Information Security, Malware and Media

CEO of cybersecurity firm charged with installing malware on hospital systems

Security Affairs

APRIL 26, 2025

Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma’s Computer Crimes Act. The man is accused of having installed the malware on the hospital computers on August 6, 2024. ” reported the media outlet KOCO 5 News. Anthony Hospital.

Malware

Malware Cybersecurity Healthcare Media

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Security Affairs

FEBRUARY 26, 2025

Researchers found an updated LightSpy spyware with enhanced data collection features targeting social media platforms like Facebook and Instagram. have found an updated version of the LightSpy spyware that supports an expanded set of data collection features to target social media platforms like Facebook and Instagram.

Data collection

Data collection Spyware Media Surveillance

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware

Malware Phishing Telecommunications Retail

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Crazy Evil gang runs over 10 highly specialized social media scams

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency.

Scams

Scams Media Cryptocurrency Cybercrime

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

The group used the chatbot to receive support in Android malware development and to create a scraper for the social media platform Instagram. “This actor used our models to debug malware, for coding assistance in creating a basic scraper for Instagram, and to translate LinkedIn profiles into Persian.

Malware

Malware Social Engineering Engineering Hacking

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

RedLine and META targeted millions of victims worldwide, according to Eurojust it was one of the largest malware platforms globally. “Investigations into RedLine and Meta started after victims came forward and a security company notified authorities about possible servers in the Netherlands linked to the software.

Identity Theft

Identity Theft Passwords Malware Banking

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Security Affairs

MARCH 2, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Architecture IoT Ransomware

Crypto mining campaign targets Docker environments with new evasion technique

Security Affairs

APRIL 23, 2025

New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn. Researchers from Darktrace and Cado Security have spotted a malware campaign that targets Docker environments with a novel technique to mine cryptocurrency. These points can be converted to $TENEO tokens.

Cryptocurrency

Cryptocurrency Malware Media Hacking

Operation SyncHole: Lazarus APT targets supply chains in South Korea

Security Affairs

APRIL 25, 2025

The attackers used multiple hacking tools and malware, including ThreatNeedle , Agamemnon downloader, wAgent , SIGNBT, and COPPERHEDGE. We found that the malware was running in the memory of a legitimateSyncHost.exeprocess, and was created as a subprocess of Cross EX, legitimate software developed in South Korea.”

Malware

Malware Software Encryption Hacking

Security Affairs Malware Newsletter – Round 5

Security Affairs

AUGUST 4, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Spyware Media Phishing

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

Security Affairs

MARCH 27, 2025

Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware. While DeepSeek is rising in popularity, threat actors are attempting to exploit it by using fake sponsored Google ads to distribute malware, Malwarebytes researchers warn. ” reads the alert published by Malwarebytes.

Malware

Malware Data collection Advertising Media

WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

Security Affairs

APRIL 8, 2025

Its value stems from WhatsApp’s massive user base and the potential for covert access to private chats, media, and device-level control. In February, Meta announced that it had discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite).

Spyware

Spyware Media Surveillance Hacking

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

SecureList

JANUARY 18, 2023

The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. The media routinely report incidents and leaks of data that end up publicly accessible on the dark web. Malware-as-a-service: a greater number of cookie-cutter attacks, more complex tools.

Media

Media Social Engineering Ransomware Hacking

New LightSpy spyware version targets iPhones with destructive capabilities

Security Affairs

NOVEMBER 1, 2024

LightSpy can steal files from multiple popular applications like Telegram, QQ, and WeChat, as well as personal documents and media stored on the device. Destructive plugin: capable of deleting media files from the device PushMessage 1.0.0 Destructive plugin: capable of deleting media files from the device PushMessage 1.0.0

Spyware

Spyware Media Malware Hacking

Canadian authorities arrested alleged Snowflake hacker

Security Affairs

NOVEMBER 5, 2024

” UNC5537 used stolen credentials obtained via infostealer malware. Independent news outlet 404 Media also confirmed Krebs’s findings 404 Media in September 2024. This led to extensive data theft, with the attackers later attempting to extort victims and sell stolen data on criminal forums.

Unstructured Data

Unstructured Data Media Cybercrime Hacking

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware

Malware Software Technology Accountability

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 13, 2024

The Mexican Drug Cartels Want You Casio: Notice of Partial Service Outage and Information Leak Caused by Ransomware Attack He founded a “startup” to access sanctioned Russian websites: the cyber police of Khmelnytskyi region exposed the hacker Hacked ‘AI Girlfriend’ Data Shows Prompts Describing Child Sexual Abuse Malware Over 300,000!

Data breaches

Data breaches Cryptocurrency Cybercrime Artificial Intelligence

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

JUNE 27, 2022

The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The script will download and run the.NET bootloader “MSCommondll.exe,” which in turn will download and run the malware DarkCrystal RAT.

Telecommunications

Telecommunications Malware Media Passwords

Apple fixed the first actively exploited zero-day of 2025

Security Affairs

JANUARY 27, 2025

The vulnerability is a privilege escalation vulnerability that impacts the Core Media framework. The Apple Core Media framework supports multimedia tasks like playback, recording, and manipulation of audio and video on iOS and macOS devices. “A malicious application may be able to elevate privileges.

Spyware

Spyware Surveillance Media Hacking

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. Contact is usually made through social media, by phone or in person. Antivirus protection Software that protects against viruses and malware.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. ” reads the analysis published by NTT Security.

Malware

Malware Phishing Passwords Media

Adrozek malware silently inject ads into search results in multiple browsers

Security Affairs

DECEMBER 10, 2020

Microsoft warns of a new malware named Adrozek that infects devices and hijacks Chrome, Edge, and Firefox browsers by changing their settings. Microsoft warned of a new malware named Adrozek that infects devices and hijacks Chrome, Edge, and Firefox browsers by changing their settings and inject ads into search results pages.

Malware

Malware Advertising Media Engineering

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Security Affairs

FEBRUARY 2, 2025

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite).

Spyware

Spyware Hacking Surveillance Malware

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

In case a criminal obtains private information, such as IP addresses, phone numbers, and domiciles, it may be exploited to initiate fraudulent schemes, blackmail, or doxing operations. The lack of a robust verification process, combined with the trust placed in authorities, increases the risk to users’ digital security and privacy.

Cybercrime

Cybercrime Social Engineering Accountability Government

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog GitHub addressed a critical vulnerability in Enterprise Server A new Linux variant of FASTCash malware targets financial systems WordPress Jetpack plugin critical flaw impacts 27 million sites Pokemon dev Game Freak discloses (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

15 SpyLoan Android apps found on Google Play had over 8 million installs

Security Affairs

NOVEMBER 30, 2024

Some of the malicious apps were promoted through deceptive advertising on social media. “ SpyLoan apps exploit official app stores like Google Play, deceptive branding, and social media ads to appear credible. The researchers reported the apps to Google who notified the developers that their apps violate Google Play policies.

Social Engineering

Social Engineering Media Mobile Scams

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Joseph Steinberg

APRIL 21, 2022

Data that must remain private simply cannot be readable by unauthorized parties – and that rule applies both when the relevant information is at rest on an internal server, in the cloud, or on some backup media, as well as when it is in transit over any form of network or other means of communication.

Encryption

Encryption Cybersecurity Artificial Intelligence Backups

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs

FEBRUARY 2, 2025

The Saim Raza group run multiple marketplaces that advertised and facilitated the sale of hacking and fraud tools, including malware, phishing kits and email extractors. Employees inadvertently exposed their ties through social media. The HeartSender group has sold phishing tools to criminals since 2020, causing over $3 million in U.S.

Cybercrime

Cybercrime Advertising Phishing Hacking

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

Security Affairs

MAY 20, 2024

Researchers discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors that used GitHub to distribute malware. The campaign shows how attackers exploit trusted internet services to carry out cyberattacks that steal personal information. This tactic allows them to avoid detection.

Malware

Malware Banking Advertising Software

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports

Security Affairs

AUGUST 6, 2022

Greek intelligence admitted it had spied on a journalist, while citizens ask the government to reveal the use of surveillance malware. The head of the Greek intelligence told a parliamentary committee that they had spied on a journalist with surveillance malware , Reuters reported citing two sources present. ” reported Reuters.

Surveillance

Surveillance Malware Spyware Government

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Security Affairs

DECEMBER 31, 2021

Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions.

Malware

Malware Firmware Manufacturing Media

8Base ransomware group hacked Croatia’s Port of Rijeka

Security Affairs

DECEMBER 7, 2024

The CEO of the Croatian Port, Duko Grabovac, told local media outlet Novi list that despite threats actors stole some data, the incident had no impact on the operations at the post. Grabovac pointed out that his organization will not pay the ransom requested by the ransomware gang.

Ransomware

Ransomware Hacking Accountability Cyber Attacks

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn. Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux.

Malware

Malware DDOS Architecture Financial Services

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 10, 2024

Mazda Connect flaws allow to hack some Mazda vehicles Veeam Backup & Replication exploit reused in new Frag ransomware attack Texas oilfield supplier Newpark Resources suffered a ransomware attack Palo Alto Networks warns of potential RCE in PAN-OS management interface iPhones in a law enforcement forensics lab mysteriously rebooted losing their (..)

Ransomware

Ransomware Cybercrime Phishing Banking

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Security Affairs

APRIL 23, 2021

The malware moves all files stored on the device to password-protected 7zip archives and demand the payment of a $550 ransom. The Taiwanese vendor published a security advisory to warn its customers of the ongoing attacks and is urging them to install the latest Malware Remover version and scan their devices for indicators of compromise.

Ransomware

Ransomware Backups Media Malware

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Security Affairs

DECEMBER 5, 2022

Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. “In the Box” dark web marketplace is leveraged by cybercriminals to attack over 300 financial institutions (FIs), payment systems, social media and online-retailers in 43 countries.

Mobile

Mobile Malware Banking Retail

BingoMod Android RAT steals money from victims’ bank accounts and wipes data

Security Affairs

JULY 31, 2024

BingoMod is a new Android malware that can wipe devices after stealing money from the victims’ bank accounts. Researchers at Cleafy discovered a new Android malware, called ‘BingoMod,’ that can wipe devices after successfully stealing money from the victims’ bank accounts.

Banking

Banking Accountability Malware Mobile

SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority

Security Affairs

NOVEMBER 2, 2022

The social media accounts were used to spread a link to a Telegram channel created to distribute the seemingly harmless VPN application. In their attacks, they use cunning and unexpected methods: SandStrike, attacking users via VPN service, where victims tried to find protection and security, is an excellent example.

Spyware

Spyware Malware VPN Accountability

WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware

Security Affairs

MARCH 19, 2025

In February, Meta announced that it had discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite). There are no official reports about the spyware campaign, but media reports that threat actors may have used a specially crafted PDF file as bait.

Spyware

Spyware Hacking Surveillance Media

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain. Twitter @Slvlombardo.

Malware

Malware Computers and Electronics Encryption Ransomware

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Security Affairs

MARCH 13, 2025

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. center, linked to Konni malware used by APT37, and nidlogon[.]com, One of C2 domains, st0746[.]net,

Spyware

Spyware Surveillance Encryption Malware

Experts spotted a new sophisticated malware toolkit called Decoy Dog

Security Affairs

MAY 1, 2023

Infoblox researchers discovered a new sophisticated malware toolkit, dubbed Decoy Dog, targeting enterprise networks. While analyzing billions of DNS records, Infoblox researchers discovered a sophisticated malware toolkit, dubbed Decoy Dog, that was employed in attacks aimed at enterprise networks.

Malware

Malware DNS Education Media

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Some of these clusters specifically target Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances. The experts identified five distinct login clusters (alogin, xlogin, axlogin, rlogin, and zylogin) associated with these botnet operators.

Passwords

Passwords Wireless VPN Accountability

CEO of cybersecurity firm charged with installing malware on hospital systems

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Webinars

Trending Sources

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Webinars

Crazy Evil gang runs over 10 highly specialized social media scams

Iran and China-linked actors used ChatGPT for preparing attacks

International law enforcement operation dismantled RedLine and Meta infostealers

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Crypto mining campaign targets Docker environments with new evasion technique

Operation SyncHole: Lazarus APT targets supply chains in South Korea

Security Affairs Malware Newsletter – Round 5

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

New LightSpy spyware version targets iPhones with destructive capabilities

Canadian authorities arrested alleged Snowflake hacker

3CX Breach Was a Double Supply Chain Compromise

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Apple fixed the first actively exploited zero-day of 2025

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Adrozek malware silently inject ads into search results in multiple browsers

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

15 SpyLoan Android apps found on Google Play had over 8 million installs

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Law enforcement seized the domains of HeartSender cybercrime marketplaces

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports

How to implant a malware in hidden area of SSDs with Flex Capacity feature

8Base ransomware group hacked Croatia’s Port of Rijeka

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

Hackers are taking advantage of the interest in generative AI to install Malware

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

BingoMod Android RAT steals money from victims’ bank accounts and wipes data

SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority

WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware

Wannacry, the hybrid malware that brought the world to its knees

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Experts spotted a new sophisticated malware toolkit called Decoy Dog

Chinese threat actors use Quad7 botnet in password-spray attacks

Stay Connected