Malware Archives - Page 2 of 6

DeepLoad Malware: AI-Generated Evasion Meets ClickFix Delivery in Enterprise Credential Theft Campaign

acint2 months ago04 mins

A sophisticated new malware campaign dubbed “DeepLoad” has emerged targeting enterprise environments, combining ClickFix social engineering delivery with AI-generated obfuscation techniques that defeat traditional security controls. ReliaQuest researchers discovered the threat after observing it achieve persistent, credential-stealing access through a single user action. What Makes DeepLoad Different DeepLoad isn’t notable for any single technique—it’s the…

Infinity Stealer: New macOS Infostealer Combines ClickFix Social Engineering with Nuitka Compilation

acint2 months ago03 mins

A sophisticated new info-stealing malware named Infinity Stealer is targeting macOS systems using an innovative attack chain that combines ClickFix social engineering with Python payloads compiled using the open-source Nuitka compiler. Attack Overview According to Malwarebytes researchers, this marks the first documented macOS campaign combining ClickFix delivery with a Python-based infostealer compiled using Nuitka. The…

Infinity Stealer: New macOS Infostealer Uses ClickFix and Nuitka Compilation to Evade Detection

acint2 months ago02 mins

A sophisticated new information-stealing malware named Infinity Stealer has emerged targeting macOS systems, combining the increasingly popular ClickFix social engineering technique with advanced evasion capabilities through Nuitka compilation. According to Malwarebytes research, this represents the first documented macOS campaign combining ClickFix delivery with a Python-based infostealer compiled using Nuitka—a technique that produces native binaries far…

FBI Alert: Iranian MOIS Hackers Weaponize Telegram for Global Espionage Against Dissidents

acint2 months ago03 mins

The FBI has issued a public alert warning that Iranian government hackers affiliated with the Ministry of Intelligence and Security (MOIS) are actively weaponizing Telegram as a command-and-control (C2) platform to conduct espionage operations against dissidents, opposition groups, and journalists worldwide. Attack Chain: From Social Engineering to Full Device Compromise The sophisticated attack campaign begins…

Interlock Ransomware Exploited Cisco Firewall Zero-Day Weeks Before Public Disclosure

acint2 months ago03 mins

Amazon’s security team has revealed that the Interlock ransomware gang exploited a critical Cisco firewall vulnerability as a zero-day for five weeks before it was publicly disclosed, giving attackers a significant head start against defenders. Zero-Day Exploitation Timeline According to CJ Moses, CISO of Amazon Integrated Security, Interlock began exploiting CVE-2026-20131 on January 26, 2026…

DarkSword iOS Exploit Kit: Russian Hackers Weaponize Six Vulnerabilities for Full iPhone Takeover

acint2 months ago03 mins

Google Threat Intelligence Group (GTIG), iVerify, and Lookout have jointly uncovered DarkSword, a sophisticated iOS exploit kit that enables complete device compromise with minimal user interaction. The kit, operational since at least November 2025, has been deployed by suspected Russian state-sponsored actors targeting Ukrainian users, as well as commercial surveillance vendors across multiple countries. Six…

LeakNet Ransomware Scales Operations with ClickFix Lures and Stealthy Deno-Based Fileless Loader

acint2 months ago03 mins

The LeakNet ransomware group is rapidly scaling its operations with two dangerous innovations: a social engineering technique called ClickFix and a previously unreported fileless loader built on the legitimate Deno JavaScript runtime. According to ReliaQuest research, LeakNet has shifted away from purchasing stolen credentials from initial access brokers (IABs). Instead, the group now plants fake…

GlassWorm Supply Chain Campaign Hijacks 72 Open VSX Extensions to Target Developers

acint2 months ago02 mins

Threat actors are abusing Visual Studio Code extension dependencies in the Open VSX registry to distribute the GlassWorm malware loader through 72 malicious extensions targeting developers.

GlassWorm ForceMemo Campaign: Stolen GitHub Tokens Used to Inject Malware Into Hundreds of Python Repositories

acint2 months ago03 mins

A sophisticated supply chain attack dubbed ForceMemo is leveraging stolen GitHub tokens to inject malware into hundreds of Python repositories, marking a dangerous escalation in the ongoing GlassWorm campaign targeting software developers. The Attack Chain According to StepSecurity research, the attackers are targeting Python projects including Django applications, machine learning research code, Streamlit dashboards, and…

KadNap Botnet Hijacks 14,000+ ASUS Routers Using Novel Kademlia DHT Protocol for Stealth C2

acint2 months ago03 mins

A newly discovered botnet called KadNap is turning ASUS routers and edge networking devices into covert proxies for cybercriminal operations. Since August 2025, the malware has infected over 14,000 devices across the globe, with researchers from Black Lotus Labs (Lumen Technologies) revealing a sophisticated command-and-control (C2) infrastructure that leverages a customized version of the Kademlia…