malware

  • Blog
    digitpatrox1 week ago
    50

    Hackers turn ScreenConnect into malware using Authenticode stuffing

    Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client’s  Authenticode signature. ConnectWise ScreenConnect is a remote monitoring and management (RMM) software that allows IT admins and managed service providers (MSPs) to troubleshoot devices remotely. When a ScreenConnect installer is built, it can be customized to include the remote server…

    Read More »
  • Blog
    digitpatrox1 week ago
    41

    WinRAR patches bug letting malware launch from extracted archives

    WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive. The flaw tracked as CVE-2025-6218 and assigned a CVSS score of 7.8 (high severity), was discovered by security researcher whs3-detonator who reported it through Zero Day Initiative on June 5, 2025. It affects only the Windows…

    Read More »
  • Blog
    digitpatrox1 week ago
    47

    APT28 hackers use Signal chats to launch new malware attacks on Ukraine

    The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. To be clear, this is not a security issue in Signal. Instead, threat actors are more commonly utilizing the messaging platform as part of their phishing attacks due to its increased usage by governments worldwide.…

    Read More »
  • Blog
    digitpatrox1 week ago
    46

    Malware on Google Play, Apple App Store stole your photos—and crypto

    A new mobile crypto-stealing malware called SparkKitty was found in apps on Google Play and the Apple App Store, targeting Android and iOS devices. The malware is a possible evolution of SparkCat, which Kaspersky discovered in January. SparkCat used optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from images saved on infected devices. When installing crypto wallets, the…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    49

    ‘Godfather’ Malware Is Now Hijacking Banking Apps on Android

    As malware evolves to be more sophisticated, seeing should not always equal believing. A new iteration of the “Godfather” malware found on Android is hijacking legitimate banking apps, making it increasingly difficult for users (and on-device protections) to detect. An early version of Godfather utilized screen overlay attacks, which placed fraudulent HTML login screens on top of legitimate banking and…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    43

    Godfather Android malware now uses virtualization to hijack banking apps

    A new version of the Android malware “Godfather” creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps. These malicious apps are executed inside a controlled virtual environment on the device, enabling real-time spying, credential theft, and transaction manipulation while maintaining perfect visual deception. The tactic resembles that seen in the FjordPhantom Android malware in…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    55

    North Korean hackers deepfake execs in Zoom call to spread Mac malware

    The North Korean BlueNoroff hacking group is deepfaking company executives during Zoom calls to trick employees into installing custom malware on their macOS devices. BlueNoroff (aka Sapphire Sleet or TA444) is a North Korean advanced persistent threat (APT) group known for conducting cryptocurrency theft attacks using Windows and Mac malware. Huntress researchers uncovered a new BlueNoroff attack on June 11, 2025,…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    50

    Discord flaw lets hackers reuse expired invites in malware campaign

    Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. The campaign relies on a flaw in the Discord invitation system to leverage multi-stage infections that evade multiple antivirus engines. “Reviving” expired Discord invites Discord invite links are URLs that allow someone to join a specific Discord server. They…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    62

    Hackers exploited Windows WebDav zero-day to drop malware

    An APT hacking group known as ‘Stealth Falcon’ exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen. Stealth Falcon (aka ‘FruityArmor’) is an advanced persistent threat (APT) group known for conducting cyberespionage attacks against Middle East organizations. The flaw, tracked under CVE-2025-33053, is a remote code execution…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    60

    DanaBot malware operators exposed via C2 bug added in 2022

    A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action. DanaBot is a malware-as-a-service (MaaS) platform active from 2018 through 2025, used for banking fraud, credential theft, remote access, and distributed denial of service (DDoS) attacks. Zscaler’s ThreatLabz researchers who discovered the vulnerability, dubbed…

    Read More »
Load More
Back to top button
close