Linux Malware
-
New Showboat Linux malware targeted telecom provider in Middle East, researchers say
Researchers say Showboat, a new Linux malware family, has targeted a telecommunications provider in the Middle East since at least mid-2022. The campaign also involved victims in Afghanistan, Azerbaijan, the United States and Ukraine.
-
Check Point Research says VoidLink cloud malware was largely AI generated
A Check Point Research technical analysis says the VoidLink Linux cloud malware was largely generated with AI, reaching about 88,000 lines of code and a functional iteration within a week after development began in late November 2025.
-
Transparent Tribe targets Indian government with dual-platform Linux and Windows malware, researchers say
Researchers say the Transparent Tribe (APT36) has expanded its assault on Indian government networks with a cross‑platform campaign targeting Windows and Linux‑BOSS systems through spear‑phishing, weaponized desktop shortcuts, and a Go‑based backdoor, complemented by anti‑analysis techniques and 2FA‑focused phishing.
-
DripDropper Linux malware patches exploited flaw to lock out rivals, Red Canary says
Red Canary researchers describe DripDropper, a Linux malware that exploits Apache ActiveMQ CVE-2023-46604 to gain access to cloud servers, then patches the vulnerability to keep rivals out and maintain control, using Sliver for persistence and Dropbox as a command channel.
-
New GhostContainer Malware Targets Microsoft Exchange Servers in Asia
Kaspersky’s SecureList reveals GhostContainer, a new malware targeting Microsoft Exchange servers in Asia, allowing attackers extensive control and potential data exfiltration.
-
Supply Chain Attack Targets Popular npm Packages with Malware Injection
A supply chain attack has compromised several popular npm packages, with researchers warning that malicious code injected through phishing campaigns could exploit maintainers’ credentials, leading to potential remote code execution.
-
Malware-as-a-Service Campaign Exploits GitHub for Distribution
Cisco’s Talos security team has exposed a malware-as-a-service operation utilizing GitHub for malicious software distribution, raising concerns over cybersecurity in enterprise environments.
-
Cybersecurity Researchers Uncover Advanced Matanbuchus 3.0 Malware Targeting Microsoft Teams
Cybersecurity experts have identified a new variant of the Matanbuchus malware that exploits Microsoft Teams. This advanced loader has sophisticated stealth capabilities, enhancing its potential for evading detection and targeting company employees through social engineering tactics.
-
New Android Malware Campaign Targeting Telegram Users Uncovered
A recent study by BforeAI reveals a malware campaign deceiving Android users into downloading fake Telegram applications from hundreds of malicious domains, utilizing tactics such as QR code redirects and lookalike websites.
-
State-Sponsored HazyBeacon Malware Targets Southeast Asian Governments
A new cyber espionage campaign targets Southeast Asian governments using the HazyBeacon malware, which leverages trusted cloud services for data exfiltration and evasion of detection.
