Malware – Page 22 – MCYSEKA-Maritime Cyber Security Knowledge Archive

Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware

Experts found 77 malicious Android apps with 19M+ installs on Google Play, spreading malware, including the Anatsa (TeaBot) banking trojan. While investigating Anatsa (Tea Bot) banking trojan infections, Zscaler’s ThreatLabs discovered seventy-seven malicious Android apps with more than 19 million installs. Several Anatsa decoy apps have each been downloaded more than 50,000 times. The malicious apps […]

August 25, 2025

0 comment

Fake Voicemail Emails Installs UpCrypter Malware on Windows

FortiGuard Labs warns of a global phishing campaign that delivers UpCrypter malware, giving hackers complete control of infected…

August 25, 2025

0 comment

Proxyware Malware Poses as YouTube Video Download Site, Delivering Malicious JavaScript

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a persistent campaign where attackers distribute proxyware malware through fake YouTube video download pages. This operation, which mimics legitimate video downloadi…

August 25, 2025

0 comment

Fake macOS help sites push Shamos infostealer via ClickFix technique

Criminals are taking advantage of macOS users’ need to resolve technical issues to get them to infect their machines with the Shamos infostealer, Crowdstrike researchers have warned. To prevent macOS security features from blocking the installati…

August 25, 2025

0 comment

Anatsa Android Banking Trojan Now Targeting 830 Financial Apps

The Anatsa Android banking trojan has expanded its target list to new countries and more cryptocurrency applications.
The post Anatsa Android Banking Trojan Now Targeting 830 Financial Apps appeared first on SecurityWeek.

August 25, 2025

0 comment

Unmasking KorPlug Malware: TTPs, Control Flow, and Exposed IOCs

As part of the ongoing analysis of the KorPlug malware family, this second installment focuses on the complex second-stage payload, expanding on earlier discoveries of DLL side-loading methods that use legitimate programs to execute code initially. The…

August 25, 2025

0 comment

Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign

APT36 uses Linux .desktop files in new attacks on Indian gov & defense, aiming for data theft and persistent espionage access. Transparent Tribe (aka APT36, Operation C-Major, and Mythic Leopard), a Pakistan-linked threat actor, is using Linux .desktop files to load malware in new attacks against government and defense entities in India. The APT group […]

August 25, 2025

0 comment

Android.Backdoor.916.origin malware targets Russian business executives

New Android spyware Android.Backdoor.916.origin is disguised as an antivirus linked to Russia’s intelligence agency FSB, and targets business executives. Doctor Web researchers observed a multifunctional backdoor Android.Backdoor.916.origin targeting Android devices belonging to representatives of Russian businesses. The malware executes attacker commands, enabling surveillance, keylogging, and theft of chats, browser data, and even live camera/audio streams. […]

August 25, 2025

0 comment

Electronics manufacturer Data I/O took offline operational systems following a ransomware attack

Electronics manufacturer Data I/O reports a ransomware attack to SEC, the company was forced to take offline operational systems. Electronics manufacturer Data I/O reported a ransomware attack to the US Securities and Exchange Commission (SEC). The company was forced to take offline operational systems following the attack. Data I/O is a leading provider of manual […]

August 25, 2025

0 comment

IoT under siege: The return of the Mirai-based Gayfemboy Botnet

Mirai-based Gayfemboy botnet resurfaces, evolving to target systems worldwide; Fortinet researchers provided details about the new campaign. FortiGuard Labs researchers tracked a new Gayfemboy botnet campaign, the malware exploits known flaws in DrayTek, TP-Link, Raisecom, and Cisco, showing evolved tactics and renewed activity. The Gayfemboy botnet was first identified in February 2024, it borrows the […]

August 24, 2025

0 comment

1 … 20 21 22 23 24 … 272

M	T	W	T	F	S	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30