MuddyWater usa il ransomware Chaos come falsa bandiera: l’Iran maschera lo spionaggio di Stato da cybercrime

https://insicurezzadigitale.com/muddywater-usa-il-ransomware-chaos-come-falsa-bandiera-liran-maschera-lo-spionaggio-di-stato-da-cybercrime/

From Venture Beat: "One command turns any open-source repo into an #AI #agent #backdoor. #OpenClaw proved no supply-chain scanner has a detection category for it"

#Security #OpenSource

https://venturebeat.com/security/one-command-open-source-repo-ai-agent-backdoor-openclaw-supply-chain-scanner

Un nuovo malware Linux punta dove fa più male
#quasarlinux è il nuovo nome da tenere d'occhio nel panorama #malware I ricercatori lo descrivono come un impianto modulare per sistemi #linux capace di combinare #backdoor #rootkit e furto di credenziali. Il bersaglio non è un utente generico:sono ambienti DevOps, repository, server di build e macchine che spesso hanno accesso a segreti molto più preziosi di un singolo account
#UnoLinux #gnulinux #gnulinuxitalia #linuxitalia

https://www.tomshw.it/hardware/malware-linux-sviluppatori-quasar

🚨 NEWS: Allarme Daemon Tools: Un Attacco alla Supply Chain Ha Compromesso il Popolare Software per Dischi Virtuali

Ecco i punti chiave in breve:
💡 Un grave attacco informatico mirato alla supply chain ha colpito Daemon Tools, il noto software per emulare unità CD e DVD virtuali, compromettendone gli aggiornamenti per oltre un...

🚀 LINK: https://meteoraweb.com/news/allarme-daemon-tools-un-attacco-alla-supply-chain-ha-compromesso-il-popolare-software-per-dischi-virtuali

#malware #sicurezza #supplyChain #attaccoInformatico #backdoor

DAEMON Tools installers were trojanized in a supply-chain attack, delivering a backdoor to thousands of systems worldwide since April 8 🌐
The malware affected versions 12.5.0.2421–12.5.0.2434, targeting high-value organizations and enabling remote code execution via compromised binaries 🛡️

🔗 https://www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/

#TechNews #Daemon #DAEMONTools #Malware #Security #Microsoft #Windows #Backdoor #Attack #Threat #CyberSecurity #Software #InfoSec #Hacking #Safety #Digital #Computing #Protection

🚨 NEWS: La Minaccia Gemella: Supply Chain e Dati degli Studenti nel Mirino dei Cybercriminali

Ecco i punti chiave in breve:
💡 Il panorama della cybersecurity globale vive un momento di tensione senza precedenti. Due distinti attacchi informatici, resi noti nelle ultime ore, delineano una strategia aggress...

🚀 LINK: https://meteoraweb.com/news/la-minaccia-gemella-supply-chain-e-dati-degli-studenti-nel-mirino-dei-cybercriminali

#sicurezzaInformatica #supplyChain #attaccoInformatico #backdoor #datiStudenti

Popular DAEMON Tools software compromised

Since April 8, 2026, installers of DAEMON Tools software have been compromised with malicious payloads distributed through the legitimate website. Versions 12.5.0.2421 to 12.5.0.2434 contain trojaned binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe) signed with legitimate developer certificates. The attack has affected thousands of systems across over 100 countries, though advanced payloads were selectively deployed to approximately a dozen machines in government, scientific, manufacturing, and retail organizations. Initial infection establishes backdoor communications to typosquatted domains, followed by deployment of an information collector for system profiling. Targeted systems receive additional implants including a minimalistic backdoor and QUIC RAT. Chinese-language strings found in malicious components suggest a Chinese-speaking threat actor. The attack remains active at time of publication, demonstrating sophisticated supply chain compromise techniques comparable to the 2023 3CX ...

Pulse ID: 69f9fd6e0328f7a1be1faa20
Pulse Link: https://otx.alienvault.com/pulse/69f9fd6e0328f7a1be1faa20
Pulse Author: AlienVault
Created: 2026-05-05 14:23:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Chinese #CyberSecurity #Government #InfoSec #Mac #Manufacturing #Nim #OTX #OpenThreatExchange #RAT #SupplyChain #Trojan #bot #AlienVault

UAT-8302 and its box full of malware

UAT-8302 is a sophisticated China-nexus advanced persistent threat group targeting government entities in South America since late 2024 and southeastern Europe in 2025. The actor deploys multiple custom-made malware families including NetDraft, a .NET-based backdoor variant of FinalDraft/SquidDoor, and CloudSorcerer version 3. Post-compromise activities involve extensive reconnaissance, credential extraction, information collection from Active Directory, and network proliferation using tools like Impacket. The group establishes persistence through scheduled tasks and deploys additional malware including VSHELL, SNAPPYBEE/DeedRAT, and ZingDoor. UAT-8302 demonstrates connections to several China-nexus threat clusters through shared tooling, including Draculoader and SNOWLIGHT stager. The actor uses legitimate services like MS Graph and OneDrive for command-and-control infrastructure and establishes backdoor access through proxy servers using tools written in Simplified Chinese.

Pulse ID: 69f9f99c0dc1060430bf089e
Pulse Link: https://otx.alienvault.com/pulse/69f9f99c0dc1060430bf089e
Pulse Author: AlienVault
Created: 2026-05-05 14:07:24

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #China #Chinese #Cloud #CyberSecurity #DRat #EDR #EasternEurope #Europe #Government #InfoSec #Malware #NET #OTX #OpenThreatExchange #Proxy #RAT #RCE #SouthAmerica #bot #AlienVault

Irgendwie habe ich das verpennt. Bisher scheint es auch "nur" Mac-Computer mit Brave und User:in, die/der KI verwendet zu betreffen.

" Laut Anthropics eigenen Aussagen können etwa Browser-Tabs mit den Log-in-Informationen ‼️ der User genutzt werden. Von diesen Webseiten kann die KI zudem, Daten extrahieren und sie lokal mit den Rechten der angemeldeten Person speichern."

https://www.golem.de/news/ki-auf-dem-computer-claude-desktop-app-installiert-ungefragt-backdoor-2604-207804.html

#KI = Konto-Invaasion?
#Backdoor #Trojaner

A rigged game: compromises gaming platform in a supply-chain attack

North Korea-aligned APT group ScarCruft executed a multiplatform supply-chain attack targeting ethnic Koreans in China's Yanbian region, an area significant for North Korean refugees and defectors. Since late 2024, the group compromised a video gaming platform dedicated to Yanbian-themed games, trojanizing both Windows and Android components with the BirdCall backdoor. The Windows client received malicious updates leading to RokRAT and subsequently BirdCall deployment, while Android games were directly trojanized. This marks the first discovery of Android BirdCall, capable of comprehensive surveillance including data collection, screenshots, and voice recording. The campaign focuses on espionage against individuals of interest to the North Korean regime, particularly refugees and defectors.

Pulse ID: 69f9c539da459757922d22d8
Pulse Link: https://otx.alienvault.com/pulse/69f9c539da459757922d22d8
Pulse Author: AlienVault
Created: 2026-05-05 10:23:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #BackDoor #China #CyberSecurity #Espionage #InfoSec #Korea #NorthKorea #OTX #OpenThreatExchange #RAT #ScarCruft #Trojan #Windows #bot #AlienVault