Malware Archives - Security Affairs

Pierluigi Paganini July 05, 2025

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram. […]

Pierluigi Paganini July 04, 2025

A flaw in Catwatchful spyware exposed logins of +62,000 users

A flaw in Catwatchful spyware exposed logins of 62,000 users, turning the spy tool into a data leak, security researcher Eric Daigle revealed. A flaw in the Catwatchful Android spyware exposed its full user database, leaking email addresses and plaintext passwords of both customers and its admin, TechCrunch first reported. Security researcher Eric Daigle first discovered […]

Pierluigi Paganini June 29, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Ransomware Gangs Collapse as Qilin Seizes Control Dissecting a Python Ransomware distributed through GitHub repositories SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play Uncovering a Tor-Enabled Docker Exploit […]

Pierluigi Paganini June 28, 2025

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

Over 1,000 SOHO devices were hacked in a China-linked spying campaign called LapDogs, forming a covert network to support cyber espionage. Security researchers at SecurityScorecard’s STRIKE team have uncovered a cyber espionage campaign, dubbed LapDogs, involving over 1,000 hacked SOHO (small office/home office) devices. These compromised devices formed a hidden network, called an Operational Relay […]

Pierluigi Paganini June 25, 2025

Hackers deploy fake SonicWall VPN App to steal corporate credentials

Hackers spread a trojanized version of SonicWall VPN app to steal login credentials from users accessing corporate networks. Unknown threat actors are distributing a trojanized version of SonicWall NetExtender SSL VPN app to steal user credentials. The legitimate NetExtender app lets remote users securely access and use company network resources as if they were on-site. […]

Pierluigi Paganini June 25, 2025

Disrupting the operations of cryptocurrency mining botnets

Cybersecurity researchers devised two attack techniques to disrupt the operations of cryptocurrency mining botnets. Akamai Researchers uncovered two novel techniques to disrupt cryptocurrency mining botnets by exploiting flaws in common mining topologies. Current methods to stop cryptocurrecy mining botnets are pool bans or infrastructure takedowns, however, both are slow and complex. Researchers developed two faster techniques exploiting […]

Pierluigi Paganini June 25, 2025

Prometei botnet activity has surged since March 2025

Prometei botnet activity has surged since March 2025, with a new malware variant spreading rapidly, Palo Alto Networks reports. Palo Alto Networks warns of a spike in Prometei botnet activity since March 2025, the researchers observed a new variant spreading rapidly. Since March 2025, Prometei botnet is targeting Linux systems for Monero mining and credential […]

Pierluigi Paganini June 24, 2025

Russia-linked APT28 use Signal chats to target Ukraine official with malware

Russia-linked group APT28 uses Signal chats as an attack vector to phish Ukrainian officials with new malware strains. Russia-linked cyberespionage group APT28 is targeting Ukrainian government officials using Signal chats to deliver two new types of malware, tracked as BeardShell and SlimAgent. While Signal itself remains secure, attackers are exploiting its growing popularity in official […]

Pierluigi Paganini June 22, 2025

Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims

Qilin ransomware gang now offers a “Call Lawyer” feature to help affiliates pressure victims into paying, per Cybereason. The Qilin ransomware group is now offering legal support to its affiliates through a “Call Lawyer” feature to pressure victims into paying. This move, reported by cybersecurity firm Cybereason, shows Qilin stepping up its operations and trying […]

Pierluigi Paganini June 22, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet Predator Still Active, with New Client and Corporate Links Identified Threat Group Targets Companies in Taiwan Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion Anubis: A […]

Malware

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

A flaw in Catwatchful spyware exposed logins of +62,000 users

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

Hackers deploy fake SonicWall VPN App to steal corporate credentials

Disrupting the operations of cryptocurrency mining botnets

Prometei botnet activity has surged since March 2025

Russia-linked APT28 use Signal chats to target Ukraine official with malware

Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

Critical Sudo bugs expose major Linux distros to local Root exploits

Google fined $314M for misusing idle Android users' data

A flaw in Catwatchful spyware exposed logins of +62,000 users

China-linked group Houken hit French organizations using zero-days

QUICK LINKS

Malware

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!