Malware Archives - Bulwark Black LLC

CrystalX RAT: New Malware-as-a-Service Combines Spyware, Stealer, and Prankware Capabilities

acint3 weeks ago03 mins

Kaspersky researchers have uncovered CrystalX RAT, a sophisticated new malware-as-a-service (MaaS) platform that combines remote access trojan capabilities with data theft, keylogging, and uniquely disturbing prankware features designed to psychologically torment victims. From Webcrystal to CrystalX: The Evolution First observed in January 2026 as Webcrystal RAT, the malware was initially promoted through private Telegram groups….

LiteLLM Supply Chain Attack: TeamPCP Deploys Multi-Stage Credential Stealer to 95M Monthly Downloads

acint3 weeks ago03 mins

A sophisticated supply chain attack has compromised LiteLLM, the widely-used Python library for interfacing with large language models, delivering multi-stage credential-stealing malware to systems downloading over 95 million packages per month. The attack, attributed to TeamPCP—the same threat group behind the recent Trivy supply chain compromises—targeted LiteLLM versions 1.82.7 and 1.82.8 on PyPI. According to…

Axios npm Supply Chain Attack Deploys Cross-Platform RAT to 83 Million Weekly Users

acint3 weeks ago03 mins

On March 31, 2026, the cybersecurity landscape was shaken by a significant supply chain attack targeting Axios, one of the most widely used HTTP client libraries in the JavaScript ecosystem with over 83 million weekly downloads. Attackers compromised a maintainer account to inject a cross-platform remote access trojan (RAT) into two malicious package versions. Attack…

DeepLoad Malware: AI-Generated Evasion Meets ClickFix Delivery in Enterprise Credential Theft Campaign

acint3 weeks ago04 mins

A sophisticated new malware campaign dubbed “DeepLoad” has emerged targeting enterprise environments, combining ClickFix social engineering delivery with AI-generated obfuscation techniques that defeat traditional security controls. ReliaQuest researchers discovered the threat after observing it achieve persistent, credential-stealing access through a single user action. What Makes DeepLoad Different DeepLoad isn’t notable for any single technique—it’s the…

Infinity Stealer: New macOS Infostealer Combines ClickFix Social Engineering with Nuitka Compilation

acint4 weeks ago03 mins

A sophisticated new info-stealing malware named Infinity Stealer is targeting macOS systems using an innovative attack chain that combines ClickFix social engineering with Python payloads compiled using the open-source Nuitka compiler. Attack Overview According to Malwarebytes researchers, this marks the first documented macOS campaign combining ClickFix delivery with a Python-based infostealer compiled using Nuitka. The…

Infinity Stealer: New macOS Infostealer Uses ClickFix and Nuitka Compilation to Evade Detection

acint4 weeks ago02 mins

A sophisticated new information-stealing malware named Infinity Stealer has emerged targeting macOS systems, combining the increasingly popular ClickFix social engineering technique with advanced evasion capabilities through Nuitka compilation. According to Malwarebytes research, this represents the first documented macOS campaign combining ClickFix delivery with a Python-based infostealer compiled using Nuitka—a technique that produces native binaries far…

FBI Alert: Iranian MOIS Hackers Weaponize Telegram for Global Espionage Against Dissidents

acint4 weeks ago03 mins

The FBI has issued a public alert warning that Iranian government hackers affiliated with the Ministry of Intelligence and Security (MOIS) are actively weaponizing Telegram as a command-and-control (C2) platform to conduct espionage operations against dissidents, opposition groups, and journalists worldwide. Attack Chain: From Social Engineering to Full Device Compromise The sophisticated attack campaign begins…

Interlock Ransomware Exploited Cisco Firewall Zero-Day Weeks Before Public Disclosure

acint1 month ago03 mins

Amazon’s security team has revealed that the Interlock ransomware gang exploited a critical Cisco firewall vulnerability as a zero-day for five weeks before it was publicly disclosed, giving attackers a significant head start against defenders. Zero-Day Exploitation Timeline According to CJ Moses, CISO of Amazon Integrated Security, Interlock began exploiting CVE-2026-20131 on January 26, 2026…

DarkSword iOS Exploit Kit: Russian Hackers Weaponize Six Vulnerabilities for Full iPhone Takeover

acint1 month ago03 mins

Google Threat Intelligence Group (GTIG), iVerify, and Lookout have jointly uncovered DarkSword, a sophisticated iOS exploit kit that enables complete device compromise with minimal user interaction. The kit, operational since at least November 2025, has been deployed by suspected Russian state-sponsored actors targeting Ukrainian users, as well as commercial surveillance vendors across multiple countries. Six…

LeakNet Ransomware Scales Operations with ClickFix Lures and Stealthy Deno-Based Fileless Loader

acint1 month ago03 mins

The LeakNet ransomware group is rapidly scaling its operations with two dangerous innovations: a social engineering technique called ClickFix and a previously unreported fileless loader built on the legitimate Deno JavaScript runtime. According to ReliaQuest research, LeakNet has shifted away from purchasing stolen credentials from initial access brokers (IABs). Instead, the group now plants fake…