Malware | KITEFALL

New Detection Methods Uncovered for Outlook NotDoor Backdoor Malware 2025-11-17 15:22 GBHackers Cybersecurity researchers have unveiled comprehensive detection methodologies for NotDoor, a sophisticated backdoor malware that leverages Microsoft Outlook macros for covert command and control operations. The malware, attributed to the Russian state- …
Researchers Detailed Techniques to Detect Outlook NotDoor Backdoor Malware 2025-11-17 14:20 Cyber Security News Outlook NotDoor backdoor malware first appeared in threat campaigns identified by Lab52, the intelligence arm of Spanish firm S2 Grupo. Linked to APT28/Fancy Bear, NotDoor leverages malicious Outlook macros for persistent access and data theft. …
Europol’s Operation Endgame Dismantles Malware Networks, US Firms Remain Vulnerable 2025-11-17 14:04 WebProNews Endgame Unleashed: Europol’s Cyber Siege on Malware Empires and the Lingering Threat to American Enterprise In the shadowy underbelly of global cybercrime, where digital predators lurk behind encrypted servers and stolen credentials, a multinational law …
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes 2025-11-17 12:28 CSO The final payload (BeaverTail) showed previously seen capabilities, including “usage of Axioms as embedded HTTP client, enumeration and exfiltration of system information, searching browser profiles and extension directories for sensitive data, and …
Malware detected 2025-11-17 08:00 Bangalore Mirror 2 back-to-back scams reveal how cybercrime operators are setting up shop in Karnataka Karnataka is emerging as a launchpad for global cyber fraud networks, investigators say, with two major rackets, one in Bengaluru and another in Belagavi, busted within …
Google warns new AI-powered malware thinks and rewrites its own code 2025-11-17 06:34 Bangkok Post The Google Threat Intelligence Group (GTIG) has released a report detailing a significant shift in cybersecurity, noting that hackers are no longer just using AI for assistance or writing code but are integrating it into malware. This allows the malware …
North Korea’s most dangerous weapon isn’t a missile. It’s malware 2025-11-16 23:14 The Straits Times As South Korea celebrates its first nuclear-powered submarine – a prestigious milestone symbolising its rising stature in regional security matters – one question looms large: do its cyber defences need similar fortification? While Seoul has built up a …
TikTok malware scam tricks you with fake activation guides 2025-11-16 13:36 Fox News Fox News Flash top headlines are here. Check out whats clicking on Foxnews.com. NEWYou can now listen to Fox News articles! Cybercriminals are again turning TikTok into a trap for unsuspecting users. This time, they're disguising malicious downloads as …
Bengaluru tech park scam: How fraudsters used ads, malware and fear to loot U.S. victims 2025-11-15 18:17 The Hindu In its first major operation, the Karnataka Cyber Command Unit (CCU) has cracked down on a fraudulent Indian company in eastern Bengaluru, which is believed to have cheated over 500 employees working in the United States. According to senior police …
JSON’s Hidden Peril: North Korean Hackers Weaponize Simple Storage for Stealthy Malware Strikes 2025-11-15 16:09 WebProNews In the shadowy world of cyber espionage, North Korean hackers have once again demonstrated their ingenuity by transforming innocuous JSON storage services into covert channels for malware delivery. This tactic, part of the ongoing ‘Contagious Interview’ …
Formbook Malware Delivered Using Weaponized Zip Files and Multiple Scripts 2025-11-15 08:00 Cyber Security News A new wave of Formbook malware attacks has appeared, using weaponized ZIP archives and multiple script layers to bypass security controls. The attacks begin with phishing emails containing ZIP files that hold VBS scripts disguised as payment confirmation …
Cyber crooks use blast to spread malware: Police 2025-11-14 23:01 The Pioneer Cyber fraudsters are exploiting public curiosity surrounding the recent blast near the Red Fort by circulating malicious files through messages claiming to contain “blast-related evidence”, police sources said on Friday. According to a source, several …
North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels 2025-11-14 20:13 The Hacker News Nov 14, 2025Ravie LakshmananMalware / Threat Intelligence The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads. "The threat …
Crims poison 150K+ npm packages with token-farming malware 2025-11-14 19:23 The Register Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but with a twist. Instead of injecting credential-stealing code or ransomware …
Formbook Malware Campaign Uses Malicious ZIP Files and Layered Scripting Techniques 2025-11-14 14:51 GBHackers A new campaign leveraging Formbook malware has emerged, showcasing sophisticated multi-stage infection tactics that underscore the importance of analyzing more than just executable files during malware investigations. When teaching malware reverse- …
Android Photo Frames App Downloads Malware, Giving Hackers Control of The Device Without User Interaction 2025-11-14 13:44 Cyber Security News Digital photo frames have become a standard household device for displaying family memories, and most users assume these simple gadgets prioritize simplicity over complexity. However, a troubling discovery reveals that specific Android photo frames running …
New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware 2025-11-14 13:44 Cyber Security News A growing social engineering technique called ClickFix has emerged as one of the most successful methods for distributing malware in recent months. This attack tricks users into copying and running commands directly into their operating systems command …
Threat Actors Leverage JSON Storage Services to Host and Deliver Malware Via Trojanized Code Projects 2025-11-14 13:43 Cyber Security News Cybersecurity researchers have uncovered a sophisticated campaign where threat actors abuse legitimate JSON storage services to deliver malware to software developers. The campaign, known as Contagious Interview, represents a significant shift in how …
Greek Police Arrest Alleged Mastermind of the Venom RAT Malware Network 2025-11-14 08:32 Greek Reporter The main suspect had access to over 100,000 crypto wallets belonging to these victims, potentially worth millions of euros. Credit: edwinchuen / CC BY 2.0 Greek police have arrested the alleged mastermind of the massive Venom RAT malware network. The …
Operation Endgame Dismantles 1,025 Malware Servers 2025-11-14 06:58 eSecurityPlanet Europol and Eurojust, working with law enforcement agencies in eleven countries, executed a synchronized takedown of infrastructure tied to three staple cybercrime tools: the Rhadamanthys infostealer, the VenomRAT remote access trojan, and the Elysium …
DanaBot Malware Returns With New Windows Variant 2025-11-14 05:26 TechWorm The notorious DanaBot malware has returned after a six-month hiatus with an upgraded infrastructure and enhanced stealth mechanisms targeting Windows users once again. Security researchers at Zscaler ThreatLabz have uncovered a new variant, DanaBot version …
Google’s Android Identity Check: Fortifying Apps Against Malware in 2026 2025-11-14 05:16 WebProNews In a bold move to enhance security across the Android ecosystem, Google has unveiled its developer verification program, set to mandate identity checks for all app creators by 2026. This initiative, announced in late 2025, aims to curb the proliferation of …
Beware of Fake Bitcoin Tool That Hides DarkComet RAT Malware With it 2025-11-14 04:28 Cyber Security News The rise of cryptocurrency has created new opportunities for cybercriminals to exploit unsuspecting users. Attackers are now disguising the notorious DarkComet remote access trojan as Bitcoin-related applications, targeting cryptocurrency enthusiasts who …
Operation Endgame 3.0 Dismantles Three Major Malware Networks 2025-11-14 04:07 Infosecurity Magazine Three malware strains popular with cybercriminals have been taken down in a large-scale law enforcement operation that spanned 11 countries. The dismantling of the malware networks is part of an ongoing effort, dubbed Operation Endgame. The latest activity …
Hackers Exploiting RMM Tools LogMeIn and PDQ Connect to Deploy Malware as a Normal Program 2025-11-14 03:42 Cyber Security News Cybercriminals are now exploiting remote monitoring and management tools to spread dangerous malware while avoiding detection by security systems. The attack campaign targets users who download what appears to be popular software, such as Notepad++, 7-Zip, …
Operation Endgame Disrupts More Malware 2025-11-14 00:23 Bank Information Security - New Jersey Cybercrime , Fraud Management & Cybercrime Rhadamanthys, VenomRAT and Elysium Targeted in Operation Akshaya Asokan (asokan_akshaya) • November 13, 2025 Image: PixelBiss/Shutterstock A multinational law enforcement operation resulted in the …
Operation Endgame targets malware networks in global crackdown 2025-11-14 00:07 CyberScoop In a sweeping international crackdown coordinated from Europol’s headquarters, law enforcement agencies from the United States and 10 other countries have disrupted three of the world’s most widely used cybercriminal malware operations. Conducted Nov. 10- …
Greece arrests main suspect behind Venom RAT malware network 2025-11-13 20:38 The Malaysian Star ATHENS, Nov. 13 (Xinhua) -- Greek authorities have arrested the main suspect behind the large-scale malware network known as Venom RAT, as part of Operation Endgame coordinated by the European Union Agency for Law Enforcement Cooperation (Europol), Greek …
Rhadamanthys malware admin rattled as cops seize a thousand-plus servers 2025-11-13 20:00 The Register International cops have pulled apart the Rhadamanthys infostealer operation, seizing 1,025 servers tied to the malware in coordinated raids between November 10-13. The infrastructure takedown, part of the long-running Operation Endgame coordinated by …
Europol Goes After Orgs Behind 3 Malware Strains, Takes Down 1,000+ Servers 2025-11-13 18:50 PC Magazine Don't miss out on our latest stories. Add PCMag as a preferred source on Google. Law enforcement has disrupted three malware strains that cybercriminals were using to infect and hijack Windows PCs in order to steal passwords. Europol dismantled the …
Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized Code 2025-11-13 17:17 GBHackers A sophisticated campaign attributed to North Korean-aligned threat actors is weaponizing legitimate JSON storage services as an effective vector for deploying advanced malware to software developers worldwide. The “Contagious Interview” operation …
Top 3 Malware Families in Q4: How to Keep Your SOC Ready 2025-11-13 17:11 Hackread Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings. The third quarter of 2025 saw a concerning evolution in the malware landscape. The latest ANY.RUN Malware Trends quarterly …
Operation Endgame Hits Rhadamanthys, VenomRAT, Elysium Malware, seize 1025 servers 2025-11-13 17:07 Hackread In a massive global operation called Operation Endgame, police forces have taken down the core systems of three major online crime groups, including the Rhadamanthys infostealer, the VenomRAT remote control tool, and the Elysium botnet. The operation took …
DanaBot malware returns with a vengeance, targeting Windows devices - here's how to stay safe 2025-11-13 15:49 TechRadar Pro DanaBot has resurfaced with version 669 and rebuilt infrastructure after Operation Endgame disruption It features modular payloads, encrypted C2, and supports crypto theft via BTC, ETH, LTC, and TRX Zscaler urges organizations to block new IoCs and update …
Hackers turn Cisco and Citrix zero-days into a malware nightmare 2025-11-13 14:30 TechRadar CVE-2025-20337 enables unauthenticated remote code execution in Cisco ISE systems Attackers deployed custom in-memory web shells with advanced evasion and encryption techniques Exploits were widespread and indiscriminate, with no specific industry or actor …
Europol, Eurojust joint operation takes down over 1,025 servers used by malware operations 2025-11-13 14:23 Cryptopolitan Europol, alongside Eurojust, has taken down over 1,025 servers used by three malware families: Rhadamanthys infostealer, VenomRAT, and the Elysium botnet malware operations. This mission is part of the latest phase of Operation Endgame, an activity taking …
iVerify and FTI Consulting Announce Partnership To Combat Sophisticated Mobile Malware 2025-11-13 14:00 EIN Presswire NEW YORK, NY, UNITED STATES, November 13, 2025 /⁨EINPresswire.com⁩/ -- iVerify Inc., a leader in advanced mobile endpoint detection and response (EDR) solutions, and FTI Consulting, Inc., a leading global expert firm for organizations facing crisis …
Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software 2025-11-13 07:48 GBHackers Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated attack campaign leveraging legitimate Remote Monitoring and Management (RMM) tools to deploy backdoor malware on unsuspecting users’ systems. The attacks …
Beware of Fake Bitcoin Tools Concealing DarkComet RAT Malware 2025-11-13 07:48 GBHackers A newly discovered malware campaign is leveraging one of cybercriminals’ most effective lures cryptocurrency to distribute DarkComet RAT. This notorious remote access trojan continues to plague users despite being discontinued by its creator years ago. …
Attackers turned Citrix, Cisco 0-day exploits into custom-malware hellscape 2025-11-13 00:16 The Register An "advanced" attacker exploited CitrixBleed 2 and a max-severity Cisco Identity Services Engine (ISE) bug as zero-days to deploy custom malware, according to Amazon Chief Information Security Officer CJ Moses. The cloud giant's MadPot …
Google reveals AI-powered malware using LLMs in real time 2025-11-12 22:43 Dataconomy Google’s Threat Intelligence Group (GTIG) has identified a significant escalation in the malicious use of artificial intelligence. Adversaries are no longer just using AI for productivity tasks like drafting phishing emails; they are now deploying novel …
AppleScript Used to Deliver macOS Malware Disguised as Zoom & Teams Updates 2025-11-12 21:47 GBHackers Since Apple removed the popular “right-click and open” Gatekeeper override in August 2024, threat actors have shifted their tactics to deliver malware on macOS. Among emerging techniques, attackers are increasingly leveraging AppleScript (.scpt) files to …
WordPress users beware - GootLoader strikes again, using font hack to spread malware 2025-11-12 20:54 TechRadar Gootloader malware resurfaced in late October 2025 after a nine-month hiatus, used to stage ransomware attacks Delivered via malicious JavaScript hidden in custom web fonts, enabling stealthy remote access and reconnaissance Linked to Storm-0494 and Vice …
Hackers Weaponize AppleScript to Creatively Deliver macOS Malware Mimic as Zoom/Teams Updates 2025-11-12 20:50 Cyber Security News Threat actors continue to evolve their techniques for bypassing macOS security controls, shifting away from traditional attack vectors that Apple has systematically patched. Following Apple’s removal of the “right-click and open” Gatekeeper override in …
Beware of Malicious Steam Cleanup Tool Attack Windows Machines to Deploy Backdoor Malware 2025-11-12 20:49 Cyber Security News A sophisticated backdoor malware campaign has emerged targeting Windows users through a weaponized version of SteamCleaner, a legitimate open-source utility designed to clean junk files from the Steam gaming platform. The malware establishes persistent …