Oldies are still goodies: It didn't take me long to find a #trojanized pirated TV show #Torrent on a public torrent search engine.

Tell your friends: This is why it's sometimes dangerous to pirate stuff.

The torrent delivers a rar that contains a #Rhadamanthys #infostealer #malware DLL. The package also contains a benign executable that uses the familiar VLC Player traffic-cone icon. It looks like a TV show file, but it's way too small at only 970kb. Double-clicking the benign executable loads the malware DLL.

Rhadamanthys is the same malware family that Europol put out a press release about last month. Maybe it was down for a while, but it seems it's not out --yet.

The bogus torrent leverages strong interest in the streaming TV show Pluribus as its lure.

https://www.europol.europa.eu/media-press/newsroom/news/end-of-game-for-cybercrime-infrastructure-1025-servers-taken-down

https://www.virustotal.com/gui/file/a11f4f6270b44992837a3f3869397c00fc19176c673abd15edbda39e45227fd5/details

Self-Replicating Worm Affected Several Hundred #NPM Packages, Including CrowdStrike's -Slashdot

The Shai-Hulud #malware campaign impacted across multiple maintainers, reports #KoiSecurity , including popular libraries like @ctrl/tinycolor & some packages maintained by #CrowdStrike.

Malicious versions embed a #trojanized script (bundle.js) designed to steal developer #credentials, exfiltrate secrets, and persist in repositories and endpoints through automated workflows

https://it.slashdot.org/story/25/09/20/0542237/self-replicating-worm-affected-several-hundred-npm-packages-including-crowdstrikes?utm_source=rss1.0mainlinkanon&utm_medium=feed

New #Android #spyware is targeting #Russian #military personnel on the front lines - Ars Technica

#Trojanized #mapping app steals users' #locations , #contacts , and more.
#trojan #security #privacy #malware #russia

https://arstechnica.com/security/2025/04/russian-military-personnel-on-the-front-lines-targeted-with-new-android-spyware/

Trojanized jQuery Packages found on npm, GitHub and jsDelivr Code Repositories.  

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub and jsDelivr in what appears to be an instance of a "complex and persistent" supply chain attack.

https://blog.phylum.io/persistent-npm-campaign-shipping-trojanized-jquery/

#trojanized #jquery #npm #github #jsdelivr #repositories #it #security #privacy #java #programming #tech #technology #engineering #news

Trojanized Signal and Telegram apps on Google Play delivered spyware
https://www.bleepingcomputer.com/news/security/trojanized-signal-and-telegram-apps-on-google-play-delivered-spyware/

Chinese GREF APT distributes spyware via trojanized Signal and Telegram apps on Google Play and Samsung Galaxy stores
https://securityaffairs.com/150097/hacking/trojanized-signal-telegram-apps-google-play.html

#trojanized #Signal #Telegram #spyware #SignalPlus

Facebook accounts hijacked by new malicious ChatGPT Chrome extension

A #trojanized version of the legitimate #ChatGPT #extension for #Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts.

The extension is a copy of the legitimate popular add-on for Chrome named "#ChatGPT for #Google" that offers ChatGPT integration on search results.

However, this malicious version includes additional code that attempts to #steal #Facebook #session #cookies.

https://www.bleepingcomputer.com/news/security/facebook-accounts-hijacked-by-new-malicious-chatgpt-chrome-extension/