BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads
The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif
The Malware tag covers malware families, infrastructure analysis, incident impact, disruption efforts, and defensive guidance to reduce cybersecurity risk.
Search across headline titles and summaries.
Background for this topic.
Malware is software intentionally created or modified to perform unauthorized or harmful actions on a computer, device, or network. The term covers distinct families and functions, including viruses, worms, trojans, spyware, botnet clients, and ransomware; a single sample may combine several capabilities. Its behavior—not its label—determines the security concern: it may execute code, persist, alter or encrypt data, steal credentials, or provide unauthorized remote access.
For practitioners, malware reporting is most useful when it identifies the family or tool conservatively and provides evidence such as affected platforms, samples, infrastructure, or observed behavior. Defenses include promptly patching vulnerable software, restricting execution and privileges, monitoring endpoints and networks, maintaining tested backups, and isolating suspected systems for analysis. Detection should use behavior and verified indicators rather than names alone, since variants change. If malware processes personal or regulated data, investigations should also address privacy, evidence preservation, and applicable reporting obligations.
The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif
Microsoft is working on introducing improved protection against phishing attacks pushing malware via malicious Microsoft OneNote files. [...]
BlackLotus is the first in-the-wild malware to exploit a vulnerability in the Secure Boot process on Windows, and experts expect copycats and imminent increased activity.
A newly discovered Golang-based botnet malware scans for and infects web servers running phpMyAdmin, MySQL, FTP, and Postgres services. [...]
A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job offers that lead to the deployment of three new, custom malware families. [...]
The trojan can now start specified applications, show push notifications, steal cookies and more
An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022
A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence
The Xenomorph Android malware has released a new version that adds significant capabilities to conduct malicious attacks, including a new automated transfer system (ATS) framework and the ability to steal credentials for 400 banks. [...]
A new variant of the Android banking trojan named Xenomorph has surfaced in the wild, the latest findings from ThreatFabric reveal
A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022
Malware-seekers were diverted to the Feds, severing a Croatian connection International law enforcement agencies have claimed another victory over cyber criminals, after seizing the website, and taking down the infrastructure operated by crims linked to the NetWire remote access trojan (RAT).…
An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator of the NetWire remote access trojan and the seizure of the service's web domain and hosting server. [...]
Notorious botnet starts spamming again after a three-month pause Emotet is back. After another months-long lull since a spate of attacks in November 2022, the notorious malware operation that has already survived a law enforcement takedown and various periods of inactivity began sending out malicious emails on Tuesday morning.…
A suspected Chinese hacking campaign has been targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that establish long-term persistence for cyber espionage campaigns. [...]
Weekly attacks targeting Ukraine decreased by 44% between October 2022 and February 2023
ScrubCrypt malware obfuscates and encrypts applications to evade antivirus detection
Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware
They've been lurking in networks since at least 2021 Suspected Chinese cyber criminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant.…
Led by growth in Russia, more than 40% of global ICS systems faced malicious activity in the second half of 2022.