FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

MAL-2025-41421 Malicious code in k7eel2-ss (PyPI)

The package downloads and executes an executable from a hardcoded URL. The executable is classifed as Trojan and confirmed by 47 top sources. The package downloads malware from https://github.com/deprosinal/legendary-funicular github repo, namely helo.exe --- -= Per source details. Do not edit...

You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam

Its that time of the year when not only do you have to be worried about filing your federal taxes in the U.S., you must also be on the lookout for a whole manner of tax-related scams. These are something that pop up every year through email, texts, phone calls and even physical mail -- phony...

PikaBot malware on the rise: What organizations need to know

A new type of malware is being used by ransomware gangs in their attacks, and its name is PikaBot. A relatively new trojan that emerged in early 2023, PikaBot is the apparent successor to the infamous QakBot QBot trojan that was shut down in August 2023. QBot was used by many ransomware gangs in...

Malicious Package

ua-parser-js is a malicious package. The package includes ceprolad.a which is a trojan malware script that executes .exe files. Any computer that has associated with this package should be considered fully compromised...

Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia

Colombian authorities on Wednesday said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012. Mihai Ionut Paunescu aka "Virus", the individual in question, was detained at the El Dorado airport in...

Malicious Package

xpc.js is a malicious package. It contains malicious codes in its pre-install script that executes two malicious exe files containing Trojan malware...

Malicious Package

Overview The package xpc.js contained malicious code. The package ran a postinstall script that executes two.exe files containing Trojan malware. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

Malicious Package

ac-addon is a malicious package. The package includes a postinstall script that executes two malicious .exe files containing Trojan malware...

Malicious Package

wsbd.js is a malicious package. The package executes a malicious postinstall script which runs an exe file containing Trojan malware upon installation...

Malicious Package

Overview The package discord.app contained malicious code. The package ran a postinstall script that executed an.exe file containing Trojan malware. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

Malicious Package

Overview The package wsbd.js contained malicious code. The package ran a postinstall script that executed an.exe file containing Trojan malware. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

Malicious Package

Overview The package ac-addon contained malicious code. The package ran a postinstall script that executed two .exe files. Both files were identified to contain Trojan malware. Recommendation Remove the package from your system and rotate any credentials that may have been compromised. References...

LokiBot Malware

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency CISA with contributions...

A week in security (November 11 – 17)

Last week on Malwarebytes Labs, we offered statistics and information on a sneaky new Trojan malware for Android, inspected a bevy of current Facebook scams, and explained the importance of securing food and agriculture infrastructure. We also released our latest report on cybercrime tactics and...

Arbitrary File Upload Vulnerability in Guojiz

Guojiz is a light community system based on layui front-end framework and thinkphp. Guojiz has an arbitrary file upload vulnerability, which can be exploited by an attacker to upload any type of image, such as a php Trojan horse, when editing a forum post or adding a comment via the upload image...

Trojans, ransomware dominate 2018–2019 education threat landscape

Heading into the new school year, we know educational institutions have a lot to worry about. Teacher assignments. Syllabus development. Gathering supplies. Readying classrooms. But one issue should be worrying school administrators and boards of education more than most: securing their networks...

North Korean Malicious Cyber Activity

The Department of Homeland Security DHS and the Federal Bureau of Investigation FBI have identified a Trojan malware variant—referred to as HOPLIGHT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. The...

Threat Landscape for Industrial Automation Systems in H2 2018

H2 2018 in figures All statistical data used in this report was collected using the Kaspersky Security Network KSN, a distributed antivirus network. The data was received from those KSN users who gave their consent to have data anonymously transferred from their computers. We do not identify the...

Pirate matryoshka

The use of torrent trackers to spread malware is a well-known practice; cybercriminals disguise it as popular software, computer games, media files, and other sought-after content. We detected one such campaign early this year, when The Pirate Bay TPB tracker filled up with harmful files used to...