Latest Information-stealing malware news

Fake IT support sites push malicious PowerShell scripts as Windows fixes

Fake IT support sites promote malicious PowerShell "fixes" for common Windows errors, like the 0x80070643 error, to infect devices with information-stealing malware.
- Lawrence Abrams
- June 30, 2024
- 10:21 AM
- 0
Scathing report on Medibank cyberattack highlights unenforced MFA

A scathing report by Australia's Information Commissioner details how misconfigurations and missed alerts allowed a hacker to breach Medibank and steal data from over 9 million people.
- Lawrence Abrams
- June 18, 2024
- 01:25 PM
- 1
Microsoft delays Windows Recall amid privacy and security concerns

Microsoft is delaying the release of its AI-powered Windows Recall feature to test and secure it further before releasing it in a public preview on Copilot+ PCs.
- Lawrence Abrams
- June 13, 2024
- 10:11 PM
- 7
Cybercriminals pose as "helpful" Stack Overflow users to push malware

Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware.
- Lawrence Abrams
- May 29, 2024
- 07:22 PM
- 1
Fake cheat lures gamers into spreading infostealer malware

A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too.
- Bill Toulas
- April 18, 2024
- 08:46 PM
- 0
Activision: Enable 2FA to secure accounts recently stolen by malware

An infostealer malware campaign has reportedly collected millions of logins from users of various gaming websites, including players that use cheats, pay-to-cheat services.
- Bill Toulas
- March 29, 2024
- 04:25 PM
- 1
Sponsored Content
Ransomware Groups, Targeting Preferences, and the Access Economy

The cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime.
- Sponsored by Flare
- February 20, 2024
- 10:01 AM
- 0
Have I Been Pwned adds 71 million emails from Naz.API stolen account list

Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service.
- Lawrence Abrams
- January 17, 2024
- 05:06 PM
- 2
Windows SmartScreen flaw exploited to drop Phemedrone malware

A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files.
- Bill Toulas
- January 15, 2024
- 01:32 PM
- 0
Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.
- Lawrence Abrams
- January 06, 2024
- 11:40 AM
- 1
Hacker hijacks Orange Spain RIPE account to cause BGP havoc

Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration.
- Lawrence Abrams
- January 03, 2024
- 02:44 PM
- 0
Lumma Stealer malware now uses trigonometry to evade detection

The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.
- Bill Toulas
- November 20, 2023
- 09:40 AM
- 1
Hundreds of malicious Python packages found stealing sensitive data

A malicious campaign that researchers observed growing more complex over the past half year, has been planting on open-source platforms hundreds of info-stealing packages that counted about 75,000 downloads.
- Bill Toulas
- October 04, 2023
- 05:31 PM
- 0
SSH keys stolen by stream of malicious PyPI and npm packages

A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms.
- Bill Toulas
- September 27, 2023
- 05:48 PM
- 1
APT37 hackers deploy new FadeStealer eavesdropping malware

The North Korean APT37 hacking group uses a new 'FadeStealer' information-stealing malware containing a 'wiretapping' feature, allowing the threat actor to snoop and record from victims' microphones.
- Lawrence Abrams
- June 21, 2023
- 04:16 PM
- 0
New Mystic Stealer malware increasingly used in attacks

A new information-stealing malware named 'Mystic Stealer,' has been promoted on hacking forums and darknet markets since April 2023, quickly gaining traction in the cybercrime community.
- Bill Toulas
- June 18, 2023
- 11:14 AM
- 0
Sponsored Content
Dissecting the Dark Web Supply Chain: Stealer Logs in Context

Stealer logs represent one of the primary threat vectors for modern companies. This Flare explainer article will delve into the lifecycle of stealer malware and provide tips for detection and remediation.
- Sponsored by Flare
- June 06, 2023
- 10:04 AM
- 0
Online sellers targeted by new information-stealing malware campaign

Online sellers are targeted in a new campaign to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks.
- Lawrence Abrams
- June 03, 2023
- 11:52 AM
- 1
RomCom malware spread via Google Ads for ChatGPT, GIMP, more

A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers.
- Bill Toulas
- May 30, 2023
- 03:01 PM
- 2
CircleCI's hack caused by malware stealing engineer's 2FA-backed session

Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that stole the employee's 2FA-backed SSO session, allowing access to the company's internal systems.
- Lawrence Abrams
- January 14, 2023
- 05:28 PM
- 0