New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model LLM. The package in question is "@validate-sdk/v2," which is listed on npm as a utility software development kit SDK...

Fake Ledger Live App on Apple Store Linked to $9.5M Crypto Theft

Apple approved a fake Ledger Live app on its App Store, allowing scammers to steal $9.5 million from more than 50 users. Did you install this app?...

A week in security (March 16 – March 22)

Last week on Malwarebytes Labs: Could your face change what you pay? NYC wants limits on biometric tracking That "job brief" on Google Forms could infect your device A DarkSword hangs over unpatched iPhones Your tax forms sell for $20 on the dark web Researchers found font-rendering trick to hide...

New Vidar 2.0 Infostealer Spreads via Fake Game Cheats on GitHub, Reddit

The new infostealer campaign spreads Vidar 2.0 via fake game cheats on GitHub and Reddit, stealing crypto, login tokens, and files while targeting young gamers ignoring security warnings...

BeatBanker Android Trojan Uses Silent Audio Loop to Steal Crypto

BeatBanker Android Trojan spreads via fake Google Play Store pages, using a silent audio loop to stay active while stealing crypto, banking data, and login credentials...

New ZeroDayRAT Malware Claims Full Monitoring of Android and iOS Devices

Meet ZeroDayRAT, a newly advertised malware targeting Android and iOS devices with surveillance, location tracking, and crypto theft tools sold via Telegram as a MaaS service...

17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware

Bitdefender Labs reveals that 17% of OpenClaw AI skills analyzed in February 2026 are malicious. With over 160,000…...

Jeffrey Epstein Had a ‘Personal Hacker,’ Informant Claims

Plus: AI agent OpenClaw gives cybersecurity experts the willies, China executes 11 scam compound bosses, a $40 million crypto theft has an unexpected alleged culprit, and more...

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs. The blockchain intelligence firm said...

Lazarus Group Embed New BeaverTail Variant in Developer Tools

North Korea’s Lazarus Group deploys a new BeaverTail variant to steal credentials and crypto using fake job lures, dev tools, and smart contracts...

North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft

Threat actors with ties to the Democratic People's Republic of Korea DPRK or North Korea have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion stolen from January through early December. The figure...

DarkCloud Infostealer Relaunched to Grab Credentials, Crypto and Contacts

eSentire TRU analyses the new DarkCloud V4.2 infostealer, rewritten in VB6. Find out how the malware steals browser data, crypto, and contacts via targeted phishing...

Vietnamese Hackers Use Fake Copyright Notices to Spread Lone None Stealer

New Lone None Stealer uses Telegram C2 and DLL side-loading to grab passwords, credit cards, and crypto. Find out how to spot this highly evasive phishing scam...

Multiple Node.js Modules compromised in supply chain attack to steal crypto (08/09/2025)

The remote host has a version of one or more Node.js modules installed known to be compromised in a supply chain attack. The following Node.js modules are known to be affected: 'backslash', 'chalk', 'debug', 'chalk-template', 'supports-hyperlinks', 'has-ansi', 'simple-swizzle', 'color-string',...

AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto

Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management RMM software, to deliver a fleshless loader that drops a remote access trojan RAT called AsyncRAT to steal sensitive data from compromised...

Scammers Steal $1 Million in Crypto Using Fake Delta and AMC Sites

Cybersecurity firm Netcraft has discovered a new task scam cluster that has stolen over $1 million in crypto.…...

Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft

A 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in the U.S. in connection with a series of major hacks and cryptocurrency thefts. Noah Michael Urban pleaded guilty to charges related to wire fraud and aggravated identity...

New Malvertising Attack Spreads Crypto Stealing PS1Bot Malware

Cisco Talos researchers have discovered a dangerous new malware framework called PS1Bot. Active since early 2025, this sophisticated…...

Efimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing

Kaspersky reports Efimer Trojan infecting thousands, swapping crypto wallets, brute-forcing sites, and spreading through torrents and phishing. Cybercriminals…...

TrickBot Behind More Than $724 Million in Crypto Theft and Extortion

Akamai's latest Ransomware Report 2025 reveals "quadruple extortion," new AI-driven tactics by groups like Black Basta, FunkSec, and TrickBot, and growing threats to non-profits. Learn about evolving cyber threats...