SeaFlower Targets Web3 Wallets to Steal Seed Phrases

SeaFlower is a sophisticated malware campaign targeting Web3 users by
distributing backdoored clones of popular crypto wallet apps on iOS and
Android.

Pulse ID: 69a455acb4e3f7202906cacb
Pulse Link: https://otx.alienvault.com/pulse/69a455acb4e3f7202906cacb
Pulse Author: cryptocti
Created: 2026-03-01 15:05:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #BackDoor #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #Web3 #bot #iOS #cryptocti

WIR suchen #Juristen, die schon Prozesse wegen „Verstoß gegen State of the Art“ geführt und gewonnen haben!

These: #Microsoft verstößt seit vielen Jahren gegen den State of the Art in Sachen #IT-Security.

Ein wichtiger Aspekt, Security-by-Design, ist bei vielen Nicht-EU-Herstellern ein Fremdwort.

Jede #Hardware und jede #Software, die mit #Backdoor ausgeliefert wird verstößt daher gegen „Secure-by-Design“, und damit auch gegen den State of the Art.

Weitere Infos:
https://digitalefreiheitbayern.eu/2026/717/

Malicious Go 'crypto' Module Steals Passwords and Deploys Rekoobe Backdoor

Pulse ID: 69a4168a6fd22a638e9ef349
Pulse Link: https://otx.alienvault.com/pulse/69a4168a6fd22a638e9ef349
Pulse Author: Tr1sa111
Created: 2026-03-01 10:35:54

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Password #Passwords #Word #bot #Tr1sa111

Malicious Go Crypto Module Deploys Rekoobe Backdoor to Steal Passwords

Recently discovered malicious Go package posing as a legitimate cryptography library.

Pulse ID: 69a37667f4e3ff45772ae0de
Pulse Link: https://otx.alienvault.com/pulse/69a37667f4e3ff45772ae0de
Pulse Author: cryptocti
Created: 2026-02-28 23:12:39

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Password #Passwords #Word #bot #cryptocti

｢ Google suspects the payload was named xapt, after the command-line tool in Debian and Ubuntu systems, to make it easier to hide in the victim's environment and look like a legitimate tool ｣

#cybersecurity #linux #backdoor https://www.theregister.com/2026/02/25/google_and_friends_disrupt_unc2814/

Sophisticated SeaFlower Backdoor Campaign Targets Web3 Wallets to Steal Seed Phrases

Pulse ID: 69a19e81f6cc5cc8383617ab
Pulse Link: https://otx.alienvault.com/pulse/69a19e81f6cc5cc8383617ab
Pulse Author: CyberHunter_NL
Created: 2026-02-27 13:39:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Web3 #bot #CyberHunter_NL

How SeaFlower 藏海花 installs backdoors in iOS/Android web3 wallets to steal your seed phrase

Confiant’s research team has uncovered a new type of malicious activity targeting web3 wallet users, which it believes is the most technically sophisticated threat to the web, and which has Chinese roots.

Pulse ID: 69a19eaa52a9aa28533b5209
Pulse Link: https://otx.alienvault.com/pulse/69a19eaa52a9aa28533b5209
Pulse Author: CyberHunter_NL
Created: 2026-02-27 13:39:54

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #BackDoor #Chinese #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Web3 #bot #iOS #CyberHunter_NL

New Dohdoor malware campaign targets education and health care

A malicious campaign by threat actor UAT-10027 has been targeting education and healthcare sectors in the United States since December 2025. The campaign utilizes a new backdoor called Dohdoor, which employs DNS-over-HTTPS for stealthy command-and-control communications and can download and execute payloads reflectively. The multi-stage attack chain likely begins with phishing emails, followed by PowerShell scripts, batch files, and DLL sideloading techniques. Dohdoor uses various evasion methods, including API obfuscation, encrypted communications, and EDR bypasses. The campaign's infrastructure leverages Cloudflare services for stealth. While some techniques overlap with North Korean APT groups, the targeting differs from their typical focus.

Pulse ID: 69a1649bf2952cacd54d98fb
Pulse Link: https://otx.alienvault.com/pulse/69a1649bf2952cacd54d98fb
Pulse Author: AlienVault
Created: 2026-02-27 09:32:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Cloud #CyberSecurity #DNS #EDR #Education #Email #HTTP #HTTPS #Healthcare #InfoSec #Korea #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #PowerShell #SideLoading #UnitedStates #bot #AlienVault

Henry IV, Hotspur, Hal, and hallucinations

This article draws parallels between Shakespeare's Henry IV and modern cybersecurity challenges, particularly focusing on the adoption of AI. It emphasizes the importance of taking calculated risks, learning from failures, and surrounding oneself with knowledgeable peers. The piece also highlights a new campaign by UAT-10027 using the 'Dohdoor' backdoor, which leverages DNS-over-HTTPS for stealthy communications and targets education and healthcare sectors in the US. The author encourages security teams to stay vigilant, update detection tools, and monitor for unusual activities to combat sophisticated threats.

Pulse ID: 69a0dfeb9760c4f36290ec61
Pulse Link: https://otx.alienvault.com/pulse/69a0dfeb9760c4f36290ec61
Pulse Author: AlienVault
Created: 2026-02-27 00:06:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #BackDoor #CyberSecurity #DNS #ELF #Edge #Education #HTTP #HTTPS #Healthcare #InfoSec #OTX #OpenThreatExchange #bot #AlienVault

Malicious Go 'crypto' Module Steals Passwords and Deploys Rekoobe Backdoor

A malicious Go module impersonating the legitimate golang.org/x/crypto has been discovered, containing a backdoor in ssh/terminal/terminal.go. This module captures passwords, exfiltrates them, and executes remote commands. The attack chain includes a Linux stager that installs an SSH key for persistence, weakens firewall settings, and deploys a Rekoobe backdoor. The campaign targets high-trust cryptography libraries and likely aims at cloud environments. The threat actor uses GitHub for staging and disguises payloads as media files. This sophisticated supply chain attack highlights the need for careful scrutiny of Go module changes and implementation of robust security measures in development workflows.

Pulse ID: 69a1276fbef301b2eb97cd94
Pulse Link: https://otx.alienvault.com/pulse/69a1276fbef301b2eb97cd94
Pulse Author: AlienVault
Created: 2026-02-27 05:11:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Cloud #CyberSecurity #GitHub #Golang #InfoSec #Linux #OTX #OpenThreatExchange #Password #Passwords #RAT #Rust #SSH #SupplyChain #Word #bot #AlienVault