Based Apparel
May 21, 2026
•[ malware, infostealer, social engineering ]
Based Apparel's merchandise website was compromised and used to present visitors with a fake Cloudflare-style verification prompt that attempted to trick macOS users into running commands that installed infostealer malware. Reporting described the malware as commodity infostealer/Trojan activity intended to steal credentials and passwords. The website was taken offline after the compromise was reported; no confirmed theft of Based Apparel data or visitor data was publicly reported.
Undisclosed Israeli individual smartphone
March 1, 2026
•[ malware, phishing, spyware ]
A trojanized fake Red Alert app delivered through spoofed SMS messages targeted Israeli users and, when installed, enabled theft of messages, contacts, location data, and other device information from affected smartphones.
At least one individual dowloading One Battle After Another torrent
November 12, 2025
•[ malware, trojan ]
This article summarizes Bitdefenders reporting on a malware distribution campaign that uses fake torrents claiming to contain a Leonardo DiCaprio film (One Battle After Another). The torrent bundle reportedly contains shortcut and script components that trigger a multi-stage infection chain leveraging PowerShell and other built-in Windows utilities, culminating in memory-resident deployment of the Agent Tesla remote access trojan
Knownsec
November 9, 2025
•[ data leak, cyber espionage, malware ]
According to coverage in The Register of research by Chinese blog MXRN, attackers breached the systems of Beijing linked security company Knownsec and leaked more than twelve thousand classified documents describing Chinese state cyber weapons, internal tools and global targeting lists, along with code for remote access trojans that can compromise major desktop and mobile operating systems; the cache also reportedly includes a spreadsheet of 80 successfully attacked overseas targets and massive datasets such as Indian immigration records, South Korean telecom call logs and Taiwanese road planning information that Knownsec had previously obtained in offensive operations, some of which were briefly published to GitHub before being removed.
Multiple Organizations in South Korea
February 6, 2025
•[ cryptomining, malware, trojan ]
ASEC analysis shows CoinMiner/XMRig variants delivered through trojanized removable media using DLL sideloading and PowerShell to mine cryptocurrency on compromised endpoints across Korea (the Republic of)n organizations.
sqgame.net
October 1, 2024
•[ supply chain attack, malware, backdoor ]
ScarCruft/INKY SQUID compromised Windows and Android components of the sqgame.net gaming platform serving ethnic Koreans in China's Yanbian region, trojanizing game files and update components with RokRAT and BirdCall backdoors. ESET estimated the compromise began in late 2024, with Android malware development beginning around October 2024 and Windows update components malicious since at least November 2024.
