FSB Group Gamaredon Hides Worm in Windows Data Streams
FSB-linked Gamaredon concealed a fileless worm in NTFS data streams to spy on Ukraine targets
The Worm tag covers self-spreading malware that can spread rapidly, plus reported incidents, technical analysis, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
Worms are malware programs that replicate and spread between systems without needing to attach to another file. They may move through exploitable network services, vulnerable applications, removable media, or other connected paths; the route depends on the family. Their defining concern is rapid propagation: one compromised host can seed many others, causing outages or resource exhaustion and, in some cases, delivering additional code or enabling unauthorized access.
Security teams should assess worm reports alongside the affected software and exposure details. Priorities include applying patches or mitigations, disabling unnecessary services, and segmenting networks to limit movement. Monitor for unusual scanning, repeated connection attempts, and clusters of similar infections. During an incident, isolate affected systems, restrict relevant communications where practical, preserve forensic evidence, and verify that vulnerable hosts are remediated before reconnecting them.
Weekly headline count for the current query.
FSB-linked Gamaredon concealed a fileless worm in NTFS data streams to spy on Ukraine targets
Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date
Malicious npm packages spread via worm-like propagation and steal developer credentials
Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers
A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows
A new npm worm dubbed “IndonesianFoods” has doubled the number of known malicious packages
A secret-stealing worm is spreading fast across the npm ecosystem, experts have warned
Distribution vectors of the Raspberry Robin worm now include Windows Script Files (WSF) alongside other methods like USB drives
The researchers developed a worm, dubbed “Morris II,” which targets generative AI ecosystems through the use of adversarial self-replicating prompts
Cado Security said the malware acts as a botnet and is compatibille with both Windows and Linux