Malware

January 21, 2026

Business executives and IT admins are being targeted by a highly sophisticated phishing attack which doesn’t happen in the email inbox but rather – on LinkedIn. Security researchers ReliaQuest said they saw a new attack that combines legitimate Python pentesting projects, DLL sideloading, and fake job ads, to infect “high-value targets” with remote access trojans ...

January 19, 2026

On December 8, 2025, Koi.ai published their findings about a campaign specifically targeting software developers through weaponized Visual Studio Code extensions. Here, Trend Micro will provide a more in-depth analysis of the multistage delivery of the Evelyn information stealer. Evelyn implements multiple anti-analysis techniques to evade detection in research and sandbox environments. It collects system information ...

January 19, 2026

Cybersecurity researchers have managed to break into the web-based control panel for the StealC infostealer and gain valuable information on how the malware operates, and who both the attackers and the victims are. StealC is an immensely popular infostealer malware which first emerged a couple of years ago, and has since become one of the staples ...

January 19, 2026

A group of cybercriminals called DarkSpectre is believed to be behind three campaigns spread by malicious browser extensions: ShadyPanda, GhostPoster, and Zoom Stealer. Malwarebytes Labs wrote about the ShadyPanda campaign in December 2025, warning users that extensions which had behaved normally for years suddenly went rogue. After a malicious update, these extensions were able to track ...

January 12, 2026

AsyncRAT has emerged as a notable Remote Access Trojan (RAT) used by threat actors for its robust capabilities and ease of deployment. It gained favor for its extensive feature set, which includes keylogging, screen capturing, and remote command execution capabilities. Its modular architecture, typically implemented in Python, provides flexibility and ease of customization, making it a ...

January 8, 2026

A member of Malwarebytes Labs web research team pointed the author to a fake WinRAR installer that was linked from various Chinese websites. When these links start to show up, that’s usually a good indicator of a new campaign. So, the author downloaded the file and started an analysis, which turned out to be something of ...

December 31, 2025

Merom Harpaz, Andrea Nicola Constantino Hermes Gambazzi, and Sara Aleksandra Fayssal Hamou – three individuals who were sanctioned by the US for alleged links to commercial spyware products, have had their bans lifted recently. In a new press release published by the US Office of Foreign Assets Control (OFAC) earlier this week, it was briefly stated ...

December 29, 2025

In mid-2025, Kaspersky researchers identified a malicious driver file on computer systems in Asia. The driver file is signed with an old, stolen, or leaked digital certificate and registers as a mini-filter driver on infected machines. Its end-goal is to inject a backdoor Trojan into the system processes and provide protection for malicious files, user-mode ...

December 23, 2025

In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net: alongside gamers and users of pirated software, they are now targeting inexperienced ...

December 19, 2025

Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples. This update provides information on additional samples, including Rust-based samples. These samples demonstrate advanced persistence and defense ...