Suspicious Smartwatches Mailed to US Army Personnel
Unknown senders have been shipping smartwatches to service members, leading to questions regarding what kind of ulterior motive is at play, malware or otherwise.
The Malware tag covers malware families, infrastructure analysis, incident impact, disruption efforts, and defensive guidance to reduce cybersecurity risk.
Search across headline titles and summaries.
Background for this topic.
Malware is software intentionally created or modified to perform unauthorized or harmful actions on a computer, device, or network. The term covers distinct families and functions, including viruses, worms, trojans, spyware, botnet clients, and ransomware; a single sample may combine several capabilities. Its behavior—not its label—determines the security concern: it may execute code, persist, alter or encrypt data, steal credentials, or provide unauthorized remote access.
For practitioners, malware reporting is most useful when it identifies the family or tool conservatively and provides evidence such as affected platforms, samples, infrastructure, or observed behavior. Defenses include promptly patching vulnerable software, restricting execution and privileges, monitoring endpoints and networks, maintaining tested backups, and isolating suspected systems for analysis. Detection should use behavior and verified indicators rather than names alone, since variants change. If malware processes personal or regulated data, investigations should also address privacy, evidence preservation, and applicable reporting obligations.
Unknown senders have been shipping smartwatches to service members, leading to questions regarding what kind of ulterior motive is at play, malware or otherwise.
Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization's employees, but no patch is imminent.
The smartwatches have Wi-Fi auto-connect features and possibly contain malware
A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID
Hides itself from popular Asian AV, also uses games to do its dirty work Malware intended to spread on USB drives is unintentionally infecting networked storage devices, according to infosec vendor Checkpoint.…
...that alone 'could provide a false sense of security,' NSA warns in this handy free guide for orgs BlackLotus, the malware capable of bypassing Secure Boot protections and compromising Windows computers, has caught the ire of the NSA, which today published a guide to help organizations detect and prevent infections of the UEFI bootkit.…
Security researchers have found a simple way to deliver malware to an organization with Microsoft Teams, despite restrictions in the application for files from external sources. [...]
The U.S. National Security Agency (NSA) released today guidance on how to defend against BlackLotus UEFI bootkit malware attacks. [...]
A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems
The campaign was discovered by AhnLab Security Emergency Response Center (ASEC)
Camaro Dragon (Mustang Panda) is spreading a malware variant of WispRider quickly across the globe even through air gaps, often unbeknown to users.
The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives
The notorious APT15 used common malware tools and a third-generation custom 'Graphican' backdoor to continue its information gathering exploits, this time against foreign ministries.
Snoops may be targeting macOS devices in addition to iPhones, Kaspersky says Whoever is infecting people's iPhones with the TriangleDB spyware may be targeting macOS computers with similar malware, according to Kaspersky researchers.…
The North Korean APT37 hacking group uses a new 'FadeStealer' information-stealing malware containing a 'wiretapping' feature, allowing the threat actor to snoop and record from victims' microphones. [...]
If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or "crypt" your malware so that it appears benign to antivirus and security products. In fact, the process of "crypting" malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties. This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.
The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service
More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation
The Chinese state-sponsored hacking group tracked as APT15 has been observed using a novel backdoor named 'Graphican' in a new campaign between late 2022 and early 2023. [...]
A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet