Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: malware Clear Filter

GitHub abused to distribute payloads on behalf of malware-as-a-service

arstechnica.com Unknown 2025-07-20 05:16:09

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to targets. The use of GitHub gave the malware-as-a-service (MaaS) a reliable and easy-to-use platform that’s greenlit in many enterprise networks that rely on the code repository for the software they develop. GitHub removed the three accounts that hosted the malicious payloads shortly after being notified

Topics: emmenhtal github malicious malware talos
Read More
Shop Amazon

Microsoft Teams voice calls abused to push Matanbuchus malware

bleepingcomputer.com Unknown 2025-07-20 09:28:31

The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. Matanbuchus is a malware-as-a-service operation seen promoted on the dark web first in early 2021. It was advertised as a $2,500 Windows loader that executes malicious payloads directly in memory to evade detection. In June 2022, threat analyst Brad Duncan reported that the malware loader was being used to deliver Cobalt Strike beacons in a large-scale

Topics: loader malware matanbuchus microsoft teams
Read More
Shop Amazon

Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices

bleepingcomputer.com Unknown 2025-07-20 17:59:26

Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet, accusing them of running a global ad fraud scheme against the company's advertising platforms. The BadBox 2.0 malware botnet is a cybercrime operation that utilizes infected Android Open Source Project (AOSP) devices, including smart TVs, streaming boxes, and other connected devices that lack security protections, such as Google Play Protect. These devices become infected either by threat actor

Topics: ad badbox devices google malware
Read More
Shop Amazon

Hackers exploit a blind spot by hiding malware inside DNS records

arstechnica.com Unknown 2025-07-24 14:15:04

Hackers are stashing malware in a place that’s largely out of the reach of most defenses—inside domain name system (DNS) records that map domain names to their corresponding numerical IP addresses. The practice allows malicious scripts and early-stage malware to fetch binary files without having to download them from suspicious sites or attach them to emails, where they frequently get quarantined by antivirus software. That’s because traffic for DNS lookups often goes largely unmonitored by man

Topics: binary dns largely malware traffic
Read More
Shop Amazon

Chinese authorities are using a new tool to hack seized phones and extract data

techcrunch.com Lorenzo Franceschi-Bicchierai 2025-07-24 13:00:00

Security researchers say Chinese authorities are using a new type of malware to extract data from seized phones, allowing them to obtain text messages — including from chat apps such as Signal — images, location histories, audio recordings, contacts, and more. On Wednesday, mobile cybersecurity company Lookout published a new report — shared exclusively with TechCrunch — detailing the hacking tool called Massistant, which the company said was developed by Chinese tech giant Xiamen Meiya Pico.

Topics: balaam chinese malware massistant tool
Read More
Shop Amazon

North Korean XORIndex malware hidden in 67 malicious npm packages

bleepingcomputer.com Unknown 2025-07-25 17:47:09

North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. The packages collectively count more than 17,000 downloads and were discovered by researchers at package security platform Socket, who assess them to be part of the continued Contagious Interview operation. Socket researchers say that the campaign follows threat activity detected since April. Last month, the same acto

Topics: loader malware npm packages researchers
Read More
Shop Amazon

New macOS malware targets crypto and Web3 startups with fake Zoom update

9to5mac.com Marcus Mendes 2025-08-14 17:53:43

North Korean hackers are behind a new and unusually sophisticated macOS malware campaign that targets the crypto industry using fake Zoom invites. Here’s how it works. Dubbed “NimDoor” by researchers at SentinelLabs, the attack is more sophisticated than the typical macOS threat, and it chains together AppleScript, Bash, C++, and Nim to exfiltrate data and maintain access in compromised systems. Here’s SentinelLabs’ executive summary of the hack: DPRK threat actors are utilizing Nim-compiled

Topics: actors data malware sentinellabs threat
Read More
Shop Amazon

NimDoor crypto-theft macOS malware revives itself when killed

bleepingcomputer.com Unknown 2025-08-14 17:36:27

North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. Researchers analyzing the payloads discovered that the attacker relied on unusual techniques and a previously unseen signal-based persistence mechanism. The attack chain, which involves contacting victims via Telegram and luring them into running a fake Zoom SDK update, delivered via Calendly and email, resembles the one Huntress manag

Topics: llc macos malware persistence sentinellabs
Read More
Shop Amazon

Many ransomware strains will abort if they detect a Russian keyboard installed (2021)

news.ycombinator.com Unknown 2025-08-20 15:29:55

In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick.

Topics: darkside language malware russian windows
Read More
Shop Amazon

Malwarebytes Antivirus Review 2025: Decent Software, Terrible Customer Service

cnet.com See Full Bio 2025-08-27 05:00:00

CNET’s expert staff reviews and rates dozens of new products and services each month, building on more than a quarter century of expertise. 7.0 / 10 SCORE Malwarebytes Antivirus Buy at Malwarebytes Score Breakdown Performance 8 /10 Security 9 /10 Customer Support 4 /10 Usability 7 /10 Value 5 /10 Features 9 /10 Pros Free malware scanning and browser safety tools Decent VPN Impressive privacy policies Excellent dark web monitoring tools Cons Free version doesn’t provide real-time protection

Topics: 10 antivirus data malwarebytes vpn
Read More
Shop Amazon

Malware on Google Play, Apple App Store stole your photos—and crypto

bleepingcomputer.com Unknown 2025-08-28 02:44:56

A new mobile crypto-stealing malware called SparkKitty was found in apps on Google Play and the Apple App Store, targeting Android and iOS devices. The malware is a possible evolution of SparkCat, which Kaspersky discovered in January. SparkCat used optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from images saved on infected devices. When installing crypto wallets, the installation process tells users to write down the wallet's recovery phrase and store it

Topics: android app google kaspersky malware
Read More
Shop Amazon

Malware-Laced GitHub Repos Found Masquerading as Developer Tools

news.ycombinator.com Unknown 2025-09-02 09:03:23

(English translation below) Klarrio ontdekt grootschalig malware-netwerk op GitHub Klarrio heeft onlangs een belangrijke ontdekking gedaan: Het gaat om een omvangrijk malware-netwerk op open source-platform GitHub dat de CTO van Klarrio, Bruno De Bus, dankzij eigen onderzoek heeft weten bloot te leggen. Het is al langer bekend dat er door middel van gekloonde Open-Source GitHub repositories pogingen gedaan worden om malware te installeren voor nietsvermoedende gebruikers. Maar de schaal waaro

Topics: een github icu klarrio malware
Read More
Shop Amazon

DuckDuckGo scam blocker detects fake stores, crypto sites, virus alerts, more

9to5mac.com Ben Lovejoy 2025-09-05 05:44:14

The privacy-focused web browser DuckDuckGo has boosted its anti-scam features. It can now detect and block fake ecommerce stores, crypto sites, virus alerts, and more. The new security feature is completely free for all users on both Mac and iOS browsers, with no Privacy Pro subscription needed … DuckDuckGo already had the ability to detect common phishing and malware attacks, as well as malicious ads, but these features have now been boosted and branded as Scam Blocker. There are the two new

Topics: malware personal phishing scam sites
Read More
Shop Amazon

North Korean hackers deepfake execs in Zoom call to spread Mac malware

bleepingcomputer.com Unknown 2025-09-06 00:37:41

The North Korean BlueNoroff hacking group is deepfaking company executives during Zoom calls to trick employees into installing custom malware on their macOS devices. BlueNoroff (aka Sapphire Sleet or TA444) is a North Korean advanced persistent threat (APT) group known for conducting cryptocurrency theft attacks using Windows and Mac malware. Huntress researchers uncovered a new BlueNoroff attack on June 11, 2025, when they were called to investigate a potential intrusion on a partner's netwo

Topics: huntress macos malware telegram zoom
Read More
Shop Amazon

Address bar shows hp.com. Browser displays scammers’ malicious text anyway.

arstechnica.com Unknown 2025-09-06 01:10:45

Not the Apple page you're looking for “If I showed the [webpage] to my parents, I don't think they would be able to tell that this is fake,” Jérôme Segura, lead malware intelligence analyst at Malwarebytes, said in an interview. “As the user, if you click on those links, you think, ‘Oh I'm actually on the Apple website and Apple is recommending that I call this number.’” The unknown actors behind the scam begin by buying Google ads that appear at the top of search results for Microsoft, Apple,

Topics: apple fake injected malwarebytes number
Read More
Shop Amazon

Security Bite: Infostealer malware spikes 28% among Mac users, says Jamf

9to5mac.com Arin Waichulis 2025-09-09 13:39:12

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Appl

Topics: apple infostealers jamf mac malware
Read More
Shop Amazon

20,000 malware domains taken out by massive 26-country police strike

9to5mac.com Ben Lovejoy 2025-09-16 09:16:39

A massive international law enforcement operation coordinated by Interpol has seen one of the biggest ever takedowns of a malware network. The simultaneous strike across 26 countries resulted in more than 20,000 domains being taken offline, and the arrest of 32 suspects … Bleeping Computer reports that the investigation was coordinated by Interpol. Led by Interpol and conducted from January to April 2025, the operation focused on disrupting infostealer malware groups that steal financial and

Topics: 000 data hong interpol malware
Read More
Shop Amazon

DanaBot malware operators exposed via C2 bug added in 2022

bleepingcomputer.com Unknown 2025-09-15 23:46:49

A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action. DanaBot is a malware-as-a-service (MaaS) platform active from 2018 through 2025, used for banking fraud, credential theft, remote access, and distributed denial of service (DDoS) attacks. Zscaler's ThreatLabz researchers who discovered the vulnerability, dubbed 'DanaBleed,' explain that a memory leak allow

Topics: c2 danableed danabot data malware
Read More
Shop Amazon

Operation Secure disrupts global infostealer malware operations

bleepingcomputer.com Unknown 2025-09-16 15:51:49

An international law enforcement action codenamed "Operation Secure" targeted infostealer malware infrastructure in a massive crackdown across 26 countries, resulting in 32 arrests, data seizures, and server takedowns. Led by Interpol and conducted from January to April 2025, the operation focused on disrupting infostealer malware groups that steal financial and personal data through widespread infections. The data stolen by infostealers commonly includes account credentials, browser cookies,

Topics: data group infrastructure malware operation
Read More
Shop Amazon

Patch your Windows PC now before bootkit malware takes it over - here's how

zdnet.com Lance Whitney 2025-09-16 21:01:00

Elyse Betters Picaro / ZDNET Windows users who don't always install the updates rolled out by Microsoft each month for Patch Tuesday will want to install the ones for June. That's because the latest round of patches fixes a flaw that could allow an attacker to control your PC through bootkit malware. Designated as CVE-2025-3052, the Secure Boot bypass flaw is a serious one, according to Binarly security researcher Alex Matrosov, who discovered the vulnerability. In a Binarly blog post publishe

Topics: boot flaw malware microsoft secure
Read More
Shop Amazon
Trending Topics
Hot Now
ai 1456 apple 1083 new 885 content 836 google 668
Popular
zdnet 643 amazon 643 like 633 does 524 reviews 517 company 512 editorial 503 day 489 app 476 prime 445
Emerging
said 439 data 438 samsung 392 phone 388 pro 377 game 376 just 367 android 349 deals 336 galaxy 320
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]