11058 matches found
ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware
A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off as legitimate programs before malicious changes were introduced in mid-2024, according to a report fro...
CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans RATs to target users of mobile messaging applications. "These cyber actors use sophisticated targeting and social...
Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications
CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications apps.1 These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app...
New RadzaRat Spyware Poses as File Manager to Hijack Android Devices
Certo Software found RadzaRat, an Android RAT disguised as a file manager that has a 0/66 detection rate on VirusTotal. It keylogs passwords and steals files...
A week in security (November 17 – November 23)
Last week on Malwarebytes Labs: AI teddy bear for kids responds with sexual content and advice about weapons Fake calendar invites are spreading. Here’s how to remove them and prevent more Budget Samsung phones shipped with unremovable spyware, say researchers What the Flock is happening with...
Budget Samsung phones shipped with unremovable spyware, say researchers
A controversy over data-gathering software secretly installed on Samsung phones has erupted again after a new accusatory post appeared on X last week. In the post on the social media site, cybersecurity newsletter International Cyber Digest warned about a secretive application called AppCloud tha...
A week in security (November 10 – November 16)
Last week on Malwarebytes Labs: Be careful responding to unexpected job interviews Your passport, now on your iPhone. Helpful or risky? 1 million victims, 17,500 fake sites: Google takes on toll-fee scammers Are you paying more than other people? NY cracks down on surveillance pricing We opened a...
DarkComet Spyware Resurfaces Disguised as Fake Bitcoin Wallet
Old DarkComet RAT spyware is back, hiding inside fake Bitcoin wallets and trading apps to steal credentials via keylogging...
Samsung zero-day lets attackers take over your phone
A critical vulnerability has put Samsung mobile device owners at risk of sophisticated cyberattacks. On November 10, 2025, the US Cybersecurity and Infrastructure Security Agency CISA added a vulnerability, tracked as CVE-2025-21042, to its Known Exploited Vulnerabilities KEV catalog. The KEV...
LANDFALL Spyware Targeted Samsung Galaxy Phones via Malicious Images
Unit 42 discovered LANDFALL, commercial-grade Android spyware, which used a hidden image vulnerability CVE-2025-21042 to remotely spy on Samsung Galaxy users via WhatsApp. Update your phone now...
Fantasy Hub is spyware for rent—complete with fake app kits and support
Researchers at Zimperium identified Fantasy Hub, a new Android spyware developed and sold as a subscription on Russian-language cybercrime forums. Malware-as-a-Service MaaS means cybercriminals rent out to malware to other criminals, complete with the infrastructure necessary to harvest and abuse...
Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware
A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the Middle East. The activity involved the exploitation of CVE-2025-21042 CVSS score: 8.8, an out-of-bounds write flaw i...
New Dante Spyware Linked to Rebranded Hacking Team, Now Memento Labs
Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilising the new 'Dante' spyware developed by Memento Labs, the rebranded Hacking Team. The attacks used a Chrome zero-day vulnerability CVE-2025-2783 and COM hijacking for persistence, confirming the continued deployment o...
Attack of the clones: Fake ChatGPT apps are everywhere
The mobile AI gold rush has flooded app stores with lookalikes—shiny, convincing apps promising “AI image generation,” “smart chat,” or “instant productivity.” But behind the flashy logos lurks a spectrum of fake apps, from harmless copycats to outright spyware. Spoofing trusted brands like...
Spyware-Plugged ChatGPT, DALL·E and WhatsApp Apps Target US Users
Are you using a fake version of a popular app? Appknox warns US users about malicious brand clones hiding on third-party app stores. Protect yourself from hidden spyware and ‘commercial parasites.’...
Chrome Zero-Day Exploited to Deliver Italian Memento Labs' LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky. The vulnerability in question is CVE-2025-2783 CVSS scor...
Mem3nt0 mori – The Hacking Team is back!
In March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was...
'Happy Gilmore' Producer Buys Spyware Maker NSO Group
Plus: US government cybersecurity staffers get reassigned to do immigration work, a hack exposes sensitive age-verification data of Discord users, and more...
Fake TikTok and WhatsApp Apps Infect Android Devices with ClayRat Spyware
Zimperium's zLabs warns of ClayRat, a fast-spreading Android spyware targeting Russia. It hides in fake apps like TikTok and steals texts, calls records, and camera photos...
New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps
A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltra...