#malware
21 stories taggedmalware.

Poisoned Injective SDK on npm quietly stole crypto wallet keys for hours
A hijacked contributor account on GitHub pushed a booby-trapped version of a popular blockchain toolkit, siphoning seed phrases from any developer who ran the wrong function.

Fake 7-Zip Downloads Are Quietly Turning Home PCs Into Criminal Middlemen
A group Infoblox calls Lurking Lizard has been running a rogue proxy service from 230+ lookalike sites since 2022, hiding the malware inside fake copies of the popular 7-Zip file compression tool.

Fake Pirated Software Ads Are Draining Passwords and Hijacking Computers to Mine Crypto
A campaign uncovered by Palo Alto Networks researchers is tricking people into downloading malware disguised as cracked software, stealing saved passwords while quietly running up victims' electricity bills.

Meet BusySnake: The Stealthy Malware Quietly Raiding Government Networks
A newly discovered hacking group is hitting government offices and critical services in three countries with a cunning piece of spy software. Here is what it does and who is at risk.

North Korean Hackers Poisoned Over 100 Open Source Packages to Spy on Developers
A campaign called PolinRider has quietly corrupted legitimate software building blocks used by developers worldwide, planting tools that steal data and leave a hidden door open for attackers.

Researchers Show AI Coding Agent 'Skills' Can Hide Malware From Every Scanner Tested
A Hong Kong team's packing trick beat static scanners more than 90% of the time. Their own runtime checker caught most of it.

Google and FBI Shut Down NetNut, a Criminal Anonymity Network Built on Millions of Hijacked Home Devices
NetNut rented out access to infected home and business routers so criminals and foreign spies could hide their tracks. A joint operation has disrupted it.

Fake Guest Photos Are Handing Hackers Long-Term Access to Hotel Networks
Two separate campaigns are targeting hotel front desks and booking teams with booby-trapped zip files dressed up as guest photographs — and the goal isn't a quick smash-and-grab. It's a quiet, lasting foothold.

ClickFix: Emerging Favorite for Cybercriminals in Malware Delivery
New research highlights how ClickFix, a social engineering tactic, is dominating the malware delivery landscape across various systems.

Phishing Emails Now Study Your Phone Before They Attack You
A new wave of scam emails quietly profiles your device — your operating system, location, and screen size — then delivers malware tailored specifically to your setup.

ChocoPoC: The Fake Exploit Repos Turning Bug Hunters Into Victims
A Python-based infostealer is hiding inside GitHub proof-of-concept code marketed to vulnerability researchers, siphoning credentials, cookies, and files before dropping a remote shell.

North Korean Malware Tells AI Analyzers to Look Away
A macOS sample attributed to Pyongyang-linked actors contains prompts designed to make LLM-assisted security tools abandon their analysis. Defenders are starting to notice the pattern.

AryStinger Quietly Conscripts 4,300 Old Routers Into a Recon Proxy Fabric
Researchers say the malware skips the usual DDoS playbook and instead builds infrastructure for pre-breach reconnaissance.

The Cybercrime Economy Is Looking a Lot Like SaaS
A leaked worm kit, a $5K/month browser-cloning RAT, and AI agents coughing up credentials — the criminal stack is industrialising.

AI Worm Exploits Networks Using Local Models
University researchers create AI worm that crafts unique attacks without external AI services.