Search Results for "malware"

Axios Javascript Client Library March 31, 2026 • [ supply chain attack, account takeover, malware ] A threat actor hijacked the npm account of Axios's lead maintainer and published malicious versions 1.14.1 and 0.30.4 with a hidden dependency that deployed a RAT on systems that installed the packages; the poisoned versions were later removed.

LiteLLM March 24, 2026 • [ supply chain attack, malware, credential theft ] TeamPCP used compromised release access to publish malicious LiteLLM versions to PyPI, embedding code that exfiltrated secrets and established persistence on systems that installed the poisoned packages.

At least one Ukrainian official March 23, 2026 • [ phishing, remote administration tool, malware ] A pro-Russian group tracked as UAC-0255 and linked to CyberSerp sent phishing emails impersonating CERT-UA and successfully infected a small number of devices in Ukraine with the AgeWheeze remote administration tool, enabling remote control of compromised systems.

Duet Night Abyss March 18, 2026 • [ malware, infostealer, supply chain attack ] Kotaku reported that on March 18, 2026 Duet Night Abyss players PCs were infected after a malicious update was pushed through the games launcher. The malware was identified by users antivirus products as 'Trojan:MSIL/UmbralStealer.DG!MTB' (Umbral Stealer), an infostealer capable of logging keystrokes, taking screenshots, and attempting to harvest sensitive information such as passwords and cryptocurrency-related data. The developers said they addressed the issue and apologized, describing it as an external malicious attack spread via the launcher update.

At least one individual March 18, 2026 • [ phishing, malware, social engineering ] Cyber fraudsters in Navi Mumbai impersonated Mahanagar Gas Limited officials and sent malicious WhatsApp files or links that compromised victims' phones and enabled unauthorized access to their bank accounts.

At least one KakaoTalk user March 16, 2026 • [ malware, account takeover, cyberattack ] Yonhap/The Korea Times reported a North Korea-linked group used stolen KakaoTalk accounts to distribute malware in recent cyberattacks, highlighting a new propagation tactic. Reporting said the threat actors compromise victims, gain access to KakaoTalk desktop accounts, and then use that trusted messaging channel to push malicious payloads to selected contacts.

An undislcosed organization March 12, 2026 • [ ransomware, social engineering, data theft ] IBM X-Force described a case where a threat actor remained on a compromised server for more than a week and stole data during an Interlock ransomware intrusion. The attack began with ClickFix social engineering and later deployed a PowerShell backdoor called Slopoly (likely AI-assisted), alongside other components such as NodeSnake and InterlockRAT. The article is a case-study/campaign description and does not name the victim organization or quantify the affected records beyond describing persistence and data theft.

Crunchyroll March 12, 2026 • [ data leak, malware, third-party risk ] The Record reported an unidentified threat actor claimed to have breached a Telus employee account in India (a business process vendor for Crunchyroll with access to support tickets). The attacker said they infected the employee device with malware and stole about 100GB of data from Crunchyrolls ticketing system. The outlet reported samples included IP addresses, email addresses, and other information related to customer service tickets. Screenshots showed access to Crunchyrolls platforms including Slack, Zendesk, and Google Workspace; the hacker claimed the breach occurred on March 12, 2026 and that access was revoked within 24 hours.

Undisclosed cryptocurrency organization March 9, 2026 • [ cryptocurrency, social engineering, cloud compromise ] The Hacker News reported (citing Google Cloud) that North Korea-linked UNC4899 conducted a sophisticated 2025 cloud compromise targeting an unnamed cryptocurrency organization, stealing millions in cryptocurrency. The intrusion began with social engineering that tricked a developer into downloading a malicious archive for a supposed open-source collaboration; the developer then transferred the file to a work device via AirDrop. After malicious Python code executed and a binary masquerading as kubectl ran, the attackers pivoted into the cloud environment and abused legitimate DevOps workflows to harvest credentials, escape container confines, and tamper with Cloud SQL databases to modify financial logic enabling theft. This is coded as a confirmed successful intrusion with financial theft.

Undisclosed telecom company in South America March 6, 2026 • [ cyberespionage, threat cluster, malware ] Cisco Talos reported a China-linked threat cluster tracked as UAT-9244 has targeted telecommunications infrastructure in South America since 2024, using multiple implants across Windows, Linux, and edge devices. The toolset described includes TernDoor (Windows), PeerTime (Linux), and BruteEntry (edge devices used for mass scanning and brute forcing services like SSH, Postgres, and Tomcat). The report describes tradecraft and malware but does not identify a single named victim organization or a bounded primary-effect incident suitable for a discrete event record.

Passaic County March 4, 2026 • [ malware, cyberattack, availability disruption ] Passaic County, New Jersey reported a malware attack that disrupted county IT systems and took down phone lines used across government offices. The county first announced the phone outage the morning of March 4 and later confirmed the same day that the outage was caused by a cyberattack. Officials said they were working with federal and state partners to investigate and contain the issue and would provide updates once resolved. No data theft, ransomware demand, or impacted record counts were disclosed in the public statement; the confirmed primary effect is availability disruption affecting communications and IT services.

Undisclosed Israeli individual smartphone March 1, 2026 • [ malware, phishing, spyware ] A trojanized fake Red Alert app delivered through spoofed SMS messages targeted Israeli users and, when installed, enabled theft of messages, contacts, location data, and other device information from affected smartphones.

Centre for Information Technologies of the State (CTIE) February 26, 2026 • [ malware, data leak, government ] CTIE detected malware on a system used to manage government mobile-device access and later said an external actor accessed device-holder information and device characteristics. The temporary loss of mobile access to internal state services resulted from CTIE isolating the affected system as a precaution.

Undisclosed Middle East entity February 24, 2026 • [ ransomware, cyberattack, data breach ] Symantec and Carbon Black linked Lazarus to a Medusa ransomware attack against an undisclosed Middle East entity; the same reporting noted an unsuccessful attempt against a U.S. healthcare organization, which is not coded here as a successful event.

OpenClaw / ClawHub ecosystem (AI assistant skills) â€“ multi-victim campaign February 19, 2026 • [ infostealer, AI assistant security, credential theft ] This TecMundo report describes security researchers warning about OpenClaw, a malware operation that, for the first time, is reported to specifically steal secrets tied to an AI assistant ecosystem (tokens/APIs/other assistant-related data). The article frames the activity as a broad distribution campaign (malicious skills/add-ons and infostealer behavior) that can compromise a victims digital identity by extracting authentication artifacts and credentials used to access accounts and services.

Local entities in the Cayman Islands (malicious PDF campaign) February 19, 2026 • [ phishing, malware, email security ] RCIPS warned that a malicious PDF was being sent to local entities from a compromised email address. The PDF contained a VIEW PDF link that, when clicked, installs malware; authorities stated they were already aware of some local systems being compromised because recipients clicked the embedded link. The public advisory provided guidance to treat unexpected PDFs as suspicious, avoid clicking the embedded link, and report incidents.

An undislosed cryptocurrency company February 10, 2026 • [ malware, cryptocurrency, AI-generated video ] BleepingComputer reported that North Korean threat actor UNC1069 ran tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector, with a financially motivated objective.

Cuero Chamber of Commerce January 26, 2026 • [ malware, social engineering, ClickFix ] The Cuero Chamber of Commerce reported a malware/social engineering incident affecting its web properties after a customer noticed suspicious activity in an email sent January 26. The chamber said users registering for an event were shown a CAPTCHA prompt and then instructed to press Windows+R and paste/run contentbehavior consistent with ClickFix social engineering designed to trick victims into executing malicious commands on their own devices. The chamber stated that the Cuero Development Corporation website was the only confirmed security breach and that significant data loss occurred, and it believed the malware was introduced via a third-party platform (Shopify) used for event registration. The chamber said it could not determine how many people or organizations were affected and implemented additional safeguards.

Viafier January 22, 2026 • [ malware, data leak, unauthorized access ] The Swiss rail operator Viafier Retica shut down its Vereina car-shuttle online ticket shop after discovering malware on the system. The organization stated that attackers likely accessed the web shop database, which may contain customer and employee contact details and hashed passwords. Users were advised to change passwords used on other services. The incident caused service disruption to online ticket sales while containment and investigation actions were undertaken.

At least one Afghan government worker January 20, 2026 • [ phishing, malware, data exfiltration ] The Record reported that attackers targeted Afghan government workers with phishing emails disguised as official correspondence from the office of the countrys prime minister. Researchers said the campaign, first detected in December, used a decoy document resembling a government letter (including a forged signature) to entice recipients in ministries/administrative offices to open it. Once opened, the document delivered malware dubbed FalseCub, designed to collect and exfiltrate data from infected computers. The report is focused on the campaign and malware behavior; it does not list specific compromised agencies, confirmed infection counts, or stolen data volumes, so impacts are coded as undetermined.

Search Results (malware)