SpyLoan Android malware on Google play installed 8 million times
A new set of 15 SpyLoan apps with over 8 million installs was discovered on Google Play, targeting primarily users from South America, Southeast Asia, and Africa. [...]
The Malware tag covers malware families, infrastructure analysis, incident impact, disruption efforts, and defensive guidance to reduce cybersecurity risk.
Search across headline titles and summaries.
Background for this topic.
Malware is software intentionally created or modified to perform unauthorized or harmful actions on a computer, device, or network. The term covers distinct families and functions, including viruses, worms, trojans, spyware, botnet clients, and ransomware; a single sample may combine several capabilities. Its behavior—not its label—determines the security concern: it may execute code, persist, alter or encrypt data, steal credentials, or provide unauthorized remote access.
For practitioners, malware reporting is most useful when it identifies the family or tool conservatively and provides evidence such as affected platforms, samples, infrastructure, or observed behavior. Defenses include promptly patching vulnerable software, restricting execution and privileges, monitoring endpoints and networks, maintaining tested backups, and isolating suspected systems for analysis. Detection should use behavior and verified indicators rather than names alone, since variants change. If malware processes personal or regulated data, investigations should also address privacy, evidence preservation, and applicable reporting obligations.
A new set of 15 SpyLoan apps with over 8 million installs was discovered on Google Play, targeting primarily users from South America, Southeast Asia, and Africa. [...]
Linux-Targeting Bootkitty Appears More Proof-of-Concept Than Threat, Researchers SayCybersecurity researchers have discovered the first-ever UEFI bootkit designed to target Linux systems and subvert their boot process for malicious purposes. The "Bootkitty" malware, first uploaded to VirusTotal this month, appears to be more "proof of concept" than full-fledged threat, they said.
Russian law enforcement has arrested and indicted notorious ransomware affiliate Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for developing malware and his involvement in several hacking groups. [...]
Qualified applicants must be able to test ransomware encryption and find bugs that might enable defenders to jailbreak the malware.
Linux-Targeting Bootkitty Appears More Proof-of-Concept Than Threat, Researcher SayCybersecurity researchers have discovered the first-ever bootkit designed to target Linux systems and subvert their boot process for malicious purposes. The "Bootkitty" malware, first uploaded to VirusTotal this month, appears to be more "proof of concept" than full-fledged threat, they said.
A new cyber-attack technique uses Godot Engine to deploy undetectable malware via GodLoader, infecting more than 17,000 devices
A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024
Scumbags play on victims' worst fears in phishing campaign referencing UK Employment Tribunal A current phishing campaign scares recipients into believing they've been sacked, when in reality they've been hacked – and infected with infostealers and other malware that means a payday for the crooks behind the scam.…
Plus, a brand-new backdoor, GhostSpider, is linked to the cyber-spy crew's operations The reach of the China-linked Salt Typhoon gang extends beyond American telecommunications giants, and its arsenal includes several backdoors, including a brand-new malware dubbed GhostSpider, according to Trend Micro researchers.…
Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months. [...]
The first UEFI bootkit specifically targeting Linux systems has been discovered, marking a shift in stealthy and hard-to-remove bootkit threats that previously focused on Windows. [...]
A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields.
APT-C-60 targets Japan with phishing emails, using job application ruse and malware via Google Drive
Over the past year, "Matrix" has used publicly available malware tools and exploit scripts to target weakly secured IoT devices — and enterprise servers.
A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet
The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected.
Malwarebytes' Black Friday 2024 deals are now live, offering a 50% discount for one and two-year subscriptions to personal, family, and business subscriptions to its standalone anti-malware software, VPN, and Personal Data Remover services. [...]
The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies. Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed
Trend Micro has identified a spear-phishing campaign active in Japan since June 2024. Evidence about the malware used by this campaign suggests this was part of a new operation by Earth Kasha.
Group Deploys Upgraded Malware Disguised as Microsoft File on Pilgrimage GoersA South Asian threat actor identified as Mysterious Elephant or APT-K-47 by Knownsec 404 researchers is using a Hajj-themed lure to trick victims into malicious payload disguised as a Windows file. The hacker is using upgraded Asyncshell malware disguised as a Microsoft Compiled HTML Help file.