Search Results for "malware"

Iberia Airlines January 7, 2026 • [ infostealer, malware, credential theft ] TechRadar and HackRead summarized Hudson Rock research describing a campaign in which an actor using the alias Zestix (aka Sentap) leveraged credentials harvested by infostealer malware (e.g., RedLine, Lumma, Vidar) to access corporate cloud instances where multi-factor authentication was not enforced. Reporting stated the attacker obtained and attempted to auction or sell large volumes of sensitive corporate files from roughly 50 enterprises worldwide, with at least one victim reportedly losing on the order of 139GB of data. Specific victim impacts vary by organization, and the timing of initial credential theft was not fully specified.

At least one hospitality company in Europe January 5, 2026 • [ phishing, malware, unauthorized access ] The article reports that Russian-linked threat actors targeted European hospitality companies using phishing emails masquerading as booking inquiries. Victims who opened the attachments triggered malware that displayed a fake blue screen while enabling unauthorized access to internal systems.

At least one government official January 1, 2026 • [ espionage, phishing, surveillance tools ] A Mustang Panda espionage campaign (late Dec 2025 to mid-Jan 2026) using fake diplomatic briefing documents to trick high-level targets into installing surveillance tools. It does not provide a single named victim organization with a confirmed primary effect suitable for one incident record; it is campaign-level reporting.

Undisclosed UK Construction Firm January 1, 2026 • [ malware, botnet, cryptojacking ] eSentire TRU finds that a UK construction firm discovered Prometei malware on a Windows Server in January 2026. Researchers assessed initial access likely occurred via Remote Desktop Protocol using guessed weak/default credentials. Once inside, Prometei established persistence (service UPlugPlay and file sqhost.exe), downloaded an encrypted payload (zsvc.exe), routed traffic through TOR, and used Mimikatz (labelled miWalk) to steal passwords across the network. The report described Prometei as a Russia-linked botnet used for Monero mining and credential theft, and did not describe customer data exposure or service shutdown.

At least one PT Taspen customer January 1, 2026 • [ scam, phishing, malware ] The online scam involving PT Taspen, which involved sending APK files to retirees, represents an increasingly structured and dangerous form of cybercrime, particularly as it involves the specific exploitation of personal data. The malicious APK applications sent to victims were designed to resemble official PT Taspen apps and were used to trick users into unknowingly granting access to various sensitive elements on their Android devices.

Passenger ferry owned by GNV December 17, 2025 • [ malware, foreign interference, sabotage ] French authorities reported that the passenger ferry 'Fantastic' (operated by Italian shipping company Grandi Navi Veloci, GNV) was infected with malware while docked in the port of Ste, France. Officials stated the malware could have enabled the ship to be remotely controlled, prompting an investigation into possible foreign interference. Prosecutors said a Latvian national was arrested and charged after the malware was discovered.

The Minersville School District December 15, 2025 • [ malware ] Minersville Area School District reported a cybersecurity incident after security tools detected attempts to install malware on certain district systems on Monday, December 15, 2025. As a precaution, the district took its computer network offline to contain any potential infection and engaged cybersecurity specialists to investigate the activity, validate system integrity, and plan a safe restoration. The network shutdown disrupted district operations and led to the closure of schools on Tuesday, December 16, 2025. Public reporting did not confirm whether data was accessed or exfiltrated, and the incident was described primarily as a malware-install attempt and precautionary outage.

Undetermined government and diplomatic entities (Oman, Morocco, Palestinian Authority) December 12, 2025 • [ malware, information theft, espionage ] The Record summarized threat-intelligence reporting alleging a Hamas-affiliated group (called Ashen Lepus) used malware-laden documents to compromise multiple government and diplomatic entities tied to Oman, Morocco, and the Palestinian Authority, including a malware strain referred to as AshTag used for information theft.

China Xinchuang Initiative (at least one affiliated organization) December 9, 2025 • [ phishing, malware, espionage ] Security researchers reported a spear-phishing and malware campaign attributed to APT32 that successfully compromised at least one organization within Chinas Xinchuang Initiative IT ecosystem, resulting in unauthorized access for espionage purposes.

Apex Spine and Neurosurgery December 9, 2025 • [ unauthorized access, malware, ransomware ] An unauthorized actor accessed part of Apex Spine and Neurosurgerys computer network, copied files, and deployed malware that locked files on computer systems. The practice said the incident affected 2,500 individuals.

ATM in Tyler, TX December 1, 2025 • [ malware, jackpotting, financial crime ] Court documents alleged three Dallas men installed malware on a Tyler ATM as part of a financial jackpotting scheme.

Milano Ristorazione November 24, 2025 • [ ransomware, malware ] On November 24, 2025, Milano Ristorazione experienced operational malfunctions caused by a LockBit 5.0 malware infection impacting internal systems. The disruption affected catering and restaurant service operations and triggered an investigation by authorities. No data theft or encryption was reported.

At least one Andorid user in Latin America November 12, 2025 • [ malware, ransomware, phishing ] The Record described a newly identified Android malware/ransomware campaign (DroidLock) distributed through phishing websites that trick users into installing fake apps and then lock devices behind a ransom message. The reporting focuses on a broad campaign targeting Spanish-speaking users rather than a single named victim organization with a discrete primary effect suitable for this datasets event unit. Because there is no specific victim organization, confirmed disruption window, or bounded impact scope for one entity, it is not coded here as an individual cyber event record.

At least one individual dowloading One Battle After Another torrent November 12, 2025 • [ malware, trojan ] This article summarizes Bitdefenders reporting on a malware distribution campaign that uses fake torrents claiming to contain a Leonardo DiCaprio film (One Battle After Another). The torrent bundle reportedly contains shortcut and script components that trigger a multi-stage infection chain leveraging PowerShell and other built-in Windows utilities, culminating in memory-resident deployment of the Agent Tesla remote access trojan

Knownsec November 9, 2025 • [ data leak, cyber espionage, malware ] According to coverage in The Register of research by Chinese blog MXRN, attackers breached the systems of Beijing linked security company Knownsec and leaked more than twelve thousand classified documents describing Chinese state cyber weapons, internal tools and global targeting lists, along with code for remote access trojans that can compromise major desktop and mobile operating systems; the cache also reportedly includes a spreadsheet of 80 successfully attacked overseas targets and massive datasets such as Indian immigration records, South Korean telecom call logs and Taiwanese road planning information that Knownsec had previously obtained in offensive operations, some of which were briefly published to GitHub before being removed.

Abraham Andreu's computer (part of Andromeda botnet) November 6, 2025 • [ botnet, malware ] A ComputerHoy journalist describes deliberately infecting a Windows PC in 2025 with the Andrmeda malware, which enrolls machines into a botnet so attackers can download additional payloads and execute arbitrary files remotely. The piece walks through how the author obtained the malware sample, how the infection behaves on the system, the use of Spains INCIBE antibotnet service and security tools to detect and remove Andrmeda, and what readers should do if they discover their own devices are part of the botnet. This is a self-inflicted test infection rather than an unsolicited attack on an organization.

Nikkei November 4, 2025 • [ malware, data leak ] Japanese media conglomerate Nikkei disclosed on 4 November 2025 that attackers had compromised its Slack messaging environment after malware on an employee's computer stole authentication credentials, which were then used to access multiple Slack accounts. The breach, discovered in September, exposed data for 17,368 employees and business partners, including their names, email addresses and chat histories. Nikkei forced password resets, reported the incident to Japan's Personal Information Protection Commission despite believing the stolen data falls outside formal reporting rules, and said no information related to confidential journalistic sources or reporting activities has been confirmed leaked.

Tisza Party App November 4, 2025 • [ data leak, malware ] Ahead of Hungarys 2026 parliamentary elections, opposition leader Pter Magyar said a malware-based cyberattack against his TISZA partys mobile application led to the illegal leak of his supporters personal data. Pro-government media reported that a database of roughly 200,000 names from the app, containing users names, email and postal addresses and phone numbers, was briefly published online before being taken down. Magyar alleges that international cyber pirates backed by Russian services have been attacking his systems for months to intimidate supporters and hinder planned primary elections on the app, prompting the party to move the vote to a different website.

Gen Digital November 3, 2025 • [ spear-phishing, malware, backdoor ] Gen Digital reported that the North Korea-linked Kimsuky group used spear-phishing emails carrying a fake VPN invoice ZIP archive to compromise at least one South Korean victim and deploy a new HttpTroy backdoor. Execution of the malicious SCR file launches a three-stage chain (dropper, MemLoad loader and HttpTroy DLL) that displays a decoy PDF while silently establishing persistence via a scheduled task masquerading as an AhnLab update. HttpTroy then connects to a remote command-and-control server and gives the attackers full remote-access capabilities, including file transfer, command execution, reverse shell, process control and screenshot capture.

At least one Belgian diplomat October 31, 2025 • [ cyber-espionage, spear-phishing, vulnerability ] Arctic Wolf Labs and other researchers detailed a Chinese state-aligned cyber-espionage campaign in which UNC6384 targeted European diplomatic entities, notably in Hungary and Belgium, between September and October 2025. The group sent spear-phishing emails referencing real EU and NATO events that carried malicious Windows shortcut (.LNK) files exploiting the ZDI-CAN-25373 (CVE-2025-9491) vulnerability to execute obfuscated PowerShell, unpack a signed Canon utility and side-load a PlugX remote access trojan. The resulting implants, communicating over HTTPS to attacker-controlled domains, provide long-term access for reconnaissance, keylogging, command execution and collection of sensitive diplomatic documents and credentials aligned with PRC strategic intelligence priorities.

Search Results (malware)