Lucene search
K

34 matches found

Malwarebytes
Malwarebytes
added 2025/12/29 11:48 a.m.7 views

Malware in 2025 spread far beyond Windows PCs

This blog is part of a series highlighting new and concerning trends we noticed over the last year. Trends matter because they almost always provide a good indication of what 's coming next. If there’s one thing that became very clear in 2025, it’s that malware is no longer focused on Windows...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/12 6:50 p.m.12 views

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan RAT dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools,...

7.1AI score
Exploits0
Trellix
Trellix
added 2025/12/09 12:0 a.m.8 views

Dark Web Roast – November 2025 Edition

Dark Web Roast – November 2025 Edition By Trellix Advanced Research Center · December 9, 2025 Executive summary November 2025 delivered a masterclass in underground incompetence that would make any cybersecurity professional simultaneously laugh and cry. From the Silent data-extortion group getti...

5.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/11/25 4:8 p.m.9 views

New ClickFix wave infects users with hidden malware in images and fake Windows updates

Several researchers have flagged a new development in the ongoing ClickFix campaign: Attackers are now mimicking a Windows update screen to trick people into running malware. ClickFix campaigns use convincing lures, historically “Human Verification” screens, and now a fake “Windows Update” splash...

7.2AI score
Exploits0
HackRead
HackRead
added 2025/11/13 3:58 p.m.16 views

Operation Endgame Hits Rhadamanthys, VenomRAT, Elysium Malware, seize 1025 servers

Europol-led Operation Endgame seizes 1,025 servers and arrests a key suspect in Greece, disrupting three major global malware and hacking tools, including Rhadamanthys, VenomRAT and Elysium botnet...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/13 11:16 a.m.6 views

Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown

Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust. The activity, which took place between November 10 and 13, 2025, marks Please remove image compression the latest phase...

6.7AI score
Exploits0
HackRead
HackRead
added 2025/11/03 11:5 a.m.4 views

YouTube ‘Ghost Network’ Spreads Infostealer via 3,000 Fake Videos

Check Point Research exposed a sophisticated, role-based operation called the YouTube Ghost Network, distributing dangerous Lumma and Rhadamanthys Infostealer malware. Learn how cybercriminals use hijacked channels and bots to triple malicious video output and steal user credentials...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/10/03 3:58 p.m.4 views

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads

The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been updated to support the ability to collect device and web browser fingerprints, among others. "Rhadamanthys was...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/08/26 10:45 a.m.3 views

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. The large-scale...

7.7AI score
Exploits0
OSV
OSV
added 2025/08/25 11:30 a.m.8 views

MAL-2025-191866 Malicious code in selenium-stealth-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b7721bb039c55a43bd1dc81dfad14494df158912f9dda006a67881ce54be64d3 During importing, a malicious executable is being downloaded and started. According to sandbox report, the executable is an infostealer of rhadamanthys family...

7AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/23 5:24 p.m.6 views

Malicious code in selenium-stealth-helper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7c2cda67d57bc0989cefaaf7d1bf288e32cbff3768347ee959619e88ade1d44c During importing, a malicious executable is being downloaded and started. According to sandbox report, the executable is an infostealer of rhadamanthys family...

7.1AI score
Exploits0References4
The Hacker News
The Hacker News
added 2025/03/26 1:53 p.m.25 views

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware

The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc...

7CVSS7.9AI score0.31894EPSS
Exploits7
The Hacker News
The Hacker News
added 2025/02/24 4:58 p.m.33 views

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and ACR Stealer. The AhnLab Security Intelligence Center ASEC said it has observed a spike in the distribution volume of ACR Stealer since...

7.8CVSS7.1AI score0.60954EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/11/07 9:42 a.m.30 views

SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims

An ongoing phishing campaign is employing copyright infringement-related themes to trick victims into downloading a newer version of the Rhadamanthys information stealer since July 2024. Cybersecurity firm Check Point is tracking the large-scale campaign under the name CopyRhightadamantys. Target...

7.8CVSS7.1AI score0.00605EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/10/01 4:34 p.m.17 views

AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence AI for optical character recognition OCR as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/29 7:5 a.m.26 views

'Stargazer Goblin' Creates 3,000 Fake GitHub Accounts for Malware Spread

A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service DaaS that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year. The network, which comprises over 3,000...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/06/19 10:8 a.m.19 views

Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft. The attack chains involve the use of a purported virtual meeting...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/08 10:58 a.m.24 views

Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version

A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. "These enhancements aim to increase the malware's stealthiness, thereby remaining undetected for longer periods of time," Zscaler ThreatLabz...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/24 4:50 a.m.37 views

CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers

A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network CDN cache domains since at least February 2024. Cisco Talos has attributed the activity with moderate confidence to a threat actor...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2024/04/23 12:1 p.m.27 views

Suspected CoralRaider continues to expand victimology using three information stealers

By Joey Chen, Chetan Raghuprasad and Alex Karkins. Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. Talos also discovered a new PowerShell command-lin...

8.2AI score
Exploits0
Rows per page
Query Builder