Infostealers without borders: macOS, Python stealers, and platform abuse

Infostealer threats are rapidly expanding beyond traditional Windows-focused campaigns, increasingly targeting macOS environments, leveraging cross-platform languages such as Python, and abusing trusted platforms and utilities to silently deliver credential-stealing malware at scale. Since late...

Hacktivists claim near-total Spotify music scrape

Hacktivist group Anna’s Archive claims to have scraped almost all of Spotify’s catalog and is now seeding it via BitTorrent, effectively turning a streaming platform into a roughly 300 TB pirate “preservation archive.” On its blog, the group states: “A while ago, we discovered a way to scrape...

Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year

Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol. The idea is to make it easier to delve into WhatsApp-specific...

Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns

Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth aka Guildma, Mekotio and Ousaban to targets across Latin America and Europe. The volume of emails associated with these campaigns has significantly increase...

Malicious code in tpmcverhacked (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx f4436864173c017dbd66a00e30b8336acf3e0c05f65a5cf374de08dd6c20f477 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

News Wrap: Fake Minneapolis Police Breach, Zoom End-To-End Encryption Debate

Threatpost editors Lindsey O’Donnell-Welch and Tara Seals discuss the top security news stories of the week, including: Reports emerged earlier this week that the Minneapolis police department had been breached by hacktivist group Anonymous. Security expert Troy Hunt debunked the reports, however...