And the Winner in Dominant Malware Delivery? ClickFix
Researchers say the highly effective social engineering technique is no longer the exception for malware attacks — it's now the rule.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researchers say the highly effective social engineering technique is no longer the exception for malware attacks — it's now the rule.
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.
The SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution.
More than 1,600 socially engineered messages from the China-backed advanced persistent threat (APT) group target various sectors to deliver the previously undocumented ABCDoor backdoor, ValleyRAT, and other malware.
A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged campaign.
Credential theft soared in the second half of 2025, thanks in part to the industrialization of infostealer malware and AI-enabled social engineering.
The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a Python-based RAT.
Threat actors are using the social engineering technique and a legitimate Microsoft tool to deploy the DCRat remote access Trojan against targets in the hospitality sector.
A new twist on the social engineering tactic is making waves, combining SEO poisoning and legitimate AI domains to install malware on victims' computers.
Sophisticated social engineering is expected to accompany threat campaigns that are highly targeted and aimed at stealing crypto and deploying malware.
The malware builds on a near-field communication tool in combination with phishing and social engineering to steal cash.
The cyber campaign uses social engineering and sophisticated evasion tactics, including a novel malware-delivery method, to compromise hundreds of Microsoft Office users.
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
Key findings from the research also show three of the four new malware threats on this quarter's top-ten list originated in China and Russia, living-off-the-land attacks on the rise, and more.
The successful combo of stolen credentials and social engineering to breach networks is increasing demand for infostealers on the Dark Web.
Attackers are turning to stolen credentials and posing as trusted applications to socially engineer victims, according to Google study of malware submitted to VirusTotal.