Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code VS Code extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate...

Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware

TrendAI™ Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions...

Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers

A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased "operations tempo" from the threat actor. The findings come from Google Threat Intelligence Group GTIG, which said the...

Inside Russian Market: Uncovering the Botnet Empire

Eliran Alon contributed to this post. Inside Russian Market: Key insights from Rapid7 threat research The online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol RDP access to becoming one of the most active underground hubs for information-stealing malware...

UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine

The Computer Emergency Response Team of Ukraine CERT-UA has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located...

ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers

The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that...

Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide

Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information. The tech giant, which detected the activity in early December 2024...

Google Docs used by infostealer ACRStealer as part of attack

An infostealer known as ACRStealer is using legitimate platforms like Google Docs and Steam as part of an attack, according to researchers. ACRStealer is often distributed via the tried and tested method of download as cracks and keygens, which are used in software piracy. The infostealer has bee...

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit

Our blog entry discusses a fake PoC exploit for LDAPNightmare CVE-2024-49113 that is being used to distribute information-stealing malware...

“Can you try a game I made?” Fake game sites lead to information stealers

The background and the IOCs for this blog were gathered by an Expert helper on our forums and Malwarebytes researchers. Our thanks go out to them. A new, malicious campaign is making the rounds online and it starts simple: Unwitting targets receive a direct message DM on a Discord server asking...

PT-2024-9433 · Microsoft · Windows Lightweight Directory Access Protocol +1

Name of the Vulnerable Software and Affected Versions: Windows Lightweight Directory Access Protocol LDAP affected versions not specified Description: The issue is related to a denial-of-service vulnerability in Windows Lightweight Directory Access Protocol LDAP. This vulnerability can cause the...

Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia

A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer. The malware "targets victims' sensitive information, including credentials for various online...

Fake CAPTCHA Pages Used by Lumma Stealer to Spread Fileless Malware

Lumma Stealer malware uses fake CAPTCHA to deceive victims. This information-stealing malware targets sensitive data like passwords and…...

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Summary Lumma Stealer is an information-stealing malware available through a Malware-as-a-Service MaaS. It specializes in stealing sensitive data such as passwords, browser information, and cryptocurrency wallet details. The attacker has advanced its tactics, moving from traditional phishing to...

New Windows Malware Locks Computer in Kiosk Mode

Clever: A malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware "locks" the user's browser on Google's login page with no obviou...

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would...

Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware

Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. "On Windows, Chrome uses the Data Protection API DPAPI which protects the data at rest...

Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova

Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group known as XDSpy. The findings come from cybersecurity firm F.A.C.C.T., which said the infection chains lead to the deployment of a malware called DSDownloader. The...

'Stargazer Goblin' Creates 3,000 Fake GitHub Accounts for Malware Spread

A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service DaaS that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year. The network, which comprises over 3,000...

MAL-2024-12349 Malicious code in spl-types (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62ae4c4e03f2865a43a463427c66b7131a5c981b645d24d246d93435347e5819 --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: spl-types-rentry-2024-07 Reasons based on the campaign: -...