Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams
A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN
The Malware tag covers malware families, infrastructure analysis, incident impact, disruption efforts, and defensive guidance to reduce cybersecurity risk.
Search across headline titles and summaries.
Background for this topic.
Malware is software intentionally created or modified to perform unauthorized or harmful actions on a computer, device, or network. The term covers distinct families and functions, including viruses, worms, trojans, spyware, botnet clients, and ransomware; a single sample may combine several capabilities. Its behavior—not its label—determines the security concern: it may execute code, persist, alter or encrypt data, steal credentials, or provide unauthorized remote access.
For practitioners, malware reporting is most useful when it identifies the family or tool conservatively and provides evidence such as affected platforms, samples, infrastructure, or observed behavior. Defenses include promptly patching vulnerable software, restricting execution and privileges, monitoring endpoints and networks, maintaining tested backups, and isolating suspected systems for analysis. Detection should use behavior and verified indicators rather than names alone, since variants change. If malware processes personal or regulated data, investigations should also address privacy, evidence preservation, and applicable reporting obligations.
A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN
The Anti-Phishing Working Group observed how attackers are increasingly abusing QR codes to conduct phishing attacks or to trick users into downloading malware.
SentinelLabs observed North Korean actors deploying novel TTPs to target crypto firms, including a mix of programming languages and signal-based persistence
In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer.
North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. [...]
A new threat vector exploits how modern browsers save HTML files, bypassing Mark of the Web and giving attackers another social-engineering attack for delivering malware.
Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics
New Android malware Qwizzserial has infected 100,000 devices, primarily in Uzbekistan, stealing SMS data via Telegram distribution
The attack uses sideloading to deliver a variant of the popular Gh0stRAT malware and lures victims by posing — among other things — as a purported installer for DeepSeek's LLM.
This Is Not the Malicious Code You're Looking For, Malware Tells AIIf you can't outsmart the antivirus, maybe you can sweet-talk the algorithm into looking the other way. Security researchers discovered what appears to be the first known attempt to deploy prompt injection against artificial intelligence-powered malware analysis.
Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader
Malicious websites designed to rank high in Google search results for ChatGPT and Luma AI deliver the Lumma and Vidar infostealers and other malware.
Ever wonder what happens when attackers don’t break the rules—they just follow them better than we do? When systems work exactly as they’re built to, but that “by design” behavior quietly opens the door to risk? This week brings stories that make you stop and rethink what’s truly under control. It’s not always about a broken firewall or missed patch—it’s about the small choices, default settings
PLUS: Crooks target hardware crypto wallets; Bad flaws in Brother printers; ,O365 allows takeover-free phishing; and more Infosec in Brief Despite warnings not to pay ransomware operators, almost half of those infected by the malware send cash to the crooks who planted it, according to infosec software slinger Sophos.…