PureHVNC RAT

Glassworm malware returns with 24 malicious VS Code packages on OpenVSX and Microsoft marketplace

Cybercrime, News, Research, Vendors, Vulnerabilities

December 2, 2025

The Glassworm malware has returned in a third wave with 24 malicious VS Code extension packages on OpenVSX and the Microsoft Visual Studio Marketplace, using obfuscation and Rust‑based implants to steal credentials, deploy proxies and enable remote access.
New Android RAT ‘Albiriox’ marketed as MaaS targets banking and crypto apps

Cybercrime, Research, Risk

December 1, 2025

A new Android remote access trojan called Albiriox is being sold as malware‑as‑a‑service and targets more than 400 banking, payment and crypto apps using droppers, VNC‑based remote control, accessibility abuses and overlays to conduct on‑device fraud, researchers reported.
Researchers disclose Sturnus Android banking trojan that can capture messages and take over devices

Cybercrime, Research, Risk, Vulnerabilities

November 20, 2025

Security researchers say a new Android banking trojan called Sturnus can capture decrypted messages from apps like WhatsApp, Telegram and Signal, present fake bank login screens, and allow remote control of infected devices; ThreatFabric reports the campaign so far is limited to Southern and Central Europe.
Researchers find self‑propagating ‘GlassWorm’ targeting VS Code extensions using Solana for command control

Cybercrime, News, Research, Risk, Vulnerabilities

October 24, 2025

Researchers have found a self‑spreading worm called GlassWorm that infects VS Code extensions on Open VSX and the Microsoft Marketplace, uses the Solana blockchain and Google Calendar for command control, and steals developer credentials and cryptocurrency assets.
New Android banking trojan Klopatra has infected more than 3,000 devices, Cleafy says

Cybercrime, News, Research, Vulnerabilities

October 1, 2025

Cleafy said a new Android banking trojan called Klopatra has infected over 3,000 devices, mainly in Spain and Italy, using VNC remote control, dynamic overlays and abuse of Android accessibility services to steal credentials and perform fraudulent transfers.
CountLoader: New Russian-linked malware loader broadens post-exploitation toolkit, researchers warn

Cybercrime, News, Risk, Vendors

September 19, 2025

Cybersecurity researchers have identified CountLoader, a new malware loader used by Russian ransomware groups to deliver post-exploitation tools such as Cobalt Strike, AdaptixC2, and the PureHVNC RAT. The loader, observed in variants across .NET, PowerShell, and JavaScript, targets Ukrainian users with PDF phishing lures and features a BrowserVenom proxy capability, multiple download/execution methods, and a…

PureHVNC RAT

Glassworm malware returns with 24 malicious VS Code packages on OpenVSX and Microsoft marketplace

New Android RAT ‘Albiriox’ marketed as MaaS targets banking and crypto apps

Researchers disclose Sturnus Android banking trojan that can capture messages and take over devices

Researchers find self‑propagating ‘GlassWorm’ targeting VS Code extensions using Solana for command control

New Android banking trojan Klopatra has infected more than 3,000 devices, Cleafy says

CountLoader: New Russian-linked malware loader broadens post-exploitation toolkit, researchers warn