Scammers pretending to be Microsoft had help from US executives

A pop-up appears on your computer, warning of a virus. You call the "Microsoft technician" in the pop-up message, and they explain that they need remote access to fix it. Most of us know this script by now. It's a scam, operated by people intent on siphoning money from your account. A court case...

A Ransomware Negotiator Was Working for a Ransomware Gang

Someone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients...

Jordanian Man Pleads Guilty to Selling Stolen Logins for 50 Companies

Jordanian man pleads guilty to selling stolen corporate logins in FBI sting after extradition from Georgia; tied to access of 50+ company networks...

A week in security (January 5 – January 11)

Last week on Malwarebytes Labs: pcTattletale founder pleads guilty as US cracks down on stalkerware Are we ready for ChatGPT Health? CISA warns of active attacks on HPE OneView and legacy PowerPoint Lego’s Smart Bricks explained: what they do, and what they don’t Fake WinRAR downloads hide malwar...

pcTattletale founder pleads guilty as US cracks down on stalkerware

Reportedly, pcTattletale founder Bryan Fleming has pleaded guilty in US federal court to computer hacking, unlawfully selling and advertising spyware, and conspiracy. This is good news not just because we despise stalkerware like pcTattletale, but because it is only the second US federal...

Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act

Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. In a post shared on X last week, the 38-year-old announced his release, crediting U.S...

Ukrainian Woman in US Custody for Aiding Russian NoName057 Hacker Group

Ukrainian national Victoria Dubranova is in U.S. custody, accused of supporting Russian hacker group NoName057 in cyberattacks on critical infrastructure. She has pleaded not guilty...

EUVD-2025-76701

Malicious code in guiltyrabbit-appteadev npm...

MAL-2025-103428 Malicious code in guilty_hornet-smiletea (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f27a8d5167bab8dcc7f1c5d0c29053b2f58a9f25c6aedba3eafbf412780374b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-81735

Malicious code in guiltycameldumbs npm...

EUVD-2025-70145

Malicious code in guiltyapez3n npm...

Malicious code in guilty_gull_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bce44f78a18c6bc5d53556b9412406fcc79a61b4be95fc1f0cfb1b4e0574cfef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-63779

Malicious code in guiltybassz3n npm...

Malicious code in guilty_halibut_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c30004ddf7297927c47722609cdee12ba32551292fa0472e55d9b5681ab241a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in guilty_weasel_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a3082f80247f4a14b2663da529482e75cf41993c19602b720f7403238d928d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-78565 Malicious code in guilty_halibut_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c30004ddf7297927c47722609cdee12ba32551292fa0472e55d9b5681ab241a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-54027

Malicious code in guilty-beige-camel npm...

Malicious code in guilty-amethyst-vicuna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16e80a382566fd08fdbf34794a38b2df4e77f1c6dcdfbbf00be40e64d74b02d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in guilty-scarlet-marsupial (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3df2487f398a89ad3fbb1916852ee40829597b96a89a2613daab3d90d877f12b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-54028

Malicious code in guilty-azure-boar npm...