Articles about Malware

Software company IObit has released Malware Fighter 13, adding new scanning capabilities and expanding its threat-detection methods. The company says the update is designed to improve protection against a wider range of cyber threats, including spyware, ransomware, and so-called fileless attacks.

The update introduces a pre-boot analysis module that scans the system during startup. This will allow the software to detect and remove malicious items before Windows loads, preventing them from reappearing after a reboot. The company says this may help systems start faster and run more reliably, but it hasn't released independent performance data to support that claim and your mileage may vary.

Continue reading →

A new report reveals a 40 percent (quarter-over-quarter) increase in evasive, advanced malware. The data highlights encrypted channels as adversaries' favored attack vector using Transport Layer Security (TLS), the encryption protocol behind most secure web traffic.

The study from WatchGuard Technologies, which provides cybersecurity for MSPs, shows 70 percent of all malware is now delivered via encrypted connections, the findings highlight attackers’ increasing reliance on obfuscation and stealth, and the need for organizations to improve visibility into encrypted traffic and adopt flexible protection strategies.

Continue reading →

The latest OS Malware Index from Sonatype shows a 140 percent surge in open source malware as attackers target data and trusted dependencies.

The index is compiled from analysis of 34,319 open source malware packages discovered by Sonatype across major open source registries including npm, PyPI, Hugging Face, and more. This quarter’s count brings the total number of malicious packages Sonatype has discovered to 877,522 since 2019.

Continue reading →

A new report from AI-powered managed extended detection and response company Ontinue shows a sharp rise in MFA-bypassing identity attacks in the first half of the year.

These attacks are using token replay abuse with roughly 20 percent of live incidents involving adversaries reusing stolen refresh tokens to bypass MFA, even after password resets.

Continue reading →

Phishing emails often feature malicious links (URLs) that lead victims to fake websites
where they are infected with harmful software or tricked into giving away personal
information.

There’s a constant battle between security tools getting better at identifying bad links and attackers trying to hide them more effectively. Barracuda has uncovered some of the latest approaches its researchers are seeing in attacks involving the advanced phishing-as-a-service (PhaaS) kit, Tycoon.

Continue reading →

Threat researchers at Barracuda have uncovered two new techniques being used by cyber attackers to help malicious QR codes evade detection in ‘quishing’ attacks.

Quishing is a form of phishing that involves the use of QR codes embedded with malicious links that, when scanned, redirect victims to fake websites designed to steal their credentials or other sensitive information.

Continue reading →

Cybercriminals increasingly favor malicious URLs over attachments, as they are easier to disguise and more likely to evade detection, according to the latest report from Proofpoint.

These links are embedded in messages, buttons, and even inside attachments like PDFs or Word documents to entice clicks that initiate credential phishing or malware downloads.

Continue reading →

Traditional detection methods are being outpaced, with a 127 percent rise in malware complexity and one in 14 files initially deemed ‘safe’ by legacy systems proving to be malicious.

A new report from OPSWAT uncovers layered threats designed to evade analysis, including obfuscated loaders such as NetReactor and evasive behaviors missed by traditional tools. These results show that modern malware intends to confuse rather than flood defenses.

Continue reading →

The Matanbuchus malware loader is not new – it has been around for at least 4 years – but it has evolved into something incredibly dangerous.

Matanbuchus 3.0 has been found targeting victims as part of a ransomware attack. Described as being “highly targeted”, the cyberattack campaign uses Microsoft Teams as a delivery method for the latest version of the malware loader. The highly sophisticated attack employs a Microsoft Teams call impersonating an IT helpdesk.

Continue reading →

Supply chain security company Sonatype has released the Q2 2025 edition of its Open Source Malware Index, uncovering 16,279 malicious open source packages across major ecosystem.

This brings the total number of open-source malware packages Sonatype has discovered to 845,204. Compared to the end of the same quarter last year, the total volume of malware logged by Sonatype has surged 188 percent, underscoring the growing sophistication and scale of attacks aimed at developers, software teams, and CI/CD pipelines.

Continue reading →

Chaos RAT is back and causing trouble on Linux and Windows systems. This open source remote access tool was once pitched as a legitimate way to manage computers remotely. Now, it is being used to spy on users, steal data, and possibly set the stage for ransomware. But in an ironic twist, attackers are now turning the tables and exploiting Chaos RAT itself.

Originally written in Go and designed for cross platform compatibility, Chaos RAT has evolved from a basic tool into a very dangerous piece of malware. It has been spotted in real world attacks including a recent sample disguised as a Linux network utility. Victims were likely tricked into downloading a fake troubleshooting tool containing the malware.

Continue reading →

A new report from WatchGuard Technologies shows a 94 percent increase in network-based malware detections in the last quarter of 2024.

There’s also been an increase in overall malware detections including a six percent increase in Gateway AntiVirus (GAV) detections and a 74 percent increase in Advanced Persistent Threat (APT) Blocker detections, the most significant rises came from proactive machine learning detection offered by IntelligentAV (IAV) at 315 percent.

Continue reading →

We've all become used to completing tests to prove we're not robots, but a new report from HP Wolf Security highlights the rising use of fake CAPTCHA verification tests which allow threat actors to trick users into infecting themselves.

The technique shows attackers are capitalizing on people's increasing familiarity with completing multiple authentication steps online -- a trend HP describes as 'click tolerance'.

Continue reading →

A new report from Darktrace reveals that Malware-as-a-Service (MaaS) is now responsible for 57 percent of all cyber threats to organizations, a 17 percent increase from the first half of 2024.

The use of remote access trojans (RATs) has also seen a significant increase in the latter half of last year, representing 46 percent of campaign activity identified, compared to only 12 percent in the first half.

Continue reading →

A new report from HP Wolf Security reveals that attackers are hiding malicious code in images on file hosting websites like archive.org, as well as using the same loader to install the final payload.

These techniques help attackers avoid detection, as image files appear benign when downloaded from well-known websites, bypassing network security like web proxies that rely on reputation.

Continue reading →