage supports defensive review of exposed services, patching, and lateral movement con
Detection Notes: PCPJack worm activity raises concern for self-propagating malware
BleepingComputer and SecurityWeek reported on PCPJack worm activity. The available public coverage supports defensive review of exposed services, patching, and lateral movement con
Risk Brief: PCPJack worm activity raises concern for self-propagating malware
BleepingComputer and SecurityWeek reported on PCPJack worm activity. The available public coverage supports defensive review of exposed services, patching, and lateral movement con
Brief: Casbaneiro banking trojan spreads through Latin America
Dark Reading reported Casbaneiro banking trojan activity spreading through Latin America. Financial-sector defenders should prioritize account takeover monitoring and endpoint dete
Defender Guidance: Casbaneiro banking trojan spreads through Latin America
Dark Reading reported Casbaneiro banking trojan activity spreading through Latin America. Financial-sector defenders should prioritize account takeover monitoring and endpoint dete
Detection Notes: Casbaneiro banking trojan spreads through Latin America
Dark Reading reported Casbaneiro banking trojan activity spreading through Latin America. Financial-sector defenders should prioritize account takeover monitoring and endpoint dete
Risk Brief: Casbaneiro banking trojan spreads through Latin America
Dark Reading reported Casbaneiro banking trojan activity spreading through Latin America. Financial-sector defenders should prioritize account takeover monitoring and endpoint dete
Brief: Venom Stealer MaaS commoditizes ClickFix-style social engineering
Dark Reading reported that Venom Stealer malware-as-a-service commoditizes ClickFix-style tactics. The defender response should combine endpoint controls, user training, and browse
Defender Guidance: Venom Stealer MaaS commoditizes ClickFix-style social engineering
Dark Reading reported that Venom Stealer malware-as-a-service commoditizes ClickFix-style tactics. The defender response should combine endpoint controls, user training, and browse
Detection Notes: Venom Stealer MaaS commoditizes ClickFix-style social engineering
Dark Reading reported that Venom Stealer malware-as-a-service commoditizes ClickFix-style tactics. The defender response should combine endpoint controls, user training, and browse
Risk Brief: Venom Stealer MaaS commoditizes ClickFix-style social engineering
Dark Reading reported that Venom Stealer malware-as-a-service commoditizes ClickFix-style tactics. The defender response should combine endpoint controls, user training, and browse
Brief: DeepLoad malware uses AI-themed lures to steal credentials
Dark Reading reported AI-powered DeepLoad malware focused on credential theft and evasion. The available listing supports defensive coverage but not detailed malware internals.
Defender Guidance: DeepLoad malware uses AI-themed lures to steal credentials
Dark Reading reported AI-powered DeepLoad malware focused on credential theft and evasion. The available listing supports defensive coverage but not detailed malware internals.
Detection Notes: DeepLoad malware uses AI-themed lures to steal credentials
Dark Reading reported AI-powered DeepLoad malware focused on credential theft and evasion. The available listing supports defensive coverage but not detailed malware internals.
Risk Brief: DeepLoad malware uses AI-themed lures to steal credentials
Dark Reading reported AI-powered DeepLoad malware focused on credential theft and evasion. The available listing supports defensive coverage but not detailed malware internals.
Brief: SnappyClient command-and-control activity targets crypto wallets
Dark Reading reported SnappyClient C2 activity targeting cryptocurrency wallets. Crypto users and businesses should monitor wallet-draining behavior and endpoint compromise.
Defender Guidance: SnappyClient command-and-control activity targets crypto wallets
Dark Reading reported SnappyClient C2 activity targeting cryptocurrency wallets. Crypto users and businesses should monitor wallet-draining behavior and endpoint compromise.
Detection Notes: SnappyClient command-and-control activity targets crypto wallets
Dark Reading reported SnappyClient C2 activity targeting cryptocurrency wallets. Crypto users and businesses should monitor wallet-draining behavior and endpoint compromise.
Risk Brief: SnappyClient command-and-control activity targets crypto wallets
Dark Reading reported SnappyClient C2 activity targeting cryptocurrency wallets. Crypto users and businesses should monitor wallet-draining behavior and endpoint compromise.
Brief: AsyncRAT campaign uses Python and Cloudflare-themed phishing
Dark Reading reported AsyncRAT delivery through Python and Cloudflare phishing lures. Defenders should watch for suspicious script execution and remote access malware behavior.
Defender Guidance: AsyncRAT campaign uses Python and Cloudflare-themed phishing
Dark Reading reported AsyncRAT delivery through Python and Cloudflare phishing lures. Defenders should watch for suspicious script execution and remote access malware behavior.
Detection Notes: AsyncRAT campaign uses Python and Cloudflare-themed phishing
Dark Reading reported AsyncRAT delivery through Python and Cloudflare phishing lures. Defenders should watch for suspicious script execution and remote access malware behavior.
Risk Brief: AsyncRAT campaign uses Python and Cloudflare-themed phishing
Dark Reading reported AsyncRAT delivery through Python and Cloudflare phishing lures. Defenders should watch for suspicious script execution and remote access malware behavior.
Brief: GoBruteforcer botnet targets more than 50,000 Linux servers
Dark Reading reported GoBruteforcer botnet activity targeting tens of thousands of Linux servers. Administrators should review exposed services, passwords, keys, and monitoring.
Defender Guidance: GoBruteforcer botnet targets more than 50,000 Linux servers
Dark Reading reported GoBruteforcer botnet activity targeting tens of thousands of Linux servers. Administrators should review exposed services, passwords, keys, and monitoring.
Detection Notes: GoBruteforcer botnet targets more than 50,000 Linux servers
Dark Reading reported GoBruteforcer botnet activity targeting tens of thousands of Linux servers. Administrators should review exposed services, passwords, keys, and monitoring.
Risk Brief: GoBruteforcer botnet targets more than 50,000 Linux servers
Dark Reading reported GoBruteforcer botnet activity targeting tens of thousands of Linux servers. Administrators should review exposed services, passwords, keys, and monitoring.
Brief: Fake AI Chrome extensions reported stealing user data
Dark Reading reported fake AI Chrome extensions stealing data from a large user base. Browser extension governance and allowlisting remain core controls.
Defender Guidance: Fake AI Chrome extensions reported stealing user data
Dark Reading reported fake AI Chrome extensions stealing data from a large user base. Browser extension governance and allowlisting remain core controls.
Detection Notes: Fake AI Chrome extensions reported stealing user data
Dark Reading reported fake AI Chrome extensions stealing data from a large user base. Browser extension governance and allowlisting remain core controls.
Risk Brief: Fake AI Chrome extensions reported stealing user data
Dark Reading reported fake AI Chrome extensions stealing data from a large user base. Browser extension governance and allowlisting remain core controls.
Brief: Lotus Wiper targets Venezuelan energy firms and utilities
Dark Reading reported Lotus Wiper activity affecting Venezuelan energy firms and utilities. Destructive malware risk should trigger backup, segmentation, and OT incident response r
Defender Guidance: Lotus Wiper targets Venezuelan energy firms and utilities
Dark Reading reported Lotus Wiper activity affecting Venezuelan energy firms and utilities. Destructive malware risk should trigger backup, segmentation, and OT incident response r
Detection Notes: Lotus Wiper targets Venezuelan energy firms and utilities
Dark Reading reported Lotus Wiper activity affecting Venezuelan energy firms and utilities. Destructive malware risk should trigger backup, segmentation, and OT incident response r
Risk Brief: Lotus Wiper targets Venezuelan energy firms and utilities
Dark Reading reported Lotus Wiper activity affecting Venezuelan energy firms and utilities. Destructive malware risk should trigger backup, segmentation, and OT incident response r
Brief: BlackSanta EDR killer highlights endpoint defense bypass risk
Dark Reading reported BlackSanta EDR-killer activity. Defenders should monitor tampering, service stoppage, driver abuse, and policy changes that weaken endpoint protection.
Defender Guidance: BlackSanta EDR killer highlights endpoint defense bypass risk
Dark Reading reported BlackSanta EDR-killer activity. Defenders should monitor tampering, service stoppage, driver abuse, and policy changes that weaken endpoint protection.
Detection Notes: BlackSanta EDR killer highlights endpoint defense bypass risk
Dark Reading reported BlackSanta EDR-killer activity. Defenders should monitor tampering, service stoppage, driver abuse, and policy changes that weaken endpoint protection.
Risk Brief: BlackSanta EDR killer highlights endpoint defense bypass risk
Dark Reading reported BlackSanta EDR-killer activity. Defenders should monitor tampering, service stoppage, driver abuse, and policy changes that weaken endpoint protection.