Rene RobichaudJan 27

US charges 31 more suspects linked to ATM malware attacks
https://www.bleepingcomputer.com/news/security/us-charges-31-more-suspects-linked-to-atm-malware-attacks/

#Infosec #Security #Cybersecurity #CeptBiro #US #ATM #MalwareAttacks

US charges 31 more suspects linked to ATM malware attacks

A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua.

BleepingComputer
Anonymous ๐Ÿˆ๏ธ๐Ÿพโ˜•๐Ÿต๐Ÿด๐Ÿ‡ต๐Ÿ‡ธ Oct 3

Detour Dog just flipped the script!

The group once known for shady redirects is now pushing Strela Stealer via hacked WordPress sites + DNS TXT records.

90% of sites look normalโ€”until they quietly fetch malware. #MalwareAttacks #CyberSecurity https://thehackernews.com/2025/10/detour-dog-caught-running-dns-powered.html

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

Detour Dog used DNS TXT records and botnets to distribute Strela Stealer via StarFish backdoor.

The Hacker News
Anonymous ๐Ÿˆ๏ธ๐Ÿพโ˜•๐Ÿต๐Ÿด๐Ÿ‡ต๐Ÿ‡ธ Sep 9, 2025

๐Ÿšจ 20 npm packages with 2 BILLION+ weekly downloads (incl. chalk & debug) were hacked.

A maintainer was phished into giving up 2FA โ€” attackers slipped in malware that hijacks wallets & steals crypto. #CyberSecurity #MalwareAttacks https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

20 npm packages with 2B weekly downloads compromised after maintainer phishing led to crypto-stealing malware.

The Hacker News
Anonymous ๐Ÿˆ๏ธ๐Ÿพโ˜•๐Ÿต๐Ÿด๐Ÿ‡ต๐Ÿ‡ธ Jul 28, 2025

ICYMI โ€” A new variant of Coyote malware is now abusing Windows accessibility features to steal banking and crypto credentials.

It scans browser windows with UI Automation, targeting 75+ financial institutionsโ€”even offline. #MalwareAttacks #CyberSecurity https://thehackernews.com/2025/07/new-coyote-malware-variant-exploits.html

New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials

Coyote malware uses Windows UI Automation to target 75 banks and crypto sites in Brazil, risking credential theft.

The Hacker News
Anonymous ๐Ÿˆ๏ธ๐Ÿพโ˜•๐Ÿต๐Ÿด๐Ÿ‡ต๐Ÿ‡ธ Jun 13, 2025

Over 269,000 legit websites hijacked with hidden JavaScript redirecting search engine visitors to malware and scams.

Using a stealthy JSFireTruck obfuscation, attackers fingerprint devices to serve fake CAPTCHAs, tech support scams, and malwareโ€”evading detection at scale.
#CyberSecurity #MalwareAttacks https://thehackernews.com/2025/06/over-269000-websites-infected-with.html

Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

Over 269K sites infected with JSFireTruck malware in one month, redirecting visitors to scams and malware.

The Hacker News
Anonymous ๐Ÿˆ๏ธ๐Ÿพโ˜•๐Ÿต๐Ÿด๐Ÿ‡ต๐Ÿ‡ธ May 28, 2025

Cybercriminals have entered the AI gold rush to spread malware. Fake AI video generators are tempting users and stealing their data.

#cybercrime #cybersecurity #AI #MalwareAttacks https://cybernews.com/security/ai-video-generator-phishing-malware/?utm_source=cn_twitter&utm_medium=social&utm_campaign=cybernews&utm_content=tweet&source=cn_twitter&medium=social&campaign=cybernews&content=tweet

Anonymous ๐Ÿˆ๏ธ๐Ÿพโ˜•๐Ÿต๐Ÿด๐Ÿ‡ต๐Ÿ‡ธ May 25, 2025
#Bumblebee malware SEO poisoning campaign uncovered earlier this week aimpersonating RVTools is using more typosquatting domainsi mimicking other popular open-source projects to infect devices used by IT staff. #MalwareAttacks #CyberSecurity https://www.bleepingcomputer.com/news/security/bumblebee-malware-distributed-via-zenmap-winmrt-seo-poisoning/
Fake Zenmap. WinMRT sites target IT staff with Bumblebee malware

The Bumblebee malware SEO poisoning campaign uncovered earlier this week aimpersonating RVTools is using more typosquatting domainsi mimicking other popular open-source projects to infect devices used by IT staff.

BleepingComputer
Anonymous ๐Ÿˆ๏ธ๐Ÿพโ˜•๐Ÿต๐Ÿด๐Ÿ‡ต๐Ÿ‡ธ May 5, 2025

New malware drop from Golden Chickens: TerraStealerV2 steals browser logins, crypto wallets, and extensions, while TerraLogger silently records keystrokes.

๐Ÿ“ฆ Spread via EXE, MSI, LNK, OCX
๐Ÿ“ค Sends data to Telegram + shady domain
#cybersecurity #MalwareAttacks
https://thehackernews.com/2025/05/golden-chickens-deploy-terrastealerv2.html

Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data

Golden Chickens launch TerraStealerV2 and TerraLogger; both still developing but actively steal data via OCX payloads.

The Hacker News
Anonymous ๐Ÿˆ๏ธ๐Ÿพโ˜•๐Ÿต๐Ÿด๐Ÿ‡ต๐Ÿ‡ธ Apr 30, 2025

New #CyberAttackAlert!

Senior members of the World Uyghur Congress were targeted by malware hidden in a fake UyghurEdit++ app, Citizen Lab reports (Mar 2025).

โ€” Custom-made spyware
โ€” Links to China
โ€” Started as early as May 2024
#MalwareAttacks https://thehackernews.com/2025/04/malware-attack-targets-world-uyghur.html

Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool

Custom malware hidden in UyghurEdit++ targeted WUC leaders since May 2024, exposing Uyghur diaspora surveillance links to China.

The Hacker News
Anonymous ๐Ÿˆ๏ธ๐Ÿพโ˜•๐Ÿต๐Ÿด๐Ÿ‡ต๐Ÿ‡ธ Apr 15, 2025

โš ๏ธ UNC5174 (aka Uteus), tied to China, is quietly breaching Linux & macOS systems using SNOWLIGHT malware + a fake Cloudflare app (VShell).

๐Ÿ” Targets: 20+ nations | Sectors: Gov, finance, defense
๐Ÿ›  Tactics: Open-source tools, fileless payloads, fake authenticator apps
๐Ÿ‘€ Risk: Remote control, in-memory attacks, hard-to-trace
#MalwareAttacks #CyberSecurity
https://thehackernews.com/2025/04/chinese-hackers-target-linux-systems.html

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

UNC5174 uses SNOWLIGHT and VShell to target Linux and macOS systems, exploiting Ivanti flaws for remote control.

The Hacker News