Cybercriminals behind a campaign dubbed DEAD#VAX are taking phishing one step further by delivering malware inside virtual hard disks that pretend to be ordinary PDF documents.
Open the wrong “invoice” or “purchase order” and you won’t see a document at all. Instead, Windows mounts a virtual drive that quietly installs AsyncRAT, a backdoor Trojan that allows attackers to remotely monitor and control your computer. It’s a remote access tool, which means attackers gain remote hands‑on‑keyboard control, while traditional file‑based defenses see almost nothing suspicious on disk.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Age verification vendor Persona left frontend exposed
February 20, 2026
Researchers investigating Discord’s age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far more expansive surveillance and financial intelligence stack than a simple “teen safety” tool. A short while ago we reported that Discord will limit profiles to teen-appropriate mode until you verify your age. ...
- ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data
February 20, 2026
Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters. On Friday, the cybercrime crew listed the hospitality company on its blog, claiming to have stolen more than 800,000 records containing employees’ Social Security numbers and other private details. The extortionists set a February 23 deadline ...
- Ukrainian gets five years for helping North Koreans secure US tech jobs
February 20, 2026
Ukrainian national Oleksandr Didenko will spend the next five years behind bars in the US for his involvement in helping North Korean IT workers secure fraudulent employment. The 29-year-old played a role in supporting individuals working for a hostile regime to get contracts in the US. In November 2025, Didenko pleaded guilty to wire fraud and ...
- FBI: Increase in malware enabled ATM jackpotting incidents across United States
February 19, 2026
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) and technical details associated with malware enabled ATM jackpotting. Threat actors exploit physical and software vulnerabilities in ATMs and deploy malware to dispense cash without a legitimate transaction. The FBI has observed an increase in ATM jackpotting incidents across the ...
- AI-generated passwords are a security risk
February 19, 2026
Using Artificial Intelligence (AI) to generate your passwords is a bad idea. It’s likely to give that password to a criminal who can then use it in a dictionary attack—which is when an attacker runs through a prepared list of likely passwords (words, phrases, patterns) with automated tools until one of them works, instead of ...
- Arkanix Stealer: C++ and Python infostealer
February 19, 2026
In October 2025, Kaspersky researchers discovered a series of forum posts advertising a previously unknown stealer, dubbed “Arkanix Stealer” by its authors. It operated under a MaaS (malware-as-a-service) model, providing users not only with the implant but also with access to a control panel featuring configurable payloads and statistics. The set of implants included a publicly ...