banking malware
-
Grandoreiro and BTMOB campaigns target banking users in Europe and Latin America
Researchers say Grandoreiro and BTMOB are being used in separate campaigns against banking users in Europe and Latin America, combining phishing, DLL side-loading and Android social engineering with malware-as-a-service sales.
-
TrickMo Android banker adds TON blockchain for covert communications
A new TrickMo Android banking malware variant is targeting users in Europe and using the TON blockchain for covert command and control traffic, according to a technical analysis. The malware adds new network and tunneling commands and targets banking and crypto wallets.
-
JanelaRAT malware targets banks in Brazil and Mexico, Kaspersky says
JanelaRAT malware has targeted banks and financial institutions in Brazil and Mexico, with Kaspersky recording more than 26,000 attacks there in 2025. The trojan can steal credentials, track activity and use browser extensions for fraud.
-
Malicious NPM Packages Pose Threat to WhatsApp Developers
Researchers at Socket have discovered two malicious NPM packages that impersonate WhatsApp development tools, deploying dangerous data-wiping code and threatening developers’ systems. Despite takedown efforts, the packages remain available for download.
-
Discovery of Malicious Go Packages Exposes Supply Chain Vulnerabilities
Recent cybersecurity research highlights a critical vulnerability in the Go programming ecosystem with the discovery of 11 malicious packages designed for covert data exfiltration on Windows and Linux systems. The malware exploits the decentralized nature of Go modules, undermining developer confidence.
-
Stealthy PXA Stealer Targets Thousands Globally, Exposing Personal Data
The PXA Stealer malware has infected over 4,000 victims in 62 countries, leading to significant breaches of passwords, credit card data, and browser cookies, with stolen information sold on Telegram marketplaces.
-
State-Sponsored Attack Targets Southeast Asian Telecommunications
A state-sponsored hacking group, CL-STA-0969, has targeted Southeast Asian telecommunications networks, employing sophisticated tools to establish remote access while avoiding detection. The report highlights significant overlaps with other espionage groups and emphasizes the need for robust cybersecurity measures.
-
Hackers Exploit SAP Vulnerability to Deploy Auto-Color Backdoor in Targeted Attack
Hackers exploited a critical SAP NetWeaver vulnerability to deliver the Auto-Color backdoor, targeting a U.S.-based chemicals company in April 2025.
-
Cybercriminals Target Users with Malicious Fake Apps in New Mobile Malware Campaign
A new mobile malware campaign named SarangTrap is targeting users in South Korea with fake apps that steal personal information, underscoring ongoing threats posed by cybercriminals.
-
New Cyber Espionage Campaign Targets Russian Aerospace Sector with EAGLET Implant
A new cyber espionage campaign named Operation CargoTalon has targeted Russian aerospace and defense sectors, deploying the EAGLET backdoor to facilitate data theft. Analysts report sophisticated tactics involving spear-phishing emails and the use of decoy documents referencing U.S. sanctioned entities.
