Latest Info Stealer news

New Unfurling Hemlock threat actor floods systems with malware

A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files.
- Bill Toulas
- June 27, 2024
- 06:27 PM
- 0
Fake Google Chrome errors trick you into running malicious PowerShell scripts

A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware.
- Bill Toulas
- June 17, 2024
- 06:31 PM
- 3
CoralRaider attacks use CDN cache to push info-stealer malware

A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan.
- Bill Toulas
- April 23, 2024
- 05:27 PM
- 0
Malicious PowerShell script pushing malware looks AI-written

A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot.
- Ionut Ilascu
- April 10, 2024
- 12:12 PM
- 0
Fake Facebook MidJourney AI page promoted malware to 1.2 million people

Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware.
- Bill Toulas
- April 05, 2024
- 12:47 PM
- 0
PyPI suspends new user registration to block malware campaign

The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign.
- Bill Toulas
- March 28, 2024
- 02:03 PM
- 0
Hackers poison source code from largest Discord bot platform

The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers with malware that steals sensitive information.
- Bill Toulas
- March 25, 2024
- 02:00 PM
- 0
Over 100 US and EU orgs targeted in StrelaStealer malware attacks

A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials.
- Bill Toulas
- March 24, 2024
- 10:19 AM
- 0
MacOS info-stealers quickly evolve to evade XProtect detection

Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently.
- Bill Toulas
- January 16, 2024
- 04:29 PM
- 1
Windows SmartScreen flaw exploited to drop Phemedrone malware

A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files.
- Bill Toulas
- January 15, 2024
- 01:32 PM
- 0
Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts

Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
- Bill Toulas
- December 29, 2023
- 11:13 AM
- 5
Rhadamanthys Stealer malware evolves with more powerful features

The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion.
- Bill Toulas
- December 17, 2023
- 12:12 PM
- 0
Atomic Stealer malware strikes macOS via fake browser updates

The 'ClearFake' fake browser update campaign has expanded to macOS, targeting Apple computers with Atomic Stealer (AMOS) malware.
- Bill Toulas
- November 25, 2023
- 10:11 AM
- 0
Lumma Stealer malware now uses trigonometry to evade detection

The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.
- Bill Toulas
- November 20, 2023
- 09:40 AM
- 1
Hackers backdoor Russian state, industrial orgs for data theft

Several state and key industrial organizations in Russia were attacked with a custom Go-based backdoor that performs data theft, likely aiding espionage operations.
- Bill Toulas
- October 24, 2023
- 03:48 PM
- 0
Discord still a hotbed of malware activity — Now APTs join the fun

Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used to distribute malware, exfiltrate data, and targeted by threat actors to steal authentication tokens.
- Bill Toulas
- October 16, 2023
- 05:29 PM
- 4
Shadow PC warns of data breach as hacker tries to sell gamers' info

Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that exposed customers' private information, as a threat actor claims to be selling the stolen data for over 500,000 customers.
- Bill Toulas
- October 12, 2023
- 08:13 AM
- 0
New BunnyLoader threat emerges as a feature-rich malware-as-a-service

Security researchers discovered a new malware-as-a-service (MaaS) named 'BunnyLoader' advertised on multiple hacker forums as a fileless loader that can steal and replace the contents of the system clipboard.
- Bill Toulas
- October 02, 2023
- 03:59 PM
- 2
Fake Bitwarden sites push new ZenRAT password-stealing malware

Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT.
- Ionut Ilascu
- September 27, 2023
- 05:07 PM
- 0
New 'MetaStealer' malware targets Intel-based macOS systems

A new information stealer malware named 'MetaStealer' has appeared in the wild, stealing a wide variety of sensitive information from Intel-based macOS computers.
- Bill Toulas
- September 12, 2023
- 05:06 PM
- 0