19 matches found
Fake software on GitHub and SourceForge distribute Deno RAT
During our threat hunting activities, we found fake installers and plugins impersonating popular software including ChatGPT, Claude, AutoTune, and Kontakt on GitHub and SourceForge distributing a Deno backdoor known as DinDoor. Attackers are using compromised YouTube channels to distribute links ...
Hackers Pose as Non-Profit Developers to Deploy Monero Mining Malware
REF1695 hackers spread Monero mining malware via fake non-profit installers, using stealth tactics to evade detection and hijack systems for profit...
Beware of fake OpenClaw installers, even if Bing points you to GitHub
Attackers are abusing OpenClaw’s popularity by seeding fake “installers” on GitHub, boosted by Bing AI search results, to deliver infostealers and proxy malware instead of the AI assistant users were looking for. OpenClaw is an open‑source, self‑hosted AI agent that runs locally on your machine...
TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign
Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote acces...
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers
Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application SEA feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source...
Fake Teams Installers Dropping Oyster Backdoor (aka Broomstick)
Hackers are using fake Microsoft Teams installers found in search results and ads to deploy the Oyster backdoor. Learn how to protect your PC from this remote-access threat...
NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign
Co-authored byAnna Širokova and Ivan Feigl Executive summary Rapid7 has been tracking a malware campaign that uses fake software installers disguised as popular apps like VPN and QQBrowser—to deliver Winos v4.0, a hard-to-detect malware that runs entirely in memory and gives attackers remote...
How Cracks and Installers Bring Malware to Your Device
Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data...
Trend Micro™ Managed XDR Analysis of Infection From Fake Installers and Cracks
Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data...
Trend Micro Managed XDR Analysis of Infection From Fake Installers and Cracks
Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data...
Malvertising Campaign Unleashes Nitrogen Malware Via Fake Installers
...
Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps
Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines. The attacks involve purchasing ad slots to appear in Google search results and direct users looking for popular...
‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems
Researchers have tracked new spyware – dubbed “PseudoManuscrypt” because it’s similar to “Manuscrypt” malware from the Lazarus advanced persistent threat APT group – that’s attempted to scribble itself across more than 35,000 targeted computers in 195 countries. Kaspersky researchers said in a...
Malvertising attack distributes malicious Chrome extensions, backdoors
By Waqas Researchers believe that the campaign has been active since 2018, and since then, the malware has been under development constantly. Cisco Talos researchers have identified malvertising campaigns using fake installers of popular games and applications, such as WeChat, Viber, Battlefield,...
Fake Installers Drop Malware and Open Doors for Opportunistic Attackers
We recently spotted fake installers of popular software being used to deliver bundles of malware onto victims’ devices. These installers are widely used lures that trick users into opening malicious documents or installing unwanted applications...
New Variant of KeyPass Ransomware Discovered
A new variant of the KeyPass ransomware has been gaining traction in August and is using new techniques like manual control to customize its encryption process, researchers said Monday. Researchers at Kaspersky Lab who posted about the trojan said that it is being propagated by means of fake...
KeyPass ransomware
In the last few days, our anti-ransomware module has been detecting a new variant of malware - KeyPass ransomware. Others in the security community have also noticed that this ransomware began to actively spread in August: Notification from MalwareHunterTeam Distribution model According to our...
Infected Site Spreading SMS Android Malware
The website of a popular watch retailer is reportedly redirecting users that visit the site on Android-based devices to a number of malicious domains serving up premium rate SMS malware. According to a WebRoot report, users that visit the unnamed watch-selling website in Bulgaria are redirected t...
Mobile, Android Threats Continued Sharp Growth in 2011
The occurrence of mobile malware increased by 155 percent across all platforms in 2011, and, according to Juniper Network’s 2011 Mobile Threat Report, malware specifically targeting the Android operating system saw its own increase of more than 3,000 percent. Juniper Networks attributes Android’s...