Hacker News with Generative AI: Malware

Data breach exposes 184M passwords, likely captured by malware (zdnet.com)
Yet another data breach has exposed passwords and other sensitive information – but this one is a whopper.

Data Breaches, Cybersecurity, Malware

143 points by taubek 12 days ago | 94 comments

Destructive malware available in NPM repo went unnoticed for 2 years (arstechnica.com)
Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face.

Cybersecurity, Malware, Open Source, Software Security

7 points by jaredwiener 15 days ago | 0 comments

Suspected InfoStealer Malware Data Breach Exposed 184M Logins/Passwords (websiteplanet.com)
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 184 million login and password credentials.

Cybersecurity, Data Breaches, Malware, Password Security, Login Credentials

9 points by frizlab 16 days ago | 0 comments

Hackers Weaponize KeePass Password Manager (gbhackers.com)
Threat actors have successfully exploited the widely-used open-source password manager, KeePass, to spread malware and facilitate large-scale password theft.

Cybersecurity, Malware, Password Security

8 points by mosiuerbarso 20 days ago | 2 comments

Xray: A full-behavior-chain anti-malware system built in Go by a student (ycombinator.com)

Security, Programming Languages, Malware, Go

6 points by tangtian 21 days ago | 2 comments

Malware hidden inside NPM with invisible Unicode and Google Calendar invites [video] (youtube.com)

Malware, Security, JavaScript, Software, Video

9 points by foobuzzHN 21 days ago | 0 comments

Procolored printer drivers contained malware (neowin.net)
If you own a Procolored inkjet printer, particularly one of the UV models, you might want to check your system for malware, especially if you downloaded the companion software within the past six months, since Procolored was recently found to be distributing malicious software.

Cybersecurity, Malware, Printers, Software

143 points by bundie 21 days ago | 74 comments

Backdooring the IDE: Malicious NPM Packages Hijack Cursor Editor on macOS (socket.dev)
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.

Security, macOS, Software, Programming, Malware

4 points by gnabgib 28 days ago | 0 comments

DOGE engineer's credentials found in past public leaks from info-stealer malware (arstechnica.com)
Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware, a strong indication that devices belonging to him have been hacked in recent years.

Cybersecurity, Data Breaches, Government, Malware

293 points by lysp 29 days ago | 163 comments

DOGEs K Schutt's computer infected by malware, credentials found in stealer logs (micahflee.com)
Kyle Schutt is a 37 year old "DOGE software engineer," according to ProPublica. In February, Drop Site News reported that he gained access to FEMA's "core financial management system." His computer was apparently compromised with malware, because his email address and passwords have shown up in four separate stealer log datasets, all of them published since late 2023.

Cybersecurity, Malware, Data Breaches, Software Engineering

32 points by cycomanic 29 days ago | 4 comments

Linux wiper malware hidden in malicious Go modules on GitHub (bleepingcomputer.com)
A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub.

Cybersecurity, Malware, Linux, Go

22 points by elpocko 32 days ago | 4 comments

E-commerce sites hacked in supply-chain attack (arstechnica.com)
Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious code inside the browsers of visitors, where it can steal payment card information and other sensitive data, security researchers said Monday.

Cybersecurity, E-commerce, Malware

7 points by gorbachev 32 days ago | 0 comments

Wget to Wipeout: Malicious Go Modules Fetch Destructive Payload (socket.dev)
A single line of obfuscated Go code wiped entire disks clean. Could your project be next?

Cybersecurity, Go Programming, Malware, Software Development

5 points by marbu 34 days ago | 0 comments

Exposing Darcula: behind the scenes of a global Phishing-as-a-Service operation (mnemonic.io)

Cybersecurity, Phishing, Malware, Dark Web, Research

11 points by karencarits 34 days ago | 3 comments

NPM targeted by malware campaign mimicking familiar library names (socket.dev)
Developers looking for familiar packages from other programming languages are increasingly falling victim to malicious attacks.

Security, Malware, Software Development, Programming Languages

5 points by feross 35 days ago | 0 comments

Malicious Go modules that completely wipe out your disk (neowin.net)
It's a new month, and the research team at Socket has identified malicious Go modules containing code capable of entirely wiping your computer's hard drive. Yes, totally gone.

Cybersecurity, Go Programming, Malware

7 points by bundie 36 days ago | 0 comments

Mac app launches slowed by malware scan (2024) (lapcatsoftware.com)
I've always attributed slow Xcode launches to Xcode simply sucking, but I've noticed that the FileMerge app frequently launches slowly too.

Mac Apps, Malware, Performance Issues

118 points by username223 37 days ago | 32 comments

Using Trusted Protocols Against You: Gmail as a C2 Mechanism (socket.dev)
Socket’s Threat Research Team uncovered malicious Python packages designed to create a tunnel via Gmail.

Security, Email, Python, Malware, Gmail

5 points by feross 37 days ago | 0 comments

I Found Malware in a BeamNG Mod (lemonyte.com)
Last week, I fired up BeamNG.drive hoping to enjoy a ride around Belasco City. But, just after I launched the game, I noticed an odd notification from my antivirus software.

Gaming, Security, Malware

175 points by davikr 37 days ago | 31 comments

Exiled Uyghur leaders targeted with Windows spyware (citizenlab.ca)
In March 2025, senior members of the World Uyghur Congress (WUC) living in exile were targeted with a spearphishing campaign aimed at delivering Windows-based malware capable of conducting remote surveillance against its targets.

Cybersecurity, Uyghur, China, Surveillance, Malware

43 points by coloneltcb 40 days ago | 2 comments

Bulletproof hosting provider Proton66 steps-up malware campaigns (scworld.com)
The Russian bulletproof hosting provider Proton66 was observed conducting malware campaigns that compromised WordPress sites and then leveraged them to target Android devices.

Cybersecurity, Malware, Hosting, WordPress, Android

5 points by LinuxBender 46 days ago | 0 comments

Chinese snoops use stealth RAT to backdoor US orgs – still active last week (theregister.com)
A cyberspy crew or individual with ties to China's Ministry of State Security has infected global organizations with a remote access trojan (RAT) that's "even better" than Cobalt Strike, using this stealthy backdoor to enable its espionage and access resale campaigns.

Cybersecurity, China, Espionage, Malware, Government

3 points by rntn 53 days ago | 0 comments

Malicious VSCode extensions infect Windows with cryptominers (bleepingcomputer.com)
A set of ten VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer for Monero.

Security, Malware, Cryptomining, Windows

4 points by pseudolus 58 days ago | 0 comments

Malicious VSCode extensions infect Windows with cryptominers (bleepingcomputer.com)
Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero.

Cybersecurity, Software, Cryptocurrency, Malware

6 points by bstsb 60 days ago | 1 comments

Sneaky Android spyware needs a password to uninstall (techcrunch.com)
Consumer-grade phone surveillance apps aren’t only intended to stay stealthy; some of these apps are also making it increasingly difficult to remove them.

Android, Security, Surveillance, Malware

4 points by nobody9999 64 days ago | 0 comments

Exploiting exposed Portainer agent and using new SSH persistence (exatrack.com)
During an incident response for one of our clients, we stumbled upon a server compromised by the now relatively documented 1234 perfctl malware.

Cybersecurity, Exploitation, Server Security, Malware

3 points by benjiro 70 days ago | 1 comments

Malware found on NPM infecting local package with reverse shell (reversinglabs.com)
For the first time, RL researchers discover malicious locally-installed npm packages infecting other legitimate packages.

Malware, Security, Software, Programming, Node.js

233 points by gnabgib 72 days ago | 140 comments

FBI warnings are true–fake file converters do push malware (bleepingcomputer.com)
The FBI is warning that fake online document converters are being used to steal peoples’ information and, in worst-case scenarios, to deploy ransomware on victims' devices.

Cybersecurity, Malware, Online Security, FBI Warnings

8 points by dyslexit 74 days ago | 0 comments

Show HN: MCP is unsafe. It's time to talk about MCP malware (github.com/ShaojieJiang)
Function tool usage makes AI Agents very powerful, which is akin to introducing app stores to smartphones.

AI, Malware, Security, Programming, Function Tools

14 points by NerualNowtork 77 days ago | 1 comments

Mac is detecting Docker as a malware and keeping it from starting (github.com/docker)
Malware Blocked. “com.docker.socket” was not opened because it contains malware. this action did not harm your Mac.

Mac, Docker, Security, Malware

18 points by mfru 79 days ago | 3 comments