Pierluigi Paganini
April 21, 2025
âSuperCard Xâ – a new MaaS – targets Androids via NFC relay attacks, enabling fraudulent POS and ATM transactions with stolen card data. Cleafy researchers discovered a new malware-as-a-service (MaaS) called SuperCard X targeting Android devices with NFC relay attacks for fraudulent cash-outs. Attackers promote the MaaS through Telegram channels, analysis shows SuperCard X builds […]
Pierluigi Paganini
April 21, 2025
Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. Check Point Research team reported that Russia-linked cyberespionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) is behind a sophisticated phishing campaign targeting European diplomatic entities, using a new WINELOADER variant and a previously unknown malware called GRAPELOADER. “While the […]
Pierluigi Paganini
April 20, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft? BPFDoorâs Hidden Controller Used Against Asia, Middle East […]
Pierluigi Paganini
April 17, 2025
China-linked APT group Mustang Panda deployed a new custom backdoor, MQsTTang, in recent attacks targeting Europe, Asia, and Australia. China-linked APT group Mustang Panda (aka Camaro Dragon, RedDelta or Bronze President). deployed a new custom backdoor, tracked as MQsTTang, in recent attacks targeting entities in Europe, Asia, and Australia. Mustang Panda has been active since […]
Pierluigi Paganini
April 17, 2025
Microsoft warns of a malvertising campaign using Node.js to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. Microsoft has observed Node.js increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. Threat actors are increasingly using Node.js to deploy malware, shifting from traditional […]
Pierluigi Paganini
April 16, 2025
Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June 2024, Doctor Web researchers found cheap Android phones preloaded with fake WhatsApp and Telegram apps designed to steal crypto via clipping. These clippers swap copied wallet addresses with the attackersâ own. The campaign targeted low-end […]
Pierluigi Paganini
April 16, 2025
The business services provider Conduent told the SEC a January cyberattack exposed personal data, including names and Social Security numbers. The business services provider Conduent revealed that personal information, including names and Social Security numbers, was stolen in a January cyberattack. In January, Conduent confirmed a cyberattack caused service disruptions after agencies in multiple US […]
Pierluigi Paganini
April 14, 2025
New malware âResolverRATâ is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data. Morphisec researchers discovered a new malware dubbed âResolverRATâ that is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data. ResolverRAT spreads via phishing emails using localized languages and legal lures. Victims download a malicious file triggering […]
Pierluigi Paganini
April 14, 2025
Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. Fortinet researchers discovered multiple malicious NPM packages that are used to target PayPal users. The packages were uploaded to the repository in early March by a threat actor known as tommyboy_h1 and tommyboy_h2, and were used to steal PayPal credentials and hijack cryptocurrency transfers. “Using PayPal-related […]
Pierluigi Paganini
April 14, 2025
Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Cell C is the fourth-largest mobile network operator in South Africa, ,after Vodacom, MTN, and Telkom. The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and […]
