New Android banking malware remotely takes control of your device
A new Android banking malware named Octo has appeared in the wild, featuring remote access capabilities that allow malicious operators to perform on-device fraud. [...]
The Malware tag covers malware families, infrastructure analysis, incident impact, disruption efforts, and defensive guidance to reduce cybersecurity risk.
Search across headline titles and summaries.
Background for this topic.
Malware is software intentionally created or modified to perform unauthorized or harmful actions on a computer, device, or network. The term covers distinct families and functions, including viruses, worms, trojans, spyware, botnet clients, and ransomware; a single sample may combine several capabilities. Its behavior—not its label—determines the security concern: it may execute code, persist, alter or encrypt data, steal credentials, or provide unauthorized remote access.
For practitioners, malware reporting is most useful when it identifies the family or tool conservatively and provides evidence such as affected platforms, samples, infrastructure, or observed behavior. Defenses include promptly patching vulnerable software, restricting execution and privileges, monitoring endpoints and networks, maintaining tested backups, and isolating suspected systems for analysis. Detection should use behavior and verified indicators rather than names alone, since variants change. If malware processes personal or regulated data, investigations should also address privacy, evidence preservation, and applicable reporting obligations.
A new Android banking malware named Octo has appeared in the wild, featuring remote access capabilities that allow malicious operators to perform on-device fraud. [...]
The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022
SharkBot was hidden in apps masquerading as antivirus tools.
Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year
The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS (distributed denial of service) attacks. [...]
A number of rogue Android apps that have been cumulatively installed from the official Google Play Store more than 50,000 times are being used to target banks and other financial entities
We discovered active exploitation of a vulnerability in the Spring Framework designated as CVE-2022-22965 that allows malicious actors to download the Mirai botnet malware.
Members of BlackMatter, and possibly REvil, have likely resurfaced in the new ransomware-as-a-service group ALPHV, whose primary tool is the BlackCat malware.
Security researchers have discovered the first malware specifically developed to target Amazon Web Services (AWS) Lambda cloud environments with cryptominers. [...]
A new TDS (Traffic Direction System) operation called Parrot has emerged in the wild, having already infected servers hosting 16,500 websites of universities, local governments, adult content platforms, and personal blogs. [...]
Bundled version of Node.js simplifies executing downloaded code Adobe Creative Cloud Experience, a service installed via the Creative Cloud installer for Windows, includes a Node.js executable that's useable as part of an attack chain.…
A first-of-its-kind malware targeting Amazon Web Services' (AWS) Lambda serverless computing platform has been discovered in the wild
The Hamas-backed hacking group tracked as 'APT-C-23' was found catfishing Israeli officials working in defense, law, enforcement, and government agencies, ultimately leading to the deployment of new malware. [...]
Mobile malware analysts warn about a set of applications available on the Google Play Store, which collected sensitive user data from over 45 million devices. [...]
Huntress Labs R&D Director Jamie Levy busts the old “Macs don’t get viruses” myth and offers tips on how MacOS malware differs and how to protect against it.
As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot
Cybersecurity researchers have detailed a "simple but efficient" persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign
Coordinated effort removes malware from C&C devices
From serverless to server, yes! Cado Security says it has discovered a strain of malware specifically designed to run in AWS Lambda serverless environments and mine cryptocurrency.…
The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU)