Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware.
We’ve already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they’re being lured with slick social media videos that promise free Spotify Premium, free Windows activation, or free Microsoft Office, but instead leave people with infostealers on their Windows devices.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US insurance giant Aflac says hackers stole personal and health data of 22.6 million people
December 23, 2025
In June, U.S. insurance giant Aflac disclosed a data breach where hackers stole customers’ personal information, including Social Security numbers and health information, without saying how many victims were affected. On Tuesday, the company confirmed it has begun notifying around 22.65 million people whose data was stolen during the cyberattack. In a filing with the Texas ...
- From cheats to exploits: Webrat spreading via GitHub
December 23, 2025
In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net: alongside gamers and users of pirated software, they are now targeting inexperienced ...
- Evasive Panda APT poisons DNS requests to deliver MgBot
December 23, 2025
The Evasive Panda APT group (also known as Bronze Highland, Daggerfly, and StormBamboo) has been active since 2012, targeting multiple industries with sophisticated, evolving tactics. Our latest research (June 2025) reveals that the attackers conducted highly-targeted campaigns, which started in November 2022 and ran until November 2024. The group mainly performed adversary-in-the-middle (AitM) attacks on specific ...
- North Korea-backed hackers launch newly detected cyberattack using HWP object linking and embedding code
December 22, 2025
A North Korea-linked cyber hacking group appears to have launched a new cyberattack campaign, code-named “Artemis,” that embeds malicious code inside computer files, a report showed Monday. The Genians Security Center (GSC), a South Korean cybersecurity institute, said in a report that it detected the operation believed to have been carried out by APT37, a Pyongyang-backed ...
- Romania: Around 1,000 systems compromised in ransomware attack on water agency
December 22, 2025
Romania’s cybersecurity agency confirms a major ransomware attack on the country’s water management administration has compromised around 1,000 systems, with work to remediate them still ongoing. Administrația Națională Apele Române (Romanian Waters) says its geographical information system applications servers, database servers, Windows workstations, Windows Servers, email and web servers, and domain name servers are all affected. ...
- Hackers hijacking WhatsApp accounts without any need to crack the authentication
December 21, 2025
Security researchers are warning WhatsApp users about a growing account hijacking technique that does not rely on breaking passwords or bypassing encryption. Attackers exploit WhatsApp’s legitimate device-linking feature to quietly attach their own browser to a victim’s account. Once linked, the attacker can read messages in real time, download shared media, and send messages that appear ...