Hacker News with Generative AI: Malware

Exploiting exposed Portainer agent and using new SSH persistence (exatrack.com)
During an incident response for one of our clients, we stumbled upon a server compromised by the now relatively documented 1234 perfctl malware.

Cybersecurity, Exploitation, Server Security, Malware

3 points by benjiro 5 days ago | 1 comments

Malware found on NPM infecting local package with reverse shell (reversinglabs.com)
For the first time, RL researchers discover malicious locally-installed npm packages infecting other legitimate packages.

Malware, Security, Software, Programming, Node.js

233 points by gnabgib 7 days ago | 140 comments

FBI warnings are true–fake file converters do push malware (bleepingcomputer.com)
The FBI is warning that fake online document converters are being used to steal peoples’ information and, in worst-case scenarios, to deploy ransomware on victims' devices.

Cybersecurity, Malware, Online Security, FBI Warnings

8 points by dyslexit 9 days ago | 0 comments

Show HN: MCP is unsafe. It's time to talk about MCP malware (github.com/ShaojieJiang)
Function tool usage makes AI Agents very powerful, which is akin to introducing app stores to smartphones.

AI, Malware, Security, Programming, Function Tools

14 points by NerualNowtork 12 days ago | 1 comments

Mac is detecting Docker as a malware and keeping it from starting (github.com/docker)
Malware Blocked. “com.docker.socket” was not opened because it contains malware. this action did not harm your Mac.

Mac, Docker, Security, Malware

18 points by mfru 14 days ago | 3 comments

How to Infect Your PC in Three Easy Steps (krebsonsecurity.com)
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Cybersecurity, Malware, Security, Windows

54 points by LinuxBender 16 days ago | 21 comments

Game listed on Steam has a demo that is a virus (reddit.com)
Not sure where to post this but thought this should be brought to light.

Gaming, Security, Steam, Malware

5 points by danso 16 days ago | 0 comments

Lazarus Group deceives developers with 6 new malicious NPM packages (cyberscoop.com)
Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post.

Cybersecurity, Software Development, Malware, North Korea, NPM

17 points by feross 19 days ago | 0 comments

New North Korean Android Spyware Slips onto Google Play (bleepingcomputer.com)
A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps.

Cybersecurity, Android, North Korea, Malware

6 points by giuliomagnifico 21 days ago | 0 comments

Ransomware malware targeting Linux Desktop users spotted in the wild (github.com/evilsocket)
Another typosquatting campaign targeting Go packages, delivers ramsonware malware for the Linux Desktop

Cybersecurity, Malware, Linux, Open Source

12 points by gus_ 22 days ago | 2 comments

TP-Link routers have been infected by a botnet to spread malware (tomsguide.com)

Security, Malware, IoT, Botnets, Networking

12 points by mmphosis 22 days ago | 3 comments

YouTubers extorted via copyright strikes to spread malware (bleepingcomputer.com)
Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos.

Cybersecurity, YouTube, Malware, Cryptocurrency

11 points by akyuu 23 days ago | 0 comments

Polymorphic Chrome Extensions Impersonate Password Managers to Steal Credentials (cyberinsider.com)
A newly discovered class of malicious browser extensions, dubbed polymorphic extensions, can impersonate legitimate extensions such as password managers in real time, tricking users into handing over sensitive credentials.

Cybersecurity, Browser Extensions, Password Managers, Malware

11 points by thunderbong 23 days ago | 4 comments

Nearly 1M Windows devices targeted in advanced "malvertising" spree (arstechnica.com)
Nearly 1 million Windows devices were targeted in recent months by a sophisticated "malvertising" campaign that surreptitiously stole login credentials, cryptocurrency, and other sensitive information from infected machines, Microsoft said.

Cybersecurity, Malware, Windows, Microsoft, Data Breaches

6 points by LinuxBender 26 days ago | 2 comments

Exposing Russian EFF Impersonators: The Inside Story on Stealc and Pyramid C2 (hunt.io)
Open directories often expose more than just files--they provide a window into how malicious campaigns operate. In this case, we identified a threat actor impersonating the Electronic Frontier Foundation (EFF) to target the online gaming community. The exposed directory contained decoy documents alongside the malware used in this operation: Steal and Pyramid C2.

Cybersecurity, Malware, Hacking, Russia, EFF

115 points by hn_acker 27 days ago | 18 comments

Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS (socket.dev)
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.

Cybersecurity, Malware, Go Programming, Linux, macOS

11 points by feross 29 days ago | 1 comments

Notorious Malware, Spam Host "Prospero" Moves to Kaspersky Lab (krebsonsecurity.com)
One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.

Cybersecurity, Malware, Russia, Kaspersky Lab

69 points by todsacerdoti 33 days ago | 26 comments

Kaspersky exposes hidden malware on GitHub stealing personal data (kaspersky.com)
Kaspersky Global Research & Analysis Team (GReAT) discovered hundreds of open source repositories with multistaged malware targeting gamers and cryptoinvestors within a new campaign that was dubbed by Kaspersky as GitVenom.

Cybersecurity, Malware, GitHub, Open Source, Crypto

175 points by 01-_- 33 days ago | 120 comments

VSCode extensions with 9M installs pulled over security risks (bleepingcomputer.com)
Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and 'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code.

Security, VSCode, Malware, Open Source

8 points by akyuu 35 days ago | 0 comments

GitHub Hosting Malware Won't Remove After Report (github.com/UpdaterCisco)

Cybersecurity, Software Development, GitHub, Malware

13 points by vedmed 39 days ago | 9 comments

If you work at GitHub security, you are bad at your job (ycombinator.com)
This is getting to be embarrassing. It’s been almost a week of trying to alert GitHub to multiple spoofed repositories serving malware.

Security, GitHub, Malware

13 points by joshdotsmith 44 days ago | 0 comments

GitHub flooded with malware repos spoofing real projects–no response from GitHub (ycombinator.com)
GitHub is being overrun with repositories impersonating legitimate open-source projects to spread malware. One of them is spoofing my own app. I reported it through GitHub’s official channels days ago, reached out on social media, and even contacted individual GitHub employees. No response.

Cybersecurity, Open Source, GitHub, Malware

15 points by joshdotsmith 47 days ago | 4 comments

Neovim tee.exe binary dependency exhibiting illegitimate / unauthorized behavior (github.com/neovim)
While installing/testing neovim in a Windows 11 sandbox environment for security testing purposes before deploying in a commercial environment, the bundled tee.exe binary was classified as Trojan.Malware.300983.susgen. After doing my due diligence to rule out a false positive, I'm finding that this binary is exhibiting what I would consider suspicious behavior.

Security, Software, Windows, Open Source, Malware

94 points by patadune 48 days ago | 12 comments

Researchers find screenshot-reading OCR malware on App Store and Google Play (engadget.com)
Researchers from Kaspersky have identified malware being distributed within apps on both Android and iOS mobile storefronts.

Cybersecurity, Mobile Security, Malware, Android, iOS

4 points by walterbell 54 days ago | 1 comments

Fake VS Code Extension on NPM Spreads Multi-Stage Malware (mend.io)
In a recent discovery, our research team uncovered a fake VS-code extension—truffelvscode—typosquatting the popular truffle for VS-code extension. This extension serves as a trojan horse for multi-stage malware.

Cybersecurity, Malware, Software, Programming, Development

186 points by tomabai 55 days ago | 98 comments

iPhone apps found on App Store with malware that reads your screenshots for data (9to5mac.com)
One of the promises of the App Store is that anything you download has gone through a vetting process by Apple. Occasionally though, iPhone apps with malicious code slip through the cracks, and today, researchers at Kaspersky have reported on new malware they discovered in App Store apps—which they say is ‘the first known case.’

Security, Mobile Security, Malware, Apple, iOS

19 points by mgh2 55 days ago | 3 comments

OCR Crypto Stealers in Google Play and App Store (securelist.com)
In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. Some of these scanned users’ image galleries in search of crypto wallet access recovery phrases. The search employed an OCR model which selected images on the victim’s device to exfiltrate and send to the C2 server. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources.

Mobile Security, Malware, Cryptocurrency, OCR, Android

35 points by shifty1 56 days ago | 5 comments

iOS App Store apps with screenshot-reading malware found (theverge.com)
Apps distributed through both Apple and Google’s app stores are hiding malicious screenshot-reading code that’s being used to steal cryptocurrency, the cybersecurity software firm Kaspersky reported today.

Cybersecurity, Malware, Mobile Security, iOS

8 points by hassanahmad 56 days ago | 0 comments

FBI, Dutch police disrupt 'Manipulaters' phishing gang (krebsonsecurity.com)
The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan.

Cybersecurity, Law Enforcement, Phishing, Malware

157 points by todsacerdoti 61 days ago | 62 comments

North Korean Apt Lazarus Targets Developers with Malicious NPM Package (socket.dev)
Socket researchers have discovered the malicious npm package postcss-optimizer, which contains code linked to previously documented campaigns conducted by North Korean state-sponsored threat actors known as Contagious Interview, a subgroup within the broader Lazarus Advanced Persistent Threat (APT) group.

Cybersecurity, North Korea, Software Development, Malware, APT

7 points by feross 63 days ago | 0 comments