New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth
A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal
The Malware tag covers malware families, infrastructure analysis, incident impact, disruption efforts, and defensive guidance to reduce cybersecurity risk.
Search across headline titles and summaries.
Background for this topic.
Malware is software intentionally created or modified to perform unauthorized or harmful actions on a computer, device, or network. The term covers distinct families and functions, including viruses, worms, trojans, spyware, botnet clients, and ransomware; a single sample may combine several capabilities. Its behavior—not its label—determines the security concern: it may execute code, persist, alter or encrypt data, steal credentials, or provide unauthorized remote access.
For practitioners, malware reporting is most useful when it identifies the family or tool conservatively and provides evidence such as affected platforms, samples, infrastructure, or observed behavior. Defenses include promptly patching vulnerable software, restricting execution and privileges, monitoring endpoints and networks, maintaining tested backups, and isolating suspected systems for analysis. Detection should use behavior and verified indicators rather than names alone, since variants change. If malware processes personal or regulated data, investigations should also address privacy, evidence preservation, and applicable reporting obligations.
A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal
A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy. [...]
New Malware SoumniBot Exploiting Legitimate Android ProcessA new banking Trojan is targeting Korean users using obfuscation techniques that target the Android manifest, exploit vulnerabilities and take advantage of weaknesses in how Android apps interpret this file. SoumniBot stands out for its approach to camouflaging its malicious intent.
It turns out that a powerful security solution can double as even more powerful malware, capable of granting comprehensive access over a targeted machine.
A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too. [...]
New Malware SoumniBot Exploiting Legitimate Android ProcessA new banking Trojan is targeting Korean users using obfuscation techniques that target the Android manifest, exploit vulnerabilities and take advantage of weaknesses in how Android apps interpret this file. SoumniBot stands out for its approach to camouflaging its malicious intent.
A legitimate-looking Google Search advertisement for the crypto trading platform 'Whales Market' redirects visitors to a wallet-draining phishing site that steals all of your assets. [...]
Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015
Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations
A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure
Two new code-execution techniques, Poison Fiber and Phantom Thread, take advantage of a little-known Windows OS workhorse to sneak shellcode and other malware onto victim machines.
A new Android banking malware named 'SoumniBot' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure. [...]
"Kapeka" and "Fuxnext" are the latest examples of malware to emerge from the long-standing conflict between the two countries.
Experts See Surge in Attacks, Including in Russia, Using Leaked LockBit CodeWhat do a German healthcare network, a Russian security company and an American bridal clothing retailer have in common? All seem to have been compromised in recent months by attackers who wielded LockBit crypto-locking malware - but who weren't tied to the actual LockBit operation.
A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022
At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year. [...]
Kapeka Shows Similarities to Russian GRU Hacking Group's GreyEnergy MalwareLikely Russian military intelligence hackers known as Sandworm since at least mid-2022 have deployed a new and highly flexible back door against Eastern European targets, warn security researchers. Security firm WithSecure dubs the backdoor "Kapeka."
Kaspersky researchers discovered the new variant after responding to a critical incident targeting an organization in West Africa.
The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others
Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird)