6649 matches found
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network TON for command-and-control C2. The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet...
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed to be a...
Malicious code in forge-jsxy (npm)
forge-jsxy is a malicious npm package part of the same campaign as forge-jsx. It typosquats the name by appending a 'y' and carries an identical fake description 'Node.js integration layer for Autodesk Forge' to impersonate a legitimate Autodesk Forge SDK. The package is a fully-formed RAT deploy...
Malicious code in gemini-analyzer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1c8996b17229185440fe7523f20f72ea848f3a001baa8946ca80fa6b5d3221ad The package is a RAT performing full exfiltration and executing remote commands through a custom RPC protocol over WebSockets, and eventually establishing a...
Reflecthernet: Exfiltrating 100BASE-TX Ethernet Traffic Using a Retroreflector Hardware Trojan
Electromagnetic eavesdropping is a well-established attack vector for remotely monitoring a target activity, most notably displays, over considerable ranges. Other targets have been considered resistant to such attacks or do not exhibit sufficient electromagnetic leakage for practical exploitatio...
MAL-2026-3251 Malicious code in puan31 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 27d04731b8fc3968b624ec2435d48b09d1afffb46fefb44745c2c8ff31bf4855 During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like the browser's history and sensiti...
Malicious code in system-update-tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4902f753d49279adae969f368b995d1ec8990f506dfb70d9c8891098f657ae9b If run as a module, the code runs code to silently control the device via Telegram bot execute commands, exfiltrate files. --- Category: MALICIOUS - The campai...
Malicious code in timesmcplib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 da06df6b9831a400bbf6f90e6ae20c8633f5ca98f71ca4927cbc0647ec6ccb17 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
MAL-2026-3240 Malicious code in timesmcplib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 da06df6b9831a400bbf6f90e6ae20c8633f5ca98f71ca4927cbc0647ec6ccb17 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Trojan Hippo: Weaponizing Agent Memory for Data Exfiltration
Memory systems enable otherwise-stateless LLM agents to persist user information across sessions, but also introduce a new attack surface. We characterize the Trojan Hippo attack, a class of persistent memory attacks that operates in a more realistic threat model than prior memory poisoning work:...
Malicious code in timermcplib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 999846a0fc964a7818742a15f547ddd0b154f6ca559902c048c3f478a681c64c During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
MAL-2026-3239 Malicious code in timermcplib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 999846a0fc964a7818742a15f547ddd0b154f6ca559902c048c3f478a681c64c During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
MAL-2026-3238 Malicious code in timemcplib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 96a6c2c025f60e6c36b5c0c5325d3cd39c3d2a25f693ba82877fa73d87eb3b6f During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Malicious code in currenttimerlib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2c8597070407b25804a26b2e7245768836031c1686a98750599ba2ce1833d4aa During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Malicious code in currenttimerpy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ccd5c81889e68b6ae8a0e8ef90b7c3a4dc447b08872ad6ac48ce94804985379d During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Malicious code in as89ufnaisufn (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e21c9860ca710010b7059d9284d8e2665c8163a8f1f351782e1a30f2037ce647 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
MAL-2026-3227 Malicious code in timingmcp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c55706ce911042ace020630f65dc65015cf677b2d5a106ccd3ddba10e90f327f During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
MAL-2026-3228 Malicious code in ziugxfbvo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 257409f82e56689d4cd8ebe7ac8ae8e09203ecbd7eab311970e4bdeb7be92b05 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Malicious code in bxiucnxcb (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 136aa3924314879404ede1d7153b71b042b3fa55468f0aa1c534e6a18b79e37c During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Malicious code in currentclock (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d1c91399e9fe0c5525eac175fb302553dfca29a3cea2f469e7c9be512629e71c During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...