Articles about Malware

A new report from AI-powered managed extended detection and response company Ontinue shows a sharp rise in MFA-bypassing identity attacks in the first half of the year.

These attacks are using token replay abuse with roughly 20 percent of live incidents involving adversaries reusing stolen refresh tokens to bypass MFA, even after password resets.

Continue reading →

Phishing emails often feature malicious links (URLs) that lead victims to fake websites
where they are infected with harmful software or tricked into giving away personal
information.

There’s a constant battle between security tools getting better at identifying bad links and attackers trying to hide them more effectively. Barracuda has uncovered some of the latest approaches its researchers are seeing in attacks involving the advanced phishing-as-a-service (PhaaS) kit, Tycoon.

Continue reading →

Threat researchers at Barracuda have uncovered two new techniques being used by cyber attackers to help malicious QR codes evade detection in ‘quishing’ attacks.

Quishing is a form of phishing that involves the use of QR codes embedded with malicious links that, when scanned, redirect victims to fake websites designed to steal their credentials or other sensitive information.

Continue reading →

Cybercriminals increasingly favor malicious URLs over attachments, as they are easier to disguise and more likely to evade detection, according to the latest report from Proofpoint.

These links are embedded in messages, buttons, and even inside attachments like PDFs or Word documents to entice clicks that initiate credential phishing or malware downloads.

Continue reading →

Traditional detection methods are being outpaced, with a 127 percent rise in malware complexity and one in 14 files initially deemed ‘safe’ by legacy systems proving to be malicious.

A new report from OPSWAT uncovers layered threats designed to evade analysis, including obfuscated loaders such as NetReactor and evasive behaviors missed by traditional tools. These results show that modern malware intends to confuse rather than flood defenses.

Continue reading →

The Matanbuchus malware loader is not new – it has been around for at least 4 years – but it has evolved into something incredibly dangerous.

Matanbuchus 3.0 has been found targeting victims as part of a ransomware attack. Described as being “highly targeted”, the cyberattack campaign uses Microsoft Teams as a delivery method for the latest version of the malware loader. The highly sophisticated attack employs a Microsoft Teams call impersonating an IT helpdesk.

Continue reading →

Supply chain security company Sonatype has released the Q2 2025 edition of its Open Source Malware Index, uncovering 16,279 malicious open source packages across major ecosystem.

This brings the total number of open-source malware packages Sonatype has discovered to 845,204. Compared to the end of the same quarter last year, the total volume of malware logged by Sonatype has surged 188 percent, underscoring the growing sophistication and scale of attacks aimed at developers, software teams, and CI/CD pipelines.

Continue reading →

Chaos RAT is back and causing trouble on Linux and Windows systems. This open source remote access tool was once pitched as a legitimate way to manage computers remotely. Now, it is being used to spy on users, steal data, and possibly set the stage for ransomware. But in an ironic twist, attackers are now turning the tables and exploiting Chaos RAT itself.

Originally written in Go and designed for cross platform compatibility, Chaos RAT has evolved from a basic tool into a very dangerous piece of malware. It has been spotted in real world attacks including a recent sample disguised as a Linux network utility. Victims were likely tricked into downloading a fake troubleshooting tool containing the malware.

Continue reading →

A new report from WatchGuard Technologies shows a 94 percent increase in network-based malware detections in the last quarter of 2024.

There’s also been an increase in overall malware detections including a six percent increase in Gateway AntiVirus (GAV) detections and a 74 percent increase in Advanced Persistent Threat (APT) Blocker detections, the most significant rises came from proactive machine learning detection offered by IntelligentAV (IAV) at 315 percent.

Continue reading →

We've all become used to completing tests to prove we're not robots, but a new report from HP Wolf Security highlights the rising use of fake CAPTCHA verification tests which allow threat actors to trick users into infecting themselves.

The technique shows attackers are capitalizing on people's increasing familiarity with completing multiple authentication steps online -- a trend HP describes as 'click tolerance'.

Continue reading →

A new report from Darktrace reveals that Malware-as-a-Service (MaaS) is now responsible for 57 percent of all cyber threats to organizations, a 17 percent increase from the first half of 2024.

The use of remote access trojans (RATs) has also seen a significant increase in the latter half of last year, representing 46 percent of campaign activity identified, compared to only 12 percent in the first half.

Continue reading →

A new report from HP Wolf Security reveals that attackers are hiding malicious code in images on file hosting websites like archive.org, as well as using the same loader to install the final payload.

These techniques help attackers avoid detection, as image files appear benign when downloaded from well-known websites, bypassing network security like web proxies that rely on reputation.

Continue reading →

Social media has seen a 335 percent boom in new scams using deepfake videos and company-branded posts to lure victims into fraudulent investment schemes.

The latest threat report from ESET tracks these as HTML/Nomani, the countries with the most detections being Japan, Slovakia, Canada, Spain, and Czechia.

Continue reading →

Linux-based operating systems have long been heralded as being inherently more secure than Windows. Whether or not this is true is open to debate, as is the impact of user numbers on making an OS a target for malware writers.

A key security concern in recent times has been UEFI bootkits, and it has been something affecting only Windows-based systems. Now, however, security firm ESET has revealed details of Bootkitty, the first UEFI bootkit designed for Linux systems.

Continue reading →

The latest threat insights report from HP Wolf Security has identified a new campaign using malware believed to have been written with the help of GenAI.

Analysis of the campaign, targeting French-speakers using VBScript and JavaScript, finds the structure of the scripts, comments explaining each line of code, and the choice of native language function names and variables are strong indications that the threat actor used GenAI to create the malware.

Continue reading →