#malwareoperations — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #malwareoperations, aggregated by home.social.
-
GPU mining malware spreads via SEO poisoning and AI chatbot manipulation
Beware of a sneaky malware that's spreading through manipulated AI chatbot responses and search engine poisoning, tricking users into downloading GPU mining malware. Victims unknowingly stumble upon malicious links while searching for popular software or getting recommendations from AI assistants.
#SeoPoisoning #GpuMiningMalware #AiChatbotManipulation #MalwareOperations #EmergingThreats
-
GitHub Tags Exploited to Deploy Credential-Stealing Malware
Malicious actors have manipulated hundreds of GitHub tags to spread credential-stealing malware through popular Laravel Lang localization packages, putting countless users at risk. By rewriting historical tags, attackers tricked Composer installations into downloading the malicious payload.
#MalwareOperations #CredentialStealing #Github #Composer #Laravel
-
Chinese hackers infiltrate telcos with Showboat, JFMBackdoor malware
Chinese-aligned hackers have been secretly infiltrating telecommunications providers across Asia Pacific and the Middle East since mid-2022, using sneaky malware like Showboat and JFMBackdoor to stay under the radar. They even used a clever "hide" command to conceal their digital footprints on infected machines.
#ChineseHackers #MalwareOperations #Telecommunications #AsiaPacific #MiddleEast
-
Malvertisers Exploit Code Signing in TamperedChef Malware Campaigns
Meet the sneaky malware campaign that's been flying under the radar, leveraging polished marketing tactics and code signing to spread its malicious reach - with over 4,000 samples and 100 unique variants uncovered across three distinct clusters of activity.
#TamperedchefMalware #CodeSigning #MalwareOperations #Malvertising #PaloAltoNetworks
-
Typosquatting Evolves Into Supply Chain Threat
Typosquatting has morphed into a sinister supply chain threat, with attackers now embedding malicious lookalike domains within legitimate third-party scripts to intercept sensitive data. This alarming evolution has led to devastating attacks, such as the Trust Wallet compromise, where 2,500 wallets were drained in just 48 hours.
#Typosquatting #SupplyChain #MalwareOperations #EmergingThreats #BrowserExtension
-
Barracuda Warns of CypherLoc Scareware Targeting Millions
Millions of users are under attack by the CypherLoc scareware, with Barracuda researchers tracking around 2.8 million attacks since January 2026 alone. This staggering number reveals a coordinated and widespread campaign that's putting tens of millions of people at risk.
#Cypherloc #Scareware #Phishing #EmergingThreats #MalwareOperations
-
Microsoft Disrupts Malware Signing Service Used by Ransomware Groups
Microsoft cracked down on a sophisticated malware signing service run by a group called Fox Tempest, which helped ransomware gangs disguise their malicious programs as legitimate software. This service was like a master forgery operation, creating counterfeit digital signatures that even experts struggled to spot.
#FoxTempest #MalwareOperations #Ransomware #CodeSigning #ArtifactSigning
-
Shai-Hulud worm infects another npm package
A copycat of the notorious Shai-Hulud worm has struck again, infecting another npm package by exploiting a GitHub Actions misconfiguration. This latest attack follows a similar pattern that recently prompted TanStack to rethink its approach to accepting outside code contributions.
#Shaihulud #Npm #GithubActions #SupplyChain #MalwareOperations
-
SHub Infostealer Variant Reaper Exploits macOS Security Updates
Researchers at SentinelOne have uncovered a sneaky new variant of the SHub macOS infostealer, called Reaper, which cleverly bypasses Apple's latest security updates by using a malicious AppleScript to trick users. This crafty malware uses fake installers to lure victims in, making it a serious threat to macOS users.
-
Gremlin Stealer Evolves With Advanced Obfuscation Tactics
Meet the new and improved Gremlin Stealer, which has upgraded its hiding game by cleverly concealing its payloads in .NET resource blobs and only revealing them at runtime, making it a stealthier threat than ever. This latest variant uses single-byte XOR encoding to mask its malicious code, evading detection by signature and…
#MalwareOperations #GremlinStealer #AdvancedObfuscation #NetResource #XorEncoding
-
REMUS Infostealer Targets Session Theft, Password Managers
Meet REMUS Infostealer, a rapidly evolving threat that's been making waves in the underground scene since February 2026, with its operators boasting a staggering 90% callback rate thanks to top-notch crypting and a dedicated server. This infostealer has quickly become a commercialized and professionalized menace, with a flurry of updates,…
#Infostealer #Remus #SessionTheft #PasswordManagers #MalwareOperations
-
Gremlin Stealer Evolves with Advanced Evasion Tactics
In just 12 months, the Gremlin stealer malware has transformed from a basic credential harvester to a sophisticated modular toolkit that can stealthily siphon sensitive information from compromised systems. Its latest variant now specifically targets Chromium-based browsers, making it an even more formidable threat.
#GremlinStealer #MalwareOperations #ModularStealer #ChromiumbasedBrowsers #DataExfiltration
-
Bitdefender Exposes Hidden Attack Surface in Trusted Tools
Did you know that 84% of high-severity incidents involve the abuse of trusted tools, making them nearly invisible to traditional security measures? This shocking statistic highlights the alarming ease with which attackers can hide in plain sight, using legitimate tools against you.
#LegitimateToolAbuse #Livingofftheland #Windows11 #Overentitlement #MalwareOperations
-
Kimsuky APT Expands Arsenal with Advanced PebbleDash Malware Tools
Kimsuky's malware arsenal just got a major boost with the addition of advanced PebbleDash tools, allowing the group to infiltrate systems with even more sophisticated tactics. Their latest campaign uses clever spear-phishing and malicious attachments to catch victims off guard.
-
Malware Worm Targets npm, PyPi in Mass Supply-Chain Attack
A self-spreading worm, dubbed Mini Shai-Hulud, has infected over 170 packages with nearly 180 million weekly downloads, posing a massive threat to the software supply chain. This highly contagious malware has been open-sourced, making it easier for others to exploit and escalate the attack.
-
TeamPCP Open-Sources Shai-Hulud Worm, Fuels Malware Proliferation
Malware mayhem takes a dark turn as TeamPCP open-sources the notorious Shai-Hulud Worm, sparking concerns of widespread malware proliferation. Security experts warn that independent threat actors are already modifying and expanding its reach.
#MalwareOperations #ShaihuludWorm #Teampcp #OpensourceMalware #EmergingThreats
-
Malware Targets TanStack npm Packages in Supply Chain Attack
Malware attackers have infiltrated the TanStack npm packages, modifying 84 artifacts in a supply chain attack that could compromise major developer ecosystems. The malicious code, aimed at stealing credentials, was published across 42 packages on May 11, with some, like @tanstack/react-router, downloaded over 12 million times…
#SupplyChainAttack #Tanstack #Npm #MalwareOperations #CredentialstealingMalware
-
TrickMo Trojan Exploits TON Network for Android Pivots
Meet TrickMo C, a sneaky new variant of the Android banking trojan that's turning infected devices into programmable network pivots, allowing hackers to intercept sensitive data from banking and cryptocurrency wallet users in France, Italy, and Austria. This malicious software is packed with powerful tools, including reconnaissance, SSH…
#AndroidBankingTrojan #Trickmo #TonNetwork #MobileSecurity #MalwareOperations
-
Cybercriminals Leverage ClickFix with PySoxy for Persistent Attacks
Cybercriminals are using a potent combination of ClickFix and PySoxy to launch persistent attacks, with experts warning that their deliberate preparation shows a sinister intent for continued access. This sophisticated tactic allows attackers to survive removal attempts and endpoint blocks, making it a major threat.
#Clickfix #Pysoxy #SocialEngineering #PersistentAttacks #MalwareOperations
-
Hugging Face Repository Exploits Typosquatting to Spread Infostealer Malware
Security researchers have uncovered a cunning malware attack on Hugging Face, where a fake repository mimicked a popular AI project, racking up over 244,000 downloads and 667 likes in just 18 hours. The malicious repository used a classic typosquatting trick to deceive users searching for the genuine project.
#Typosquatting #InfostealerMalware #AiSecurity #HuggingFace #MalwareOperations
-
Mini Shai-Hulud Worm Targets Multiple AI, Dev Packages
Meet the Mini Shai-Hulud worm, a sneaky new malware that's infiltrating AI and development packages through a clever supply-chain attack. This malicious code can steal sensitive data from cloud providers, cryptocurrency wallets, and even popular dev tools like GitHub Actions.
#SupplyChain #MalwareOperations #CredentialStealer #AiSecurity #Devsecops
-
Gentlemen Ransomware Group Hit by Data Breach
A recent data breach has exposed the inner workings of the notorious Gentlemen ransomware group, revealing a treasure trove of sensitive information, including chats, images, and operational practices. This rare glimpse into the ransomware ecosystem could provide valuable insights for cybersecurity experts and researchers.
#Ransomware #DataBreach #EmergingThreats #Gentlemen #MalwareOperations
-
Malware Exploits Chromium Interface to Steal Dev Secrets
Malware is masquerading as a legitimate software installer, tricking developers into spilling their secrets by exploiting the Chromium interface. A simple search ad has become the conduit for this malicious campaign, leading unsuspecting devs down a path of deceit.
#MalwareOperations #Chromium #DeveloperSecrets #SupplyChain #EmergingThreats
-
cPanel Flaw Exploited to Deploy Filemanager Backdoor
Over 2,000 attacker source IPs worldwide are currently involved in automated attacks exploiting a critical cPanel vulnerability, CVE-2026-41940, which allows remote attackers to gain elevated control and deploy malicious backdoors. This flaw has been targeted by multiple actors for a range of malicious outcomes, including…
#CpanelVulnerability #Cve202641940 #AuthenticationBypass #EmergingThreats #MalwareOperations
-
Malicious Repo Exploits OpenAI Model to Deliver Info Stealer
A malicious repository disguised as OpenAI's legitimate Privacy Filter model racked up 244,000 downloads and became the #1 trending project on Hugging Face, but actually hid a sneaky Rust-based information stealer targeting Windows machines. The fake repository, Open-OSS/privacy-filter, expertly impersonated OpenAI's release, even copying the…
#MalwareOperations #InfoStealer #Openai #HuggingFace #SupplyChain
-
Hackers Exploit Google Ads, AI Chats to Spread Mac Malware
Malicious hackers are exploiting Google ads and AI chat platforms to trick Mac users into downloading malware, using a sneaky tactic that involves fake installation guides and Terminal commands. Clicking on what seems to be a legitimate ad can lead to a malware-ridden surprise, thanks to a vulnerability in Claude's shared-chat feature.
#MacMalware #GoogleAds #AiChats #EmergingThreats #MalwareOperations
-
JDownloader Site Compromised to Spread Python RAT Malware
A Reddit user recently raised the alarm after Microsoft Defender flagged a JDownloader download on their new PC, uncovering a sinister plot to spread Python RAT malware through the popular download manager's compromised website. The JDownloader site was hacked between May 6-7, 2026, allowing attackers to swap legitimate downloads with…
#MalwareOperations #PythonRat #Jdownloader #SupplyChain #EmergingThreats
-
Malware Worm Eliminates Rival, Seizes Control
Meet the malware worm with a ruthless streak - it not only eliminates rival malware from infected systems, but also seizes control and claims the compromised credentials for itself. This cunning worm is taking over, leaving other malicious operators with nothing.
#MalwareOperations #RivalMalwareElimination #CredentialHarvesting #Worm #EmergingThreats
-
Linux RAT Quasar Exploits Developer Credentials for Supply Chain Compromise
Meet QLNX, a sneaky Linux malware that's targeting developers and DevOps teams to gain control of the software supply chain by stealing sensitive credentials. This stealthy threat operates from memory, masquerading as a harmless system process while secretly exfiltrating data and awaiting commands from its controllers.
#LinuxRat #Quasar #SupplyChain #DeveloperCredentials #MalwareOperations
-
PCPJack Disrupts TeamPCP's Cloud Footprint with Credential Theft
Meet PCPJack, a sneaky new credential theft framework that's wreaking havoc on TeamPCP's cloud operations by stealing sensitive credentials and clearing out the competition. This malicious tool is quietly moving through cloud environments, leaving a trail of compromised systems in its wake.
#CredentialTheft #CloudSecurity #SupplyChain #MalwareOperations #EmergingThreats
-
PCPJack Credential Stealer Exploits CVEs to Spread Across Cloud Systems
Meet PCPJack, a sneaky credential stealer that's exploiting vulnerabilities to spread rapidly across cloud systems, swiping sensitive info from services like cloud, finance, and productivity tools. Its operators are after one thing: illicit financial gain.
#CredentialStealer #CloudSecurity #EmergingThreats #MalwareOperations #CredentialTheft
-
PCPJack Worm Targets Cloud Infrastructure, Steals Credentials
A fresh malware campaign, dubbed PCPJack, is targeting cloud infrastructure, stealing credentials and wreaking havoc on Linux-based systems with a sophisticated framework that installs hidden working directories and establishes persistence. This alarming attack bears striking similarities to earlier TeamPCP/PCPCat campaigns,…
#CloudInfrastructure #MalwareOperations #CredentialTheft #Linux #EmergingThreats
-
Australia Warns of ClickFix Malware Attacks Spreading Vidar Stealer
Beware of ClickFix malware attacks that trick you into executing commands, allowing hackers to bypass security and steal your info. The Australian Cyber Security Center has warned of a new campaign using WordPress-hosted sites to spread the Vidar Stealer malware.
#ClickfixMalware #VidarStealer #Australia #SocialEngineering #MalwareOperations
-
Fake Claude AI site delivers Beagle Windows backdoor malware
Beware of a fake Claude AI site that's really a malware trap: a 505MB archive disguised as a legitimate installer delivers a sneaky Windows backdoor called Beagle. Clicking the download button on the site leads to trouble, not the AI tool you might be expecting.
#FakeClaudeAiSite #BeagleWindowsBackdoor #MalwareOperations #EmergingThreats #WindowsMalware
-
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs
Malicious Python packages on PyPI were found to be secretly delivering a new malware called ZiChatBot, which uses Zulip APIs to receive instructions. These seemingly harmless packages covertly dropped malicious components, highlighting the importance of vigilance when downloading code from public repositories.
#MalwareOperations #ZichatbotMalware #Pypi #ZulipApis #SupplyChain
-
Daemon Tools Software Trojanized in Supply Chain Attack
Malware was discovered hidden in certain Daemon Tools Lite installers, prompting developer Disc Soft to issue a clean build and confirm a supply chain attack had compromised their system. A malware-free version was released within 12 hours of notification.
#SupplyChainAttack #MalwareOperations #DaemonTools #EmergingThreats
-
Ransomware Attacks Expose Backup Vulnerabilities
Ransomware attackers often destroy backup systems before encrypting data, rendering your recovery plan useless. This deliberate tactic follows a predictable sequence, allowing attackers to systematically dismantle your defenses and leave you with limited options.
#Ransomware #BackupVulnerabilities #MalwareOperations #EmergingThreats #Cybersecurity
-
Ransomware Attacks Expose Backup Vulnerabilities
Ransomware attackers often destroy backup systems before encrypting data, rendering your recovery plan useless. This deliberate tactic follows a predictable sequence, allowing attackers to systematically dismantle your defenses and leave you with limited options.
#Ransomware #BackupVulnerabilities #MalwareOperations #EmergingThreats #Cybersecurity
-
OceanLotus Exploits PyPI to Deliver ZiChatBot Malware
Kaspersky's analysis uncovered a sneaky malware attack on PyPI, where OceanLotus hackers uploaded fake packages that looked like harmless libraries, tricking users into installing the ZiChatBot malware. The malicious packages, uploaded in July 2025, masqueraded as legitimate tools like uuid32-utils, colorinal, and termncolor.
#Oceanlotus #Pypi #ZichatbotMalware #MalwareOperations #EmergingThreats
-
Kaspersky Uncovers DAEMON Tools Supply Chain Attack
Kaspersky researchers have uncovered a sneaky supply chain attack that used compromised DAEMON Tools installers, downloaded directly from the official website, to deliver a malicious payload - and what's even scarier is that these installers were digitally signed by the very developers of DAEMON Tools themselves.
#SupplyChainAttack #DaemonTools #Kaspersky #EmergingThreats #MalwareOperations
-
ScarCruft Expands Malware Arsenal with Multi-Platform BirdCall Backdoor
ScarCruft hackers have launched a sneaky attack on a popular video game platform, infecting both Windows and Android users with a new backdoor called BirdCall. The multi-platform threat has been targeting ethnic Koreans in China since late 2024, allowing hackers to gain unauthorized access.
#Scarcruft #NorthKorea #SupplyChain #MalwareOperations #StateSponsored
-
Researchers Uncover Fast16 Malware's Stealthy Industrial Sabotage Role
Researchers have uncovered a highly sophisticated malware, Fast16, designed to secretly sabotage industrial operations by subtly manipulating critical calculations, leading to potentially catastrophic failures. This stealthy threat can silently spread across networks, altering results in…
#IndustrialSabotage #MalwareOperations #EmergingThreats #IndustrialControlSystems #OperationalTechnology
-
Vect Ransomware Exposed as Data Wiper, Not Recovery Tool
Meet Vect, a so-called ransomware that's actually a data wiper, making full recovery impossible - even for the attackers themselves. This destructive malware permanently destroys files larger than 128KB, rendering it useless for data recovery and a serious threat to enterprise assets.
#VectRansomware #DataWiper #SupplyChain #MalwareOperations #EmergingThreats
-
GlassWorm Malware Resurfaces Through 73 OpenVSX Extensions
Researchers at Socket have uncovered a sneaky new wave of GlassWorm malware, this time hiding in 73 OpenVSX extensions that behave like sleepers - seemingly harmless at first, but turning malicious after a stealthy update. Six of these extensions have already been activated, unleashing malware on unsuspecting developers.
#GlasswormMalware #Openvsx #MalwareOperations #EmergingThreats #ApplicationSecurity
-
Fast16 Malware Exposes Pre-Stuxnet Cyber Warfare Roots
Meet fast16, a sneaky malware framework that's been around since 2005 - five years before the infamous Stuxnet - and is designed to quietly sabotage high-precision software by subtly altering numerical results. This stealthy approach can cause systems to fail, wear out faster, or produce false conclusions, making it a chilling…
#IndustrialControlSystems #MalwareOperations #NationState #CyberWarfare #Stuxnet
-
Researchers Expose 73 Fake VS Code Extensions Spreading GlassWorm v2 Malware
Malicious VS Code extensions are putting developers at risk, with 73 fake extensions discovered spreading GlassWorm v2 malware, allowing attackers to stealthily retrieve and execute payloads after activation. These extensions act as loaders, using obfuscated JavaScript to achieve the same malicious…
#MalwareOperations #GlasswormV2 #VsCodeExtensions #OpenVsx #InformationstealingCampaign
-
Microsoft Teams Used to Deploy Sophisticated Snow Malware
Cyber attackers have cleverly used Microsoft Teams to deploy a sophisticated malware suite, dubbed Snow, by tricking victims into installing a fake anti-spam patch that ultimately led to prolonged access, credential theft, and domain compromise. They started by creating a sense of urgency through email bombing, then followed up with a…
#MicrosoftTeams #SnowMalware #Unc6692 #MalwareOperations #SocialEngineering
-
Researchers Uncover 'fast16' Malware Targeting Engineering Software Years Before Stuxnet
Researchers have uncovered a long-forgotten malware, fast16, that was designed to sabotage engineering software, beating even the infamous Stuxnet by at least five years. This ancient cyber threat, dating back to 2005, was engineered to spread rapidly and produce inaccurate calculations…
#IndustrialControlSystems #LuapoweredMalware #SabotageFramework #Stuxnet #MalwareOperations
-
npm Ecosystem Faces Rising Threat from Sophisticated Malware Campaigns
The npm ecosystem's security has reached a critical turning point, with sophisticated malware campaigns on the rise and a new baseline of threats emerging since September 2025. Malicious actors are now exploiting developer trust, transforming nuisance attacks into high-consequence supply-chain threats.
#SupplyChain #NpmEcosystem #MalwareOperations #EmergingThreats #Typosquatting
-
Hackers Exploit Cisco Firewalls with Persistent Backdoor
A custom implant called Firestarter can infiltrate Cisco network security devices, evading patches and routine reboots by manipulating device boot configuration to restore itself. Only a hard reboot, physically disconnecting the device from its power supply, can clear the persistence mechanism from memory.
#CiscoFirewalls #Firestarter #PersistentBackdoor #MalwareOperations #EmergingThreats