Published on: 2025-04-20 15:54:13
Ever wonder what malware macOS can detect and remove without help from third-party software? Apple continuously adds new malware detection rules to Mac’s built-in XProtect suite. While most rule names (signatures) are obfuscated, with a bit of reversing engineering, security researchers can map them to their common industry names. In this edition of 9to5Mac Security Bite, I revisit a story I started working on in May of 2024. Because Apple is continuously adding new modules to its XProtect suit
Keywords: apple identified macos malware xprotect
Find related items on AmazonPublished on: 2025-04-20 15:43:58
Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. Security researchers at Kaspersky's Global Research and Analysis Team (GReAT) spotted the updated implant while investigating recent attacks where the attackers deployed the RAT malware using a malicious MMC script camouflaged as a Word document, which downloaded second-stage payloads and gained persistence on compromised systems. One o
Keywords: attacks kaspersky malware mysterysnail rat
Find related items on AmazonPublished on: 2025-04-23 10:45:00
BlackJack3D/Getty Images 2024 delivered some good news and bad news in the area of cybercrime. Malware-based ransomware attacks dropped for the third year in a row. But instances of infostealer malware grew dramatically. Those findings come from IBM X-Force's "2025 Threat Intelligence Index" released Thursday. First, let's look at the good news. For the year, ransomware accounted for just 28% of malware incidents, the third annual decline in a row. This means a decrease in malware distributed
Keywords: attacks data infostealers malware ransomware
Find related items on AmazonPublished on: 2025-04-29 11:40:23
A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. ResolverRAT is distributed through phishing emails claiming to be legal or copyright violations tailored to languages that match the target's country. The emails contain a link to download a legitimate executable ('hpreader.exe'), which is leveraged to inject ResolverRAT into memory using reflective DLL
Keywords: analysis malware memory morphisec resolverrat
Find related items on AmazonPublished on: 2025-05-15 11:19:00
In a nutshell: It should go without saying that buying a very cheap, obviously counterfeit Android handset is a bad idea. Not only will you likely run into a slew of technical problems, but it could also contain pre-installed malware that infects virtually every process carried out by the handset. Kaspersky researchers have discovered a new strain of the Triada Trojan preinstalled on thousands of new very cheap Android devices – counterfeit versions of popular models. The modular remote access
Keywords: counterfeit malware new send triada
Find related items on AmazonPublished on: 2025-05-19 15:30:00
The Acronis Threat Research Unit (TRU) was presented with an interesting threat chain and malware sample for analysis that involved a known cyberthreat along with some interesting twists in targeting and obfuscation. In this article, we’ll dissect the complex malware delivery chain and tactics. The focus will be on a multi-stage infection process involving Visual Basic Script (VBS), a batch file, and a PowerShell script, ultimately leading to the deployment of high-profile malware like DCRat or
Keywords: acronis chain malware script solutions
Find related items on AmazonPublished on: 2025-05-20 18:10:14
PM Images/Getty Images I have given hundreds of cybersecurity-related webcasts and presentations, written hundreds of cybersecurity-related articles, and been involved in hundreds of one-on-one cybersecurity-related meetings with clients. Someone will always respond, comment, or protest that their business is too small for a hacker's attention. Small target illusion But none of these folks understand the economics of a hack when it comes to small businesses. There isn't a random guy out ther
Keywords: businesses hackers malware small software
Find related items on AmazonPublished on: 2025-05-22 22:17:19
A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. Although Crocodilus is a new banking malware, it features fully developed capabilities to take control of the device, harvest data, and remote control. Researchers at fraud prevention company ThreatFabric say that the malware is distributed via a proprietary dropper that bypasses Android 13 (and later) security
Keywords: access crocodilus malware screen wallet
Find related items on AmazonPublished on: 2025-06-01 20:30:04
Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. Threat actors have long sought after code-signing certificates as they can be used to sign malware to appear like they are from a legitimate company. Signed malware also has the advantage of potentially bypassing security filters that would normally block unsigned executables, or at least treat them with less suspicion. The holy grail for threat actors is t
Keywords: certificates malware microsoft service signing
Find related items on AmazonPublished on: 2025-06-02 20:09:19
The FBI is warning that fake online document converters are being used to steal peoples’ information and, in worst-case scenarios, to deploy ransomware on victims' devices. The warning came last week from the FBI Denver field office, after receiving an increasing number of reports about these types of tools. "The FBI Denver Field Office is warning that agents are increasingly seeing a scam involving free online document converter tools, and we want to encourage victims to report instances of t
Keywords: fbi file malware online tools
Find related items on AmazonPublished on: 2025-06-02 21:30:04
Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. Threat actors have long sought after code-signing certificates as they can be used to sign malware to appear like they are from a legitimate company. Signed malware also has the advantage of potentially bypassing security filters that would normally block unsigned executables, or at least treat them with less suspicion. The holy grail for threat actors is t
Keywords: certificates malware microsoft service signing
Find related items on AmazonPublished on: 2025-06-03 18:58:54
In Brief Valve removed a video game from its online store Steam after users reported that a free demo for the game was installing malware on their computers. The game was called Sniper: Phantom’s Resolution, and promised to give players “realistic [first-person shooter] mechanics, dynamic storytelling, and high-stakes missions,” according to an archive of its Steam page. The first reports that the free demo for the game may actually be malware came earlier this week from several users on Redd
Keywords: free game malware steam valve
Find related items on AmazonPublished on: 2025-06-04 18:24:23
Valve has removed from its Steam store the game title 'Sniper: Phantom's Resolution' following multiple users reporting that the demo installer infected their systems with information stealing malware. The game, published under the developer name 'Sierra Six Studios,' was supposed to be an early preview of the title with a release planned in the coming months. Before the title was pulled out, the developers on Wednesday warned players about downloading the game from websites/links outside Stea
Keywords: game malware steam title users
Find related items on AmazonPublished on: 2025-06-08 13:52:08
A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. According to Kaspersky, the malware has no links or code that overlaps with the Arcane Stealer V, which has been circulating on the dark web for years. The Arcane malware campaign started in November 2024, having gone through several evolutionary steps, including primary payload replacements. A
Keywords: arcane clients discord kaspersky malware
Find related items on AmazonPublished on: 2025-06-17 15:01:11
Cybercriminals have turned password theft into a booming enterprise, malware targeting credential stores jumped from 8% of samples in 2023 to 25% in 2024, a threefold increase. This alarming surge is one of many insights from the newly released Red Report 2025 by Picus Labs, which analyzed over 1 million malware samples to identify the tactics hackers rely on most. The findings read like a blueprint for a “perfect heist,” revealing how modern attackers combine stealth, automation, and persis
Keywords: ai attackers malware report techniques
Find related items on AmazonPublished on: 2025-06-20 02:35:10
A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. According to Lookout researchers, the spyware is attributed to the North Korean threat group APT37 (aka 'ScarCruft'). The campaign has been active since March 2022, with the threat actors actively developing the malware based on newer samples. The spyware campaign primarily targets Korean and English-speaking users
Keywords: apps google kospy malware play
Find related items on AmazonPublished on: 2025-06-20 06:15:05
ZDNET A persistent malware campaign is exploiting the ubiquitous CAPTCHA process to try to steal data from unsuspecting victims. Also: Got a suspicious E-ZPass text? It's a trap - how to spot the scam As described by security firm Malwarebytes in a new report, this scheme relies on the ease with which people often follow the steps in a CAPTCHA prompt without thinking. How the attack works You land on a website that promises movies, music, pictures, news articles, or some other interesting c
Keywords: captcha click disable javascript malwarebytes
Find related items on AmazonPublished on: 2025-06-20 18:51:00
In a nutshell: A new cyber threat tactic has emerged, leveraging social engineering to trick users into infecting their own systems with malware. Recently highlighted by Malwarebytes, this method disguises malicious tools as CAPTCHA requests. In reality, these files – often media or HTML-based – are designed to steal personal information or function as remote access trojans. The attack typically begins when visitors to a website are prompted to verify they are not robots, a common practice that
Keywords: command malicious malware verification websites
Find related items on AmazonPublished on: 2025-06-21 17:42:19
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously known Lazarus supply chain operations. The threat group is known for pushing malicious packages i
Keywords: code malicious malware package packages
Find related items on AmazonPublished on: 2025-06-25 11:11:21
Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos. The threat actors take advantage of the popularity of Windows Packet Divert (WPD) tools that are increasingly used in Russia as they help users bypass internet censorship and government-imposed restrictions on websites and online services. YouTube creators catering to this audience publish tutorials on how to use various WPD-based tools to bypass censo
Keywords: kaspersky malware threat tools youtube
Find related items on AmazonPublished on: 2025-06-28 02:39:00
Serving tech enthusiasts for over 25 years.TechSpot means tech analysis and advice you can trust In brief: If you're going to visit websites that host pirated video streams, you'd better be willing to accept the risks. That's something owners of the one million devices affected by a malware campaign originating from these sites might not have considered. Microsoft writes that its threat analysis team detected a large-scale malvertising campaign that impacted nearly one million devices globally
Keywords: github malware microsoft payloads used
Find related items on AmazonPublished on: 2025-06-29 00:53:36
Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. The company's threat analysts detected these attacks in early December 2024 after observing multiple devices downloading malware from GitHub repos, malware that was later used to deploy a string of various other payloads on compromised systems. After analyzing the campaign, they discovered that the attackers injected ads into videos
Keywords: github malvertising malware microsoft payloads
Find related items on AmazonPublished on: 2025-07-13 06:27:20
A recent social engineering campaign targeted job seekers in the Web3 space with fake job interviews through a malicious "GrassCall" meeting app that installs information-stealing malware to steal cryptocurrency wallets. Hundreds of people have been impacted by the scam, with some reporting having their wallets drained in the attacks. A Telegram group has been created to discuss the attack and for those impacted to help each other remove the malware infections from Mac and Windows devices. Th
Keywords: crazy grasscall malware social website
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.