Malware
Coverage of Malware in the Nexus archive.
- Protect your data with a guest WiFi network
The article explains how setting up a guest WiFi network can enhance home network security by isolating guests' devices from the primary network. Consumer Reports recommends this method to prevent malware spread, improve network performance, and simplify WiFi sharing for visitors.
- New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
Researchers at Shandong University have developed a method called TrojPix to extract data from air-gapped systems by manipulating on-screen pixels to generate undetectable radio signals through video cables. The technique requires existing malware on the target machine to function.
- [US] Playstore adware (maybe malware?) disguised as AAA games
A user discovered fake apps on the Google Play Store disguised as AAA games like No Man's Sky, which are actually ad-filled scams that prevent gameplay. These apps use misleading titles and package names, and Google has not removed them despite reports.
- Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware
Attackers are exploiting AI-generated fake domains by purchasing them and hosting phishing pages or malware, a tactic named 'phantom squatting' by Palo Alto Networks' Unit 42. The practice leverages domains hallucinated by large language models to direct traffic to malicious sites.
- 119 Edge extensions promised useful tools, instead downloaded malware
Microsoft removed 119 Edge extensions linked to a malware campaign called StegoAd, which infected 2.6 million users by initially providing useful tools before secretly downloading malware. The malware stole credentials and used steganography to hide code in images, with some extensions reusing names of legitimate tools to gain trust.
- Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
A Russian advanced persistent threat (APT) group, Gamaredon, has expanded its cyber attacks against Ukraine in 2025 by deploying new malware and abusing cloud services. Slovakian cybersecurity company ESET reported 35 spear-phishing campaigns conducted by Gamaredon, primarily targeting new entities in the second half of the year.
- [US] Fake Captcha Malaware
A user accidentally ran a line of code from a fake Sporkle site on their Mac, terminated the program, and took steps to check for malware, but remains concerned about potential compromise.
- Clean GitHub repo tricks AI coding agents into running malware
A GitHub repository appearing benign can trick AI coding agents into executing undetected malicious payloads. The malware remains invisible to security scanners, AI agents, and human reviewers during setup.
- Malware steals Chrome session cookies to take over your accounts
A phishing email with a malicious JavaScript file disguised as a PDF installs a Chrome extension that steals session cookies and uses Chrome Native Messaging to execute PowerShell commands. The malware bypasses multi-factor authentication by hijacking active browser sessions and collects data like open tabs and system files.
- [US]AI trailers for fantasy (or other?) series on instagram, then direct you to download some app?
AI-generated trailers for a fantasy series on Instagram direct users to download an app, raising concerns about potential scams or malware. The creator is suspected of using AI to produce content for an unaffordable project, with users questioning its prevalence and legitimacy.
- AryStinger botnet infected thousands of D-Link routers worldwide
The AryStinger botnet has infected over 4,000 outdated D-Link routers globally, using them as proxies for malicious traffic. The malware is previously undocumented and targets compromised devices to facilitate cyberattacks.
- Microsoft found malware that hijacks crypto wallets and spreads through USB sticks
Microsoft discovered malware that hijacks cryptocurrency wallets and spreads via USB sticks. The malware compromises digital assets by exploiting physical storage devices.
- Steam Workshop abused to spread malware via Wallpaper Engine app
Threat actors are exploiting Steam Workshop, Valve's community hub for game-related content, to distribute malware hidden in wallpaper packages through the Wallpaper Engine app.
- Nothing on the Internet Is Secure Anymore
The article discusses the increasing sophistication and scale of cyberattacks, driven by AI-enhanced malware and a fourfold rise in daily attacks reported by Palo Alto Networks. Experts warn of vulnerabilities in internet security, with AI tools enabling faster and more complex hacking methods.
- Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Packages
Arch Linux has stated that a malware incident affecting more than 1,500 packages is now under control. The incident involved compromised packages in the Arch User Repository (AUR).
- AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
AI-powered phishing attacks are generating high-volume alerts, overwhelming Security Operations Centers (SOCs) and Tier 1 analysts. Attackers use AI to create convincing emails and fake login pages, increasing the workload for security teams to review alerts and detect threats like credential theft or malware.
- Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
Cybersecurity researchers identified a large-scale operation using fake websites that mimic open-source and freeware projects to distribute malware through a Traffic Distribution System (TDS). The malware includes Remus Stealer, AnimateClipper, and the SessionGate framework, delivered via well-designed, deceptive sites resembling legitimate project portals.
- Over 116,000 Minecraft systems infected in WeedHack malware campaign
A malware campaign named WeedHack has infected over 116,000 Minecraft player systems since January. The attack specifically targets users of the popular game Minecraft.
- WordPress malware campaign hides payloads in Steam profiles
Nearly 2,000 WordPress websites were infected with malware that uses Steam Community profile comments to hide command-and-control data. The campaign involves hiding malicious payloads in Steam profiles to communicate with compromised sites.
- How Iran’s military harnesses ChatGPT
Iran’s military is using Western AI models like ChatGPT to enhance its cyber operations, including developing malware and launching attacks. The article highlights how these tools are being leveraged to advance Tehran’s cyber capabilities.
- ChatGPT share links abused to host fake outage pages to deliver malware
Threat actors are exploiting ChatGPT's content-sharing feature to display fake OpenAI outage pages, which redirect users to download malware disguised as the ChatGPT desktop application.
- AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Microsoft has issued a warning about a cryptojacking campaign exploiting AI chatbot interactions to direct users to malicious download sites. The tactic leverages AI recommendations to amplify the visibility of malware, extending social engineering beyond traditional search methods.
- Grand Theft Data: Threat Actors Weaponizing GTA 6 Hype, NordVPN Warns
Cybercriminals are exploiting the popularity of Grand Theft Auto 6 by distributing phishing traps and malware, according to a warning from NordVPN. The threat actors are using the game's hype to lure victims into malicious schemes.
- AI guardrails stripped from Meta and Google models in minutes
Software capable of quickly removing safety measures from AI models developed by Meta and Google allows these systems to generate responses related to biological weapons and malware. The vulnerability highlights risks in AI safety protocols.
- Kash Patel’s clothing brand website shut down after reports it was hacked
Kash Patel's clothing brand website was shut down after being hacked by cybercriminals. The hackers hijacked the site and attempted to distribute malware to visitors. The incident was reported by users on X (formerly Twitter).
- Valve removes free game from Steam after players discover it contains malware
Valve has removed a free horror game from Steam after users discovered it contained malware designed to steal player data. The incident highlights ongoing security concerns on the platform regarding malicious content slipping through review processes.
- Belarus-linked hackers use fake training certificates to target Ukrainian officials
GhostWriter, a Belarus-linked hacking group, has initiated a new espionage campaign targeting Ukrainian government officials using fake emails impersonating an online learning platform to distribute malware. The campaign uses counterfeit training certificates as a social engineering tactic to compromise Ukrainian officials.
- This is what some the world’s largest banks of malware look like stacked as hard drives
The article visualizes the world's largest malware repositories as stacked hard drives. It provides a unique perspective on the scale of malware storage. The concept is used to illustrate the massive amount of malware data.
- Telegram Mini Apps abused for crypto scams, Android malware delivery
Cybersecurity researchers discovered a large-scale fraud operation exploiting Telegram's Mini App feature to conduct crypto scams, impersonate brands, and deliver Android malware.
- Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Security firm Checkmarx has been targeted in multiple supply-chain attacks over 40 days, including a breach of the Trivy vulnerability scanner and a ransomware attack. Attackers compromised GitHub accounts to deliver malware to users, stealing credentials like repository tokens and SSH keys.
- UNC6692 Combines Social Engineering, Malware, Cloud Abuse
A new threat actor named UNC6692 is leveraging Microsoft Teams, AWS S3 buckets, and custom 'Snow' malware in a coordinated campaign combining social engineering, malware, and cloud infrastructure abuse.
- Malicious trading website drops malware that hands your browser to attackers
A malicious trading website has been distributing malware that allows attackers to take control of users' browsers. The threat, highlighted by cybersecurity firm Malwarebytes, poses a significant risk to online security.
- Fake SSA email alert: Spot this scam fast
A phishing scam impersonating the Social Security Administration (SSA) uses fake emails with official logos and urgent deadlines to trick recipients into downloading malware. The email contains spelling errors, a non-gov domain, and a suspicious 'Download Now' button. The SSA explicitly states it does not request sensitive information or send software downloads via email.
- Hackers impersonate Microsoft Teams help desk to breach corporate networks
Hackers are impersonating Microsoft Teams help desk workers to trick victims into installing data-stealing malware, according to researchers. This tactic has been used to breach corporate networks and compromise sensitive data.
- Why are top university websites serving porn? It comes down to shoddy housekeeping.
Top universities like UC Berkeley, Columbia University, and Washington University in St. Louis have subdomains serving explicit porn and malware due to administrators failing to remove expired CNAME records. Scammers linked to the Hazy Hawk group exploit these neglected records, with researcher Alex Shakhov identifying hundreds of hijacked subdomains across 34 universities.
- AI Tools Are Helping Mediocre North Korean Hackers Steal Millions
North Korean hackers used AI tools to develop malware and create fake company websites, stealing up to $12 million in three months. The group leveraged AI for tasks like 'vibe coding' to enhance their cyberattacks.
- DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'
A compromised developer's repository is being used to propagate fake job scams linked to the DPRK, spreading remote access Trojans (RATs) and other malware through a worm-like infection vector. The attack method leverages malicious software to compromise systems and steal data.
- Lazarus Group Malware Targets Crypto, Business Execs via macOS
The Lazarus Group is using malware targeting macOS to attack cryptocurrency and business executives. The threat highlights increased cybersecurity risks for these sectors.
- Fake Windows update installs hidden malware
A fake Windows update scam uses a typosquatted domain to mimic official Microsoft branding, tricking users into downloading malware that steals passwords, payment details, and account access. The malware employs legitimate tools and layered attack techniques to evade detection, persisting on systems by blending with normal processes and modifying apps like Discord.
- Claude Code Opus 4.7 keeps checking on malware
A user reports that Claude Code Opus 4.7 AI is excessively restricting their work by flagging legitimate tasks as potential malware or security violations. The user, who pays for a premium subscription and works in web scraping, feels the AI is controlling their workflow and questions if this signals a divide between 'good' and 'bad' users in AI adoption.