Malware Alerts

Microsoft has uncovered a large-scale malware attack, named Storm-0408, that infected nearly one million devices worldwide. The attackers used malvertising on illegal streaming sites to spread malware hosted on GitHub, Discord, and Dropbox. The malware stole personal data, browser credentials, and even disabled security protections.

A dangerous new version of the Android Remote Access Tool (RAT), called AndroRAT, is being used by hackers to steal unlock patterns, PINs, and passcodes from Android devices. Originally an open-source university project in 2012, AndroRAT has now evolved into a powerful malware that bypasses security defenses up to Android 15. This latest variant spreads through fake apps and phishing links, using advanced techniques to hijack device controls, steal biometric data, and break into locked smartphones.

Cybercriminals are using stolen browser fingerprints to bypass security checks and impersonate users. The ScreamedJungle attack targets outdated Magento e-commerce platforms to inject malicious scripts that steal unique digital identifiers. This allows hackers to evade security systems, including multi-factor authentication (MFA) and device reputation checks.

A dangerous Android malware app, SpyLend, was downloaded 100,000+ times from Google Play, pretending to be a financial tool. Instead, it stole user data and was used for predatory loan scams in India. Users were harassed, blackmailed, and threatened if they failed to repay high-interest loans.

A dangerous Wi-Fi password-stealing tool has been found on GitHub. This Python-based script can extract saved Wi-Fi credentials from Windows devices, making it a serious security risk. While labeled as an "educational tool," it can easily be misused by hackers to gain unauthorized network access.

A new ransomware campaign called XELERA is tricking job seekers with fake job offers from the Food Corporation of India (FCI). Victims receive malicious Word documents via email, which install ransomware and steal personal data. The attack also uses Discord bots to control infected computers remotely.

The 'Bitter' cyberespionage group has launched attacks on Turkish defense organizations, deploying a new malware family, MiyaRAT. This sophisticated malware, alongside WmRAT, leverages alternate data streams and advanced techniques to exfiltrate sensitive data and control compromised systems.

The Horns and Hooves campaign, active since March 2023, has targeted over 1,000 victims with phishing emails containing JavaScript payloads that deploy sophisticated RAT malware like NetSupport RAT and BurnsRAT. This attack primarily targets private users, retailers, and service businesses in Russia, leveraging remote access tools for data theft, ransomware, and malware deployment.

Over 8 million Android users across nine countries have been impacted by SpyLoan malware embedded in loan apps downloaded from the Google Play Store. These apps exploit user trust, financial desperation, and intrusive permissions to harvest sensitive data, leading to extortion, harassment, and financial loss.

Hackers have leveraged the popular Godot game engine to spread GodLoader malware, infecting over 17,000 systems within three months. By exploiting Godot’s scripting language and packaging capabilities, cybercriminals bypass detection and deliver payloads like the XMRig crypto miner. This attack highlights the need for vigilance within open-source communities and enhanced protection against malware disguised as legitimate tools.