Malware Archives - Page 4 of 6

AiFrame Campaign: 30 Fake AI Chrome Extensions with 300K Users Steal Credentials, Gmail Content

acint2 months ago03 mins

Researchers at browser security platform LayerX have uncovered a coordinated malware campaign dubbed “AiFrame” involving 30 malicious Chrome extensions installed by more than 300,000 users. The extensions masquerade as AI assistants while secretly stealing credentials, email content, and browsing information. Campaign Overview All analyzed extensions share the same internal structure, JavaScript logic, permissions, and communicate…

Phorpiex Botnet Resurfaces: Phishing Campaign Delivers Offline-Capable Global Group Ransomware

acint2 months ago02 mins

A new phishing campaign leveraging the infamous Phorpiex botnet has been observed distributing Global Group ransomware through weaponized Windows shortcut (.LNK) files, according to a new advisory from Forcepoint X-Labs. The Attack Chain The campaign uses phishing emails with the subject line “Your Document” — a lure that has remained effective throughout 2024 and 2025….

Cybercriminals Weaponize ChatGPT and Grok to Distribute AMOS Stealer on macOS

acint2 months ago03 mins

A sophisticated attack campaign is exploiting user trust in artificial intelligence platforms to distribute the Atomic macOS Stealer (AMOS), representing a dangerous evolution in social engineering tactics that combines legitimate AI chatbot services with paid Google advertising. According to research from Flare, threat actors are creating shareable AI chat links on ChatGPT and Grok containing…

XWorm RAT Campaign Exploits CVE-2018-0802 in Multi-Language Phishing Attacks Using Fileless Injection

acint2 months ago03 mins

FortiGuard Labs has uncovered a sophisticated phishing campaign delivering XWorm version 7.2, a multi-functional Remote Access Trojan (RAT) that provides attackers with full remote control of compromised Windows systems. Campaign Overview The campaign utilizes multiple phishing email themes written in various languages to maximize its reach. Emails are disguised as: Payment detail requests requiring recipient…

Fake 7-Zip Downloads Convert Home PCs Into Residential Proxy Nodes for Cybercriminals

acint2 months ago03 mins

A sophisticated brand impersonation campaign is weaponizing the popular 7-Zip file archiver to silently transform infected Windows computers into residential proxy nodes—monetizing victims’ IP addresses for fraud, scraping, and anonymity laundering operations. The Lookalike Domain Trap Security researchers at Malwarebytes have documented a long-running campaign where attackers operate 7zip[.]com—a convincing lookalike of the legitimate 7-zip.org…

Silver Fox APT Unleashes ValleyRAT with Rare PoolParty Process Injection Technique

acint3 months ago3 months ago02 mins

A sophisticated malware campaign targeting Chinese-speaking users has revealed a significant evolution in the Silver Fox APT group’s capabilities. According to new research from Cybereason Security Services, the threat actors are deploying fake software installers to deliver ValleyRAT (also known as Winos 4.0) using a rare process injection technique that bypasses most security tools. A…

SystemBC Botnet Survives Law Enforcement Takedown, Infects Over 10,000 Devices Worldwide

acint3 months ago04 mins

The SystemBC malware loader has demonstrated remarkable resilience, continuing to operate despite targeted efforts during Europol’s Operation Endgame in May 2024. Cybersecurity firm Silent Push has identified more than 10,000 unique infected IP addresses across a massive botnet infrastructure that shows no signs of slowing down. Key Findings Silent Push researchers deployed a custom-built SystemBC…

PDFSider: The Stealthy Backdoor Targeting Fortune 100 Financial Institutions

acint3 months ago03 mins

A newly identified Windows malware strain called PDFSider has emerged as a dangerous tool in the arsenals of multiple ransomware operators, with at least one confirmed attack targeting a Fortune 100 finance company. Security researchers at Resecurity uncovered the malware during an incident response engagement, describing it as an advanced stealth backdoor designed for long-term…

ShadowHS: Fileless Linux Post-Exploitation Framework Runs Entirely in Memory

acint3 months ago03 mins

Cyble Research & Intelligence Labs (CRIL) has uncovered a sophisticated Linux intrusion framework dubbed ShadowHS — a stealthy, fileless post-exploitation tool that executes entirely from memory, leaving virtually no traces on disk. This discovery highlights the growing sophistication of Linux-targeted threats and the challenges they pose for traditional security tools. What Makes ShadowHS Different Unlike…

Malware

Android Malware Campaign Abuses Hugging Face AI Platform to Distribute RAT

acint3 months ago3 months ago02 mins

Threat actors are abusing the Hugging Face AI platform to host Android malware, using server-side polymorphism to generate thousands of RAT variants every 15 minutes.