Infostealers are becoming the go-to phishing payload

Phishing has changed. Slowly but surely, cybercriminals are turning to infostealers instead. Traditional phishing hasn't gone away. Far from it. But many attackers are no longer focused solely on tricking victims into entering usernames and passwords on fake login pages. Instead, they are using...

Malicious code in ninja-core-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 65af5eaa02abf860465d0ee9e11d7b10e3e1e36473aec951f8c1ea38ed8a8560 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location --- Category: MALICIOUS - The campaign has clearly maliciou...

Hacked sites deliver Vidar infostealer to Windows users

In recent years, ClickFix and fake CAPTCHA techniques have become a popular way for cybercriminals to distribute malware. Instead of exploiting a technical vulnerability, these attacks rely on convincing people to run malicious commands themselves. Our researchers have recently detected a campaig...

📄 NFTBox NFT Marketplace Solution Private Key Disclosure

NFTBox NFT Marketplace Solution as of 2026/01/22 embeds a private crypto key in the wallet.js file. Exploit Title: NFTBox - NFT Marketplace Solution - Hardcoded Private Key Disclosure Date: 2026-01-21 Exploit Author: Sohel Yousef -- https://www.linkedin.com/in/sohel-yousef-50a905189/ Vendor...

Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data

Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency wallet stealer. The malicious package, named "Tracer.Fody.NLog," remained on the repository for nearly six years. I...

Malicious Package

Overview jsswapper is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

EUVD-2018-1832

Malware in sbrugna...

EUVD-2019-0794

Malware in sbrugna...

EUVD-2023-43610

Malicious code in bioql PyPI...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown

Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence AI and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer "advanced license validation and registry optimization utilities for high-performan...

Alleged ‘Scattered Spider’ Member Extradited to U.S.

A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators...

New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials

Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remot...

GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets

Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub. The campaign, which spans hundreds of repositories, has been dubbed GitVenom by Kaspersky. "The infected projects...

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by...

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition OCR model to exfiltrate select images...

MAL-2025-613 Malicious code in ethweb-set (npm)

This package exfiltrates cryptocurrency wallet files to an attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7af171b00090d3b3bfefae279da101b5da3a93390bc9f2cce869bdbc8685cbf Any computer that has this package installed or running should be...

New Stealer Uses Invalid Cert To Compromise Systems

New Stealer Uses Invalid Cert To Compromise Systems By Mohinder Gill, Mallikarjun Wali and Sangram Mohapatro · November 07, 2024 A new Stealer has been making the rounds. Its name: Fickle. Fickle Stealer is a new Rust-based information stealer that spreads through various attack vectors, includin...

Here’s Some Bitcoin: Oh, and You’ve Been Served!

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized the use of information included in a bitcoin transaction -- such as a...