Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer
Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns
The Malware tag covers malware families, infrastructure analysis, incident impact, disruption efforts, and defensive guidance to reduce cybersecurity risk.
Search across headline titles and summaries.
Background for this topic.
Malware is software intentionally created or modified to perform unauthorized or harmful actions on a computer, device, or network. The term covers distinct families and functions, including viruses, worms, trojans, spyware, botnet clients, and ransomware; a single sample may combine several capabilities. Its behavior—not its label—determines the security concern: it may execute code, persist, alter or encrypt data, steal credentials, or provide unauthorized remote access.
For practitioners, malware reporting is most useful when it identifies the family or tool conservatively and provides evidence such as affected platforms, samples, infrastructure, or observed behavior. Defenses include promptly patching vulnerable software, restricting execution and privileges, monitoring endpoints and networks, maintaining tested backups, and isolating suspected systems for analysis. Detection should use behavior and verified indicators rather than names alone, since variants change. If malware processes personal or regulated data, investigations should also address privacy, evidence preservation, and applicable reporting obligations.
Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns
HP Wolf highlighted novel techniques used by attackers to bypass email protections, including embedding malicious code inside images and utilizing GenAI
Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network
It's an especially brazen form of malvertising, researchers say, striking at the heart of Google's business; the tech giant says it's aware of the issue and is working quickly to address the problem.
A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. [...]
"Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency.
The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware
The FBI deleted Chinese PlugX malware from thousands of devices in the US, using a technique developed by French cybersecurity firm Sekoia.io
The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation." PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People's Republic of China (PRC
Microsoft Uncovered Flaw That Affects macOS System Integrity Protection FeatureApple patched a vulnerability that allows hackers to bypass a key security feature in macOS by through third-party kernel extensions. Microsoft researchers uncovered the flaw tracked as CVE-2024-44243. The flaw could enable hackers to install rootkits and create malware with privileged access.
Two hacker groups were paid to develop malware targeting victims in the US, Europe, and Asia, as well as various Chinese dissident groups.
A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. [...]
Hey, Xi: Zài jiàn! The FBI, working with French cops, obtained nine warrants to remotely wipe PlugX malware from thousands of Windows-based computers that had been infected by Chinese government-backed criminals, according to newly unsealed court documents.…
Malware Used a Hardcoded IP Address for Command and ControlU.S. federal law enforcement said Tuesday it deleted more than 4,000 instances of PlugX malware used in a Chinese cyberespionage operation after a European partner gained control of the malware's command and control server. PlugX spreads through infected USB drives.
The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. [...]
The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. [...]
Browser-based cyber-threats surged in 2024, with credential abuse and infostealers on the rise
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia
The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.
Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar.