Tuesday 23 June 2026 19:49:05 GMT+02:00

Netcrook

HomeManifesto
News
Corporate Security IncidentsCloud, SaaS & Identity SecurityIndustrial Cybersecurity & Critical InfrastructureCyber Intelligence, TrendsAI Security & Agentic SystemsCyber Intelligence & Threat TrendsCyber WarfareCyber Warfare & Nation-State OperationsCyber CriminalityBreaches & Data LeaksCybercrimeMalware & BotnetsRansomware & ExtortionSecurity Awareness & Social EngineeringLegal PolicyLegal, Policy & Government CybersecurityPrivacy, Regulation & ComplianceTechnology, InnovationTechnology, Innovation & Digital InfrastructureVulnerabilities Patch ManagementResearch, Exploits & Offensive SecurityVulnerabilities & Patch Management
Techcrook
Tutte le tecnologieIdentita e accessoFirewall e reteBackup e archiviazioneEnergia e continuitaPrivacy e sicurezza fisicaLaboratorio e prototipazioneStampa e tracciabilitaTecnologia quotidiana
Geocrook
AfricaAsiaEuropeMiddle EastNorth AmericaOceaniaSouth America
WikicrookTeamAppContact
EnglishItalianoArabic

Malware & Botnets

CryptoBandits Turns a USB Habit Into a Crypto Theft Risk

23 June 2026 17:19Malware & BotnetsNorth America / USANEXUSGUARDIAN

A new Windows malware family is reported to spread through USB devices and use Tor, while altering wallet addresses to steal cryptocurrency.

#CryptoBandits | #USB malware | #crypto clipper

Inside the Windows Trapdoor: A Shortcut, a Public Folder, and a Memory-Resident RAT

23 June 2026 16:50Malware & BotnetsIRONQUERY

A lure built around a geopolitical theme masked a loader chain that leaned on user execution, writable paths, and trusted Windows components to keep the final payload off disk.

#Dropping Elephant | #in-memory RAT | #DLL side-loading

When a Windows Helper Becomes the Hideout

23 June 2026 14:44Malware & BotnetsNorth America / USAIRONQUERY

A legitimate Microsoft binary, a sideloaded DLL, and a memory-resident RAT show how attackers can turn normal loader behavior into a stealth delivery path.

#Dropping Elephant | #Fondue.exe | #DLL side-loading

Lookalike npm Packages Turn a CSS Search into a Supply-Chain Trap

23 June 2026 12:19Malware & BotnetsNorth America / USANEXUSGUARDIAN

A small cluster of PostCSS-themed npm packages shows how name confusion and install-time trust can turn routine dependency work into a Windows malware risk.

#npm packages | #PostCSS | #Windows RAT

When the Firewall Starts Watching the Users

23 June 2026 10:33Malware & BotnetsNorth America / USANEXUSGUARDIAN

A Go-based tool tied to compromised FortiGate appliances turns the network edge into a credential risk, not just a traffic-control point.

#FortigateSniffer | #FortiGate firewalls | #credential harvesting

SocGholish Knocked Back: Why This Takedown Hits the Crimeware Delivery Layer

23 June 2026 10:30Malware & BotnetsEurope / RussiaNEXUSGUARDIAN

An international operation targeted SocGholish, also known as FakeUpdates, and disrupted an infrastructure described as tied to Evil Corp - a reminder that the front door of cybercrime is often more important than the payload behind it.

#SocGholish | #Evil Corp | #FakeUpdates

When a Mac App Becomes a Moving Target: The FlutterShell Case

23 June 2026 10:24Malware & BotnetsNorth America / USASIGNALMONK

A macOS malware family linked to remote JavaScript delivery shows how attackers can shift meaningful logic off the binary and into infrastructure that can change at any time.

#FlutterShell | #macOS malware | #sandbox evasion

When Flutter and WebViews Become a Backdoor’s Quietest Route

23 June 2026 10:20Malware & BotnetsNorth America / USASIGNALMONK

A macOS malware family named FlutterShell shows how ordinary app frameworks can be repurposed for runtime command execution without looking like a classic implant.

#macOS backdoor | #FlutterInvoke bridge | #WKWebView

Fake Popularity, Real Theft: The Clip-on Trap Hiding Behind GitHub Stars and VirusTotal Votes

22 June 2026 19:16Malware & BotnetsNorth America / USAIRONQUERY

A deceptive trust layer is being abused to make a crypto clipper look safer than it is, turning stars, reviews, and clipboard swaps into a quiet route to theft.

#fake GitHub stars | #VirusTotal reviews | #crypto clipper

Sponsored Search, Silent Loader: How a Fake Ad Chain Turns Into Credential Theft

22 June 2026 19:06Malware & BotnetsNorth America / USAIRONQUERY

A newly described malware loader, OXLOADER, shows how a simple ad click can become a staged delivery path for CastleStealer and other credential-grabbing payloads.

#OXLOADER | #CastleStealer | #Google Ads

Trusted Chat, Untrusted Payload: How WhatsApp Messages Became a Windows Delivery Route

22 June 2026 18:22Malware & BotnetsNorth America / USANEXUSGUARDIAN

Compromised WhatsApp accounts are being used to push malicious VBScript files, then legitimate RMM tools are abused to keep access alive on infected Windows machines.

#WhatsApp compromesso | #VBScript malevoli | #strumenti RMM

Rokarolla and the Android Trap: When a Banking Trojan Wants the Whole Phone

22 June 2026 15:32Malware & BotnetsNorth America / USAIRONQUERY

The malware family linked to Android banking fraud is interesting not for one trick, but for the way it turns ordinary handset features into a potential control layer for attackers.

#Rokarolla | #banking trojan | #Android malware

Old Router Flaws, New Quiet Threat: AryStinger Turns Edge Devices Into Reconnaissance Nodes

22 June 2026 15:11Malware & BotnetsIRONQUERY

A malware family built for scanning, tunneling, and persistence shows how long-forgotten router bugs can still power a modern access network.

#AryStinger botnet | #router flaws | #intrusion reconnaissance

Forgotten Edge Devices, New Operator Tricks: AryStinger’s Quiet Relay Game

22 June 2026 15:05Malware & BotnetsAsia / ChinaIRONQUERY

A newly analyzed botnet turns aging routers and NAS appliances into scanning and tunneling nodes, showing how small edge devices can become useful infrastructure for hiding attacker origin and widening reach.

#AryStinger | #intranet scanning | #traffic tunneling

Paper Trail, Hidden Payload: How a Stealthy Remcos Phish Slips Past the Obvious Defenses

22 June 2026 14:57Malware & BotnetsIRONQUERY

Financial-themed attachments, a concealed payload, and fileless staging turn a routine phishing theme into a harder-to-spot Remcos delivery chain.

#Remcos RAT | #phishing attachments | #steganography

A Lookalike npm Name, Then a Windows Script Chain: The Supply-Chain Trap Behind a RAT Drop

22 June 2026 14:52Malware & BotnetsNorth America / USAIRONQUERY

A typosquatted package in the npm ecosystem shows how a single confusing name can hand attackers a path from dependency install to Windows-native execution.

#npm packages | #PowerShell | #Windows RAT

The Phishing File That Hid a Loader, Then Unleashed a Second Wave

22 June 2026 14:22Malware & BotnetsNEXUSGUARDIAN

A business-themed archive attachment led to a packed .NET loader, a steganographic second stage, and a payload chain that included Remcos RAT and multiple infostealers.

#Remcos RAT | #Infostealers | #Steganographic loader

Mastra’s npm Trail Turns a Package Update Into a Crypto-Extension Risk

22 June 2026 14:14Malware & BotnetsNorth America / USANEXUSGUARDIAN

A malicious dependency found in more than 140 Mastra packages shows how a software supply-chain incident can move from build tools to browser-facing cryptocurrency surfaces.

#Mastra NPM | #supply chain | #crypto extensions

A Lookalike npm Package Turned a Trusted CSS Name Into a Windows Malware Pipe

22 June 2026 14:07Malware & BotnetsNorth America / USAIRONQUERY

A deceptive package name in the PostCSS orbit shows how open-source trust can be abused before any code ever reaches production.

#npm package | #PowerShell downloader | #Windows RAT

GitHub as a Malware Conveyor Belt: What a 10,000-Repo Abuse Case Reveals

22 June 2026 10:49Malware & BotnetsNorth America / USAIRONQUERY

A large repository-abuse campaign puts a hard truth in focus: on code-sharing platforms, reputation can be weaponized as easily as code.

#GitHub repos | #Trojan malware | #open-source disguise