Tag

Malware

All articles tagged with #malware

X-sponsored malvertising promotes fake Mac app, delivers MacSync malware
technology-and-security8 days ago

X-sponsored malvertising promotes fake Mac app, delivers MacSync malware

Jamf Threat Labs warns of a ClickFix-style attack where a verified X account promoted a malicious domain impersonating DynamicLake, a Mac utility. Visitors were redirected to dynamicmacisland[.]com and instructed to paste Terminal commands to install malware (MacSync/Atomic Stealer; DigitStealer variants seen). The ad bypassed checks due to trust in a familiar account; X removed it after Jamf reported. The DynamicLake developer condemns fake copies and urges downloads only from DynamicLake.com. This highlights ongoing malvertising risks on social platforms.

Two-stage PamStealer malware stealthily harvests macOS passwords via PAM validation
technology8 days ago

Two-stage PamStealer malware stealthily harvests macOS passwords via PAM validation

Researchers uncovered PamStealer, a two-stage macOS infostealer that uses a disk-image lure masquerading as Maccy, a self-contained JavaScript for Automation downloader, and a Rust-based second stage. It validates passwords locally through macOS PAM before exfiltrating credentials, while staying stealthy by disguising as Finder, encrypting C2 traffic, and delaying prompts to avoid detection.

Amazon’s Vega OS shutters sideloading to curb piracy-linked malware
technology10 days ago

Amazon’s Vega OS shutters sideloading to curb piracy-linked malware

Amazon blames malware-laden piracy apps for stopping new Vega OS–based Fire Sticks from supporting sideloading; Vega OS blocks sideloading and custom launchers to tighten security and ad control, though developers with registered devices can still sideload apps. The move reduces app availability and gives Amazon tighter device control, while Vega OS remains more limited than Fire OS.

Microsoft Drops 119 Edge Extensions Carrying Steganography-Driven Malware
technology11 days ago

Microsoft Drops 119 Edge Extensions Carrying Steganography-Driven Malware

Microsoft has removed 119 Edge Add-ons that hid payloads inside ordinary image and font files (StegoAd), tied to a single threat actor active since 2021 and potentially affecting millions, by deploying ad fraud and credential theft via a remote backdoor. The campaign used steganography in PNGs, WebP and WOFF2, with layered checks and decoy responses to avoid detection. Microsoft urges users to review installed extensions, change passwords, enable 2FA, and use hardware security keys, and has published indicators of compromise for Chrome, Firefox, and other Chromium browsers.

Malware masquerading as Steam wallpapers hijacks accounts through Wallpaper Engine
technology21 days ago

Malware masquerading as Steam wallpapers hijacks accounts through Wallpaper Engine

Kaspersky reports a year-long campaign distributing malware on Steam by bundling malicious payloads with Wallpaper Engine desktop wallpapers. The malware can run unverified third-party code, steal credentials, hijack live sessions, and exfiltrate data to attacker-controlled servers, with China representing the vast majority of affected downloads; Steam has removed the malicious wallpapers and users are advised to run antivirus scans before applying wallpapers that include executables.

Hackers weaponize desktop wallpapers to harvest Steam accounts
technology22 days ago

Hackers weaponize desktop wallpapers to harvest Steam accounts

Kaspersky reports hackers are hiding malware in Wallpaper Engine wallpaper packages on Steam Workshop to steal Steam accounts and data. The attacks target China and Russia but have affected other countries as well; malware runs automatically, often concealed in password-protected archives, and some packages have been downloaded tens of thousands of times. Valve and Wallpaper Engine don’t authorize these packages, so users should vet downloads from Steam Workshop even for trusted sources.

Coordinated JetBrains plugins siphon AI API keys from developers
security24 days ago

Coordinated JetBrains plugins siphon AI API keys from developers

Security researchers identified at least 15 malicious JetBrains Marketplace plugins, published under seven vendor accounts, that secretly exfiltrate AI provider API keys entered by users in plugin settings to a remote server. The plugins, which pretend to be AI coding assistants, code-review tools, and Git utilities, rely on services like OpenAI, DeepSeek, and SiliconFlow and share nearly identical code across multiple packages. They even offer a paid tier that may hand out API keys to paying users. The campaign ran from Oct 2025 to Jun 2026 and has been installed roughly 70,000 times, with the DeepSeek AI Assist and CodeGPT AI Assistant as the top downloads. JetBrains has not publicly commented as of publication.

Malware hijacks Steam Workshop wallpaper packs via Wallpaper Engine to drop backdoors and miners
technology24 days ago

Malware hijacks Steam Workshop wallpaper packs via Wallpaper Engine to drop backdoors and miners

Kaspersky researchers warn that threat actors have seeded malware-laden wallpaper packages on Steam Workshop, exploiting Wallpaper Engine’s executable wallpapers to auto-run when opened, delivering backdoors, credential-stealing components for Steam accounts, crypto miners, and other malware families (DarkKomet, Lumma, Vidar, RanEngine, ransomware). Steam has removed several malicious apps, but new payloads are likely as attackers continue abusing the platform; users should treat downloaded wallpapers as untrusted and scan Workshop content with up-to-date antivirus.

Apple clears up macOS Terminal paste warnings and malware alerts
technology25 days ago

Apple clears up macOS Terminal paste warnings and malware alerts

Apple published a support document explaining macOS 26.4's Terminal paste warnings: the alert is shown mainly to users who don’t regularly use Terminal when pasting commands from websites or apps; there are also separate alerts like 'Malware Detected, Paste Blocked' or 'Malicious Script Blocked' that trigger when known malware is detected, with an option to report false positives if a site was misclassified.

Chrome 0-Day in the Wild Dominates a Week of Exploits, Phishing, and Malware
cybersecurity25 days ago

Chrome 0-Day in the Wild Dominates a Week of Exploits, Phishing, and Malware

Chrome’s active exploitation of CVE-2026-11645 headlines a week of widespread security news, from UniFi OS flaws and an Oracle PeopleSoft compromise to a large Arch Linux AUR package taint, npm/PyPI malware campaigns, and phishing kits. The roundup also covers the Outsider phishing-as-a-service takedown, VPN/auth-bypass flaws, cloud-logging abuse, and ransomware campaigns (Gentlemen, Akira), illustrating attackers’ reliance on old code, weak defaults, and misconfigurations. Patch quickly, watch for unusual login activity, and strengthen defense-in-depth.

technology26 days ago

Arch Linux AUR Grapples With Second Wave of Obfuscated Malware

A day after Arch Linux AUR’s initial malware incident, a second wave of more sophisticated, obfuscated malware hit user-supplied packages (including Node.js, Plasma 6 applets, Firefox, Aura browser, LibreWolf extensions, and a NeoVim plug‑in). Reported by a821 and later by Nicolas Boichat, the affected packages were addressed, but experts warn that AUR security safeguards may need strengthening or a temporary shutdown until verification improves.

Arch AUR Supply-Chain Breach Hits 400+ Packages with Credential Stealer and eBPF Rootkit
technology28 days ago

Arch AUR Supply-Chain Breach Hits 400+ Packages with Credential Stealer and eBPF Rootkit

A supply-chain attack hijacked more than 400 Arch Linux AUR packages by modifying their build scripts to install a Rust-based credential stealer that can also load an eBPF rootkit when run with root; the attackers targeted abandoned packages to exploit trust, persisted via systemd, and used Tor for C2, prompting users to audit builds, rotate credentials, and thoroughly clean systems rather than assuming safety from package managers.

technology29 days ago

Malware Hits Arch Linux AUR, More Than 400 Packages Compromised

A large-scale malware campaign targeted Arch Linux's AUR, compromising over 400 user-submitted packages. Arch maintainers are actively resetting and deleting the malicious content and banning affected accounts; officials say the impact is limited to AUR and does not affect Arch's official packages, with discussions on mailing lists and CachyOS forums detailing the incidents.