Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: malware Clear Filter

Mosyle uncovers new cross-platform malware undetected by antivirus tools

9to5mac.com Arin Waichulis 2025-09-29 20:42:51

After warning 9to5Mac last month about undetectable Mac malware hidden in a fake PDF converter site, Mosyle, a leader in Apple device management and security, has now uncovered a new infostealer. Dubbed ModStealer, the malware has remained invisible to all major antivirus engines since first appearing on VirusTotal nearly a month ago. In details shared exclusively with 9to5Mac, Mosyle says ModStealer doesn’t just target macOS systems, but is cross-platform and purpose-built for one thing: steal

Topics: based mac malware modstealer mosyle
Read More
Shop Amazon

Security Bite: Why it’s mathematically impossible to stop malware

9to5mac.com Arin Waichulis 2025-10-20 12:11:59

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Appl

Topics: apple behavior detection malware program
Read More
Shop Amazon

The Era of AI-Generated Ransomware Has Arrived

wired.com Lily Hay Newman 2025-10-23 19:36:43

As cybercrime surges around the world, new research increasingly shows that ransomware is evolving as a result of widely available generative AI tools. In some cases, attackers are using AI to draft more intimidating and coercive ransom notes and conduct more effective extortion attacks. But cybercriminals’ use of generative AI is rapidly becoming more sophisticated. Researchers from the generative AI company Anthropic today revealed that attackers are leaning on generative AI more heavily—somet

Topics: ai anthropic generative malware ransomware
Read More
Shop Amazon

Mosyle identifies new Mac malware that evades detection through fake PDF conversion tool

9to5mac.com Arin Waichulis 2025-10-25 04:31:55

Mosyle, a leader in Apple device management and security, has exclusively revealed to 9to5Mac details on a new Mac malware strain, dubbed “JSCoreRunner”. The zero-day threat evaded all detections on VirusTotal at the time of discovery, spreading through a malicious PDF conversion site called fileripple[.]com to trick users into downloading what appears to be a harmless utility. Free tools that promise quick file conversions for HEIC and WebP files, PDFs, and Word docs have become prolific onlin

Topics: jscorerunner malware new security stage
Read More
Shop Amazon

Silk Typhoon hackers hijack network captive portals in diplomat attacks

bleepingcomputer.com Unknown 2025-10-26 07:33:59

State-sponsored hackers linked to the Silk Typhoon activity cluster targeted diplomats by hijacking web traffic to redirect to a malware-serving website. The hackers used an advanced adversary-in-the-middle (AitM) technique to hijack the captive portal of the network and send the target to the first-stage malware. Google Threat Intelligence Group (GTIG) tracks the threat actor as UNC6384 and, based on tooling, targeting, and infrastructure, believes it is associated with the Chinese threat act

Topics: chinese google gtig malware used
Read More
Shop Amazon

Malicious Android apps with 19M installs removed from Google Play

bleepingcomputer.com Unknown 2025-10-29 11:37:22

Seventy-seven malicious Android apps with more than 19 million installs were delivering multiple malware families to Google Play users. This malware infiltration was discovered by Zscaler's ThreatLabs team while investigating a new infection wave with Anatsa (Tea Bot) banking trojan targeting Android devices. While most of the malicious apps (over 66%) included adware components, the most common Android malware was Joker, which researchers encountered in almost 25% of the analyzed apps. Once

Topics: anatsa apps google malicious malware
Read More
Shop Amazon

Defending against malware persistence techniques with Wazuh

bleepingcomputer.com Unknown 2025-10-29 19:01:11

Malware persistence techniques enable attackers to maintain access to compromised endpoints despite system reboots, credential changes, or other disruptions. Common methods include altering configurations, injecting startup code, and hijacking legitimate processes. These approaches ensure the malware or attacker remains active, allowing malicious activities to continue without the need for re-exploitation. In this article, we will examine the nature of malware persistence techniques, their imp

Topics: access malware persistence techniques wazuh
Read More
Shop Amazon

New Android malware poses as antivirus from Russian intelligence agency

bleepingcomputer.com Unknown 2025-10-29 05:08:18

A new Android malware posing as an antivirus tool software created by Russia's Federal Security Services agency (FSB) is being used to target executives of Russian businesses. In a new report from Russian mobile security firm Dr. Web, researchers track the new spyware as 'Android.Backdoor.916.origin,' finding no links to known malware families. Among its various capabilities, the malware can snoop on conversations, stream from the phone's camera, log user input with a keylogger, or exfiltrate

Topics: dr malware russian security web
Read More
Shop Amazon

Security Bite: Mac.c is shaking up the macOS infostealer market, rivaling AMOS

9to5mac.com Arin Waichulis 2025-11-11 21:30:48

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Appl

Topics: apple mac macos malware moonlock
Read More
Shop Amazon

The end of perimeter defense: When your own AI tools become the threat actor

venturebeat.com Louis Columbus 2025-11-20 06:04:55

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Russia’s APT28 is actively deploying LLM-powered malware against Ukraine, while underground platforms are selling the same capabilities to anyone for $250 per month. Last month, Ukraine’s CERT-UA documented LAMEHUG, the first confirmed deployment of LLM-powered malware in the wild. The malware, attributed to APT28, utilizes stolen Hugging

Topics: ai cato malware security simonovich
Read More
Shop Amazon

New Plague Linux malware stealthily maintains SSH access

bleepingcomputer.com Unknown 2025-12-08 16:42:06

A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. Nextron Systems security researchers, who identified the malware and dubbed it "Plague," describe it as a malicious Pluggable Authentication Module (PAM) that uses layered obfuscation techniques and environment tampering to avoid detection by traditional security tools. This malware features anti-debugging capabilities to

Topics: authentication environment linux malware obfuscation
Read More
Shop Amazon

Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks

bleepingcomputer.com Unknown 2025-12-12 17:00:00

Microsoft warns that a cyber-espionage group linked to Russia's Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers. The hacking group tracked by Microsoft as Secret Blizzard (also known as Turla, Waterbug, and Venomous Bear) has been observed exploiting its adversary-in-the-middle (AiTM) position at the internet service provider (ISP) level to infect the systems of diplomatic missions with custom ApolloShadow malware. To do this, th

Topics: blizzard diplomatic espionage malware microsoft
Read More
Shop Amazon

CISA open-sources Thorium platform for malware, forensic analysis

bleepingcomputer.com Unknown 2025-12-13 11:43:00

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced the public availability of Thorium, an open-source platform for malware and forensic analysts across the government, public, and private sectors. Thorium was developed in partnership with Sandia National Laboratories as a scalable cybersecurity suite that automates many tasks involved in cyberattack investigations, and can schedule over 1,700 jobs per second and ingest over 10 million files per hour per permission

Topics: analysis cisa cybersecurity malware thorium
Read More
Shop Amazon

In search of riches, hackers plant 4G-enabled Raspberry Pi in bank network

arstechnica.com Unknown 2025-12-15 02:21:56

Hackers planted a Raspberry Pi equipped with a 4G modem in the network of an unnamed bank in an attempt to siphon money out of the financial institution's ATM system, researchers reported Wednesday. The researchers with security firm Group-IB said the “unprecedented tactic allowed the attackers to bypass perimeter defenses entirely.” The hackers combined the physical intrusion with remote access malware that used another novel technique to conceal itself, even from sophisticated forensic tools.

Topics: atm bank malware network used
Read More
Shop Amazon

Endgame Gear mouse config tool infected users with malware

bleepingcomputer.com Unknown 2025-12-21 11:48:07

Gaming peripherals maker Endgame Gear is warning that malware was hidden in its configuration tool for the OP1w 4k v2 mouse hosted on the official website between June 26 and July 9, 2025. The infected file was hosted on 'endgamegear.com/gaming-mice/op1w-4k-v2,' so users downloading the tool from that page during this period were infected. Endgame Gear is a German PC gaming peripherals firm known for its pro-gaming gear, including the XM and OP1 series mice, which are highly regarded among rev

Topics: endgame gaming gear malware tool
Read More
Shop Amazon

Can Macs Get Viruses in 2025? Do You Need Antivirus for Your Mac?

cnet.com See Full Bio 2025-12-22 04:00:00

Remember those old I’m a Mac, I’m a PC ads? In one, the Mac looks on, concerned, while the PC keeps sneezing from a virus it's caught, eventually crashing backward onto the ground. For a while, Macs did seem mostly immune to computer viruses. But when Apple’s market share ballooned, with it came a new fan club: hackers. Yes, MacOS comes with XProtect, Gatekeeper and other tools, and most Mac owners get by just fine with these plus a dash of skepticism. Still, security firms keep spotting fresh

Topics: mac macs malware virus viruses
Read More
Shop Amazon

Can Macs Get Viruses in 2025? Do You Need an Antivirus for Your Mac?

cnet.com See Full Bio 2025-12-22 16:00:00

Remember those old I’m a Mac, I’m a PC ads? In one, the Mac looks on, concerned, while the PC keeps sneezing from a virus it's caught, eventually crashing backward onto the ground. For a while, Macs did seem mostly immune to computer viruses. But when Apple’s market share ballooned, with it came a new fan club: hackers. Yes, MacOS comes with XProtect, Gatekeeper and other tools, and most Mac owners get by just fine with these plus a dash of skepticism. Still, security firms keep spotting fresh

Topics: mac macs malware virus viruses
Read More
Shop Amazon

New Koske Linux malware hides in cute panda images

bleepingcomputer.com Unknown 2025-12-26 06:54:10

A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory. Researchers from cybersecurity company AquaSec analyzed Koske and described it as "a sophhisticated Linux threat." Based on the observed adaptive behavior, the researchers believe that the malware was developed using large language models (LLMs) or automation frameworks. Koske’s purpose is to deploy CPU and

Topics: aquasec koske malware memory shell
Read More
Shop Amazon

Hacker sneaks infostealer malware into early access Steam game

bleepingcomputer.com Unknown 2025-12-27 02:49:47

A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. A few days ago, the hacker (also tracked as Larva-208), injected malicious binaries into the Chemia game files hosted on Steam. Chemia is a survival crafting game from developer ‘Aether Forge Studios,’ which is currently offered as early access on Steam but has no public release date. Chemia on Steam Source: BleepingComputer titled Chemia , also t

Topics: chemia encrypthub game malware steam
Read More
Shop Amazon

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

bleepingcomputer.com Unknown 2025-12-30 02:57:06

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. This occurred after maintainer accounts were hijacked via phishing, followed by unauthorized owner changes that went unnoticed for several hours, potentially compromising many developers who downloaded the new releases. The 'is' package is a lightweight JavaScript utility library that provides a wide variety of type checking and value v

Topics: attack compromised malware npm package
Read More
Shop Amazon

UK ties GRU to stealthy Microsoft 365 credential-stealing malware

bleepingcomputer.com Unknown 2026-01-06 06:39:40

The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), a threat actor already linked to Russia’s military intelligence service (GRU). The NCSC revealed in a detailed technical analysis of the Authentic Antics malware dated May 6th that it is stealing credentials and OAuth 2.0 tokens that allow access to a target's email account. The malware was observed in use in 2023 and runs inside the Outlook process and produ

Topics: antics authentic malware ncsc uk
Read More
Shop Amazon

GitHub abused to distribute payloads on behalf of malware-as-a-service

arstechnica.com Unknown 2026-01-08 11:16:09

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to targets. The use of GitHub gave the malware-as-a-service (MaaS) a reliable and easy-to-use platform that’s greenlit in many enterprise networks that rely on the code repository for the software they develop. GitHub removed the three accounts that hosted the malicious payloads shortly after being notified

Topics: emmenhtal github malicious malware talos
Read More
Shop Amazon

Microsoft Teams voice calls abused to push Matanbuchus malware

bleepingcomputer.com Unknown 2026-01-08 16:28:31

The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. Matanbuchus is a malware-as-a-service operation seen promoted on the dark web first in early 2021. It was advertised as a $2,500 Windows loader that executes malicious payloads directly in memory to evade detection. In June 2022, threat analyst Brad Duncan reported that the malware loader was being used to deliver Cobalt Strike beacons in a large-scale

Topics: loader malware matanbuchus microsoft teams
Read More
Shop Amazon

Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices

bleepingcomputer.com Unknown 2026-01-09 02:59:26

Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet, accusing them of running a global ad fraud scheme against the company's advertising platforms. The BadBox 2.0 malware botnet is a cybercrime operation that utilizes infected Android Open Source Project (AOSP) devices, including smart TVs, streaming boxes, and other connected devices that lack security protections, such as Google Play Protect. These devices become infected either by threat actor

Topics: ad badbox devices google malware
Read More
Shop Amazon

Hackers exploit a blind spot by hiding malware inside DNS records

arstechnica.com Unknown 2026-01-13 17:15:04

Hackers are stashing malware in a place that’s largely out of the reach of most defenses—inside domain name system (DNS) records that map domain names to their corresponding numerical IP addresses. The practice allows malicious scripts and early-stage malware to fetch binary files without having to download them from suspicious sites or attach them to emails, where they frequently get quarantined by antivirus software. That’s because traffic for DNS lookups often goes largely unmonitored by man

Topics: binary dns largely malware traffic
Read More
Shop Amazon

Chinese authorities are using a new tool to hack seized phones and extract data

techcrunch.com Lorenzo Franceschi-Bicchierai 2026-01-13 16:00:00

Security researchers say Chinese authorities are using a new type of malware to extract data from seized phones, allowing them to obtain text messages — including from chat apps such as Signal — images, location histories, audio recordings, contacts, and more. On Wednesday, mobile cybersecurity company Lookout published a new report — shared exclusively with TechCrunch — detailing the hacking tool called Massistant, which the company said was developed by Chinese tech giant Xiamen Meiya Pico.

Topics: balaam chinese malware massistant tool
Read More
Shop Amazon

North Korean XORIndex malware hidden in 67 malicious npm packages

bleepingcomputer.com Unknown 2026-01-15 02:47:09

North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. The packages collectively count more than 17,000 downloads and were discovered by researchers at package security platform Socket, who assess them to be part of the continued Contagious Interview operation. Socket researchers say that the campaign follows threat activity detected since April. Last month, the same acto

Topics: loader malware npm packages researchers
Read More
Shop Amazon

New macOS malware targets crypto and Web3 startups with fake Zoom update

9to5mac.com Marcus Mendes 2026-02-08 02:53:43

North Korean hackers are behind a new and unusually sophisticated macOS malware campaign that targets the crypto industry using fake Zoom invites. Here’s how it works. Dubbed “NimDoor” by researchers at SentinelLabs, the attack is more sophisticated than the typical macOS threat, and it chains together AppleScript, Bash, C++, and Nim to exfiltrate data and maintain access in compromised systems. Here’s SentinelLabs’ executive summary of the hack: DPRK threat actors are utilizing Nim-compiled

Topics: actors data malware sentinellabs threat
Read More
Shop Amazon

NimDoor crypto-theft macOS malware revives itself when killed

bleepingcomputer.com Unknown 2026-02-08 02:36:27

North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. Researchers analyzing the payloads discovered that the attacker relied on unusual techniques and a previously unseen signal-based persistence mechanism. The attack chain, which involves contacting victims via Telegram and luring them into running a fake Zoom SDK update, delivered via Calendly and email, resembles the one Huntress manag

Topics: llc macos malware persistence sentinellabs
Read More
Shop Amazon

Many ransomware strains will abort if they detect a Russian keyboard installed (2021)

news.ycombinator.com Unknown 2026-02-15 04:29:55

In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick.

Topics: darkside language malware russian windows
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3603 apple 2996 new 2376 google 2002 content 1719
Popular
like 1484 company 1413 pro 1310 iphone 1142 app 1119 zdnet 1103 said 1051 data 1044 does 902 reviews 888
Emerging
editorial 867 amazon 855 game 805 samsung 771 phone 759 pixel 755 android 740 just 716 available 681 users 681
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]