Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware.
We’ve already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they’re being lured with slick social media videos that promise free Spotify Premium, free Windows activation, or free Microsoft Office, but instead leave people with infostealers on their Windows devices.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- German Government Summons Russian Ambassador Over Major Cyberattack
December 12, 2025
The German government has formally summoned the Russian ambassador following the attribution of a significant cyberattack and coordinated disinformation campaign to Russian actors. This development comes amid heightened concerns regarding interference in Germany’s political processes and critical infrastructure. According to official statements, the cyberattack in question targeted the German Air Traffic Control (Deutsche Flugsicherung, DFS) in ...
- Lazarus, Kimsuky Conduct 58 Attacks Targeting South Korea
December 12, 2025
The North Korean hacking group Lazarus, affiliated with the Reconnaissance General Bureau, is strongly suspected to be behind a 4.45 billion Korean won hacking incident at the virtual asset exchange Upbit. It has been confirmed that Lazarus carried out at least 31 hacking attacks over the past year. According to AhnLab’s “2025 Cyber Threat Trends & ...
- Google and Apple roll out emergency security updates after zero-day attacks
December 12, 2025
Apple and Google have released several software updates to protect against a hacking campaign targeting an unknown number of their users. On Wednesday, Google released patches for a handful of security bugs in its Chrome browser, noting that one of the bugs was being actively exploited by hackers before the company had time to patch it. ...
- Data breach at credit check giant 700Credit affects at least 5.6 million
December 12, 2025
At least 5.6 million people had their names, addresses, dates of birth, and Social Security numbers stolen in a data breach at 700Credit, a company that runs credit checks and identity verification services for auto dealerships across the United States. In a statement on its website, the Michigan-based company blamed the October data breach on an ...
- NANOREMOTE, cousin of FINALDRAFT
December 11, 2025
In October 2025, Elastic Security Labs discovered a newly-observed Windows backdoor in telemetry. The fully-featured backdoor Elastic Security Lab call NANOREMOTE shares characteristics with malware described in REF7707 and is similar to the FINALDRAFT implant. One of the malware’s primary features is centered around shipping data back and forth from the victim endpoint using the Google ...
- SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
December 11, 2025
In October and November 2025, campaigns targeting sectors such as energy, defence, pharmaceuticals, and cybersecurity shared characteristics with older campaigns attributed to Void Rabisuopen on a new tab (also known as ROMCOM, Tropical Scorpius, Storm-0978). Void Rabisu is known to be associated with an actor group that has both financial and espionage motivations that are ...