Hacker News with Generative AI: Malware

Doge software engineer's computer infected by info-stealing malware (arstechnica.com)
Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware, a strong indication that devices belonging to him have been hacked in recent years.
Cybersecurity, Malware, Government, Data Breaches
125 points by lysp 3 hours ago | 35 comments
DOGEs K Schutt's computer infected by malware, credentials found in stealer logs (micahflee.com)
Kyle Schutt is a 37 year old "DOGE software engineer," according to ProPublica. In February, Drop Site News reported that he gained access to FEMA's "core financial management system." His computer was apparently compromised with malware, because his email address and passwords have shown up in four separate stealer log datasets, all of them published since late 2023.
Cybersecurity, Malware, Data Breaches, Software Engineering
26 points by cycomanic 15 hours ago | 4 comments
Linux wiper malware hidden in malicious Go modules on GitHub (bleepingcomputer.com)
A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub.
Cybersecurity, Malware, Linux, Go
21 points by elpocko 3 days ago | 3 comments
E-commerce sites hacked in supply-chain attack (arstechnica.com)
Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious code inside the browsers of visitors, where it can steal payment card information and other sensitive data, security researchers said Monday.
Cybersecurity, E-commerce, Malware
7 points by gorbachev 4 days ago | 0 comments
Wget to Wipeout: Malicious Go Modules Fetch Destructive Payload (socket.dev)
A single line of obfuscated Go code wiped entire disks clean. Could your project be next?
Cybersecurity, Go Programming, Malware, Software Development
5 points by marbu 5 days ago | 0 comments
Exposing Darcula: behind the scenes of a global Phishing-as-a-Service operation (mnemonic.io)
Cybersecurity, Phishing, Malware, Dark Web, Research
11 points by karencarits 5 days ago | 3 comments
NPM targeted by malware campaign mimicking familiar library names (socket.dev)
Developers looking for familiar packages from other programming languages are increasingly falling victim to malicious attacks.
Security, Malware, Software Development, Programming Languages
5 points by feross 7 days ago | 0 comments
Malicious Go modules that completely wipe out your disk (neowin.net)
It's a new month, and the research team at Socket has identified malicious Go modules containing code capable of entirely wiping your computer's hard drive. Yes, totally gone.
Cybersecurity, Go Programming, Malware
7 points by bundie 7 days ago | 0 comments
Mac app launches slowed by malware scan (2024) (lapcatsoftware.com)
I've always attributed slow Xcode launches to Xcode simply sucking, but I've noticed that the FileMerge app frequently launches slowly too.
Mac Apps, Malware, Performance Issues
117 points by username223 8 days ago | 32 comments
Using Trusted Protocols Against You: Gmail as a C2 Mechanism (socket.dev)
Socket’s Threat Research Team uncovered malicious Python packages designed to create a tunnel via Gmail.
Security, Email, Python, Malware, Gmail
5 points by feross 9 days ago | 0 comments
I Found Malware in a BeamNG Mod (lemonyte.com)
Last week, I fired up BeamNG.drive hoping to enjoy a ride around Belasco City. But, just after I launched the game, I noticed an odd notification from my antivirus software.
Gaming, Security, Malware
175 points by davikr 9 days ago | 31 comments
Exiled Uyghur leaders targeted with Windows spyware (citizenlab.ca)
In March 2025, senior members of the World Uyghur Congress (WUC) living in exile were targeted with a spearphishing campaign aimed at delivering Windows-based malware capable of conducting remote surveillance against its targets.
Cybersecurity, Uyghur, China, Surveillance, Malware
43 points by coloneltcb 11 days ago | 2 comments
Bulletproof hosting provider Proton66 steps-up malware campaigns (scworld.com)
The Russian bulletproof hosting provider Proton66 was observed conducting malware campaigns that compromised WordPress sites and then leveraged them to target Android devices.
Cybersecurity, Malware, Hosting, WordPress, Android
5 points by LinuxBender 17 days ago | 0 comments
Chinese snoops use stealth RAT to backdoor US orgs – still active last week (theregister.com)
A cyberspy crew or individual with ties to China's Ministry of State Security has infected global organizations with a remote access trojan (RAT) that's "even better" than Cobalt Strike, using this stealthy backdoor to enable its espionage and access resale campaigns.
Cybersecurity, China, Espionage, Malware, Government
3 points by rntn 24 days ago | 0 comments
Malicious VSCode extensions infect Windows with cryptominers (bleepingcomputer.com)
A set of ten VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer for Monero.
Security, Malware, Cryptomining, Windows
4 points by pseudolus 29 days ago | 0 comments
Malicious VSCode extensions infect Windows with cryptominers (bleepingcomputer.com)
Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero.
Cybersecurity, Software, Cryptocurrency, Malware
6 points by bstsb 32 days ago | 1 comments
Sneaky Android spyware needs a password to uninstall (techcrunch.com)
Consumer-grade phone surveillance apps aren’t only intended to stay stealthy; some of these apps are also making it increasingly difficult to remove them.
Android, Security, Surveillance, Malware
4 points by nobody9999 36 days ago | 0 comments
Exploiting exposed Portainer agent and using new SSH persistence (exatrack.com)
During an incident response for one of our clients, we stumbled upon a server compromised by the now relatively documented 1234 perfctl malware.
Cybersecurity, Exploitation, Server Security, Malware
3 points by benjiro 41 days ago | 1 comments
Malware found on NPM infecting local package with reverse shell (reversinglabs.com)
For the first time, RL researchers discover malicious locally-installed npm packages infecting other legitimate packages.
Malware, Security, Software, Programming, Node.js
233 points by gnabgib 44 days ago | 140 comments
FBI warnings are true–fake file converters do push malware (bleepingcomputer.com)
The FBI is warning that fake online document converters are being used to steal peoples’ information and, in worst-case scenarios, to deploy ransomware on victims' devices.
Cybersecurity, Malware, Online Security, FBI Warnings
8 points by dyslexit 46 days ago | 0 comments
Show HN: MCP is unsafe. It's time to talk about MCP malware (github.com/ShaojieJiang)
Function tool usage makes AI Agents very powerful, which is akin to introducing app stores to smartphones.
AI, Malware, Security, Programming, Function Tools
14 points by NerualNowtork 48 days ago | 1 comments
Mac is detecting Docker as a malware and keeping it from starting (github.com/docker)
Malware Blocked. “com.docker.socket” was not opened because it contains malware. this action did not harm your Mac.
Mac, Docker, Security, Malware
18 points by mfru 51 days ago | 3 comments
How to Infect Your PC in Three Easy Steps (krebsonsecurity.com)
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.
Cybersecurity, Malware, Security, Windows
54 points by LinuxBender 52 days ago | 21 comments
Game listed on Steam has a demo that is a virus (reddit.com)
Not sure where to post this but thought this should be brought to light.
Gaming, Security, Steam, Malware
5 points by danso 53 days ago | 0 comments
Lazarus Group deceives developers with 6 new malicious NPM packages (cyberscoop.com)
Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post.
Cybersecurity, Software Development, Malware, North Korea, NPM
17 points by feross 55 days ago | 0 comments
New North Korean Android Spyware Slips onto Google Play (bleepingcomputer.com)
A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps.
Cybersecurity, Android, North Korea, Malware
6 points by giuliomagnifico 58 days ago | 0 comments
Ransomware malware targeting Linux Desktop users spotted in the wild (github.com/evilsocket)
Another typosquatting campaign targeting Go packages, delivers ramsonware malware for the Linux Desktop
Cybersecurity, Malware, Linux, Open Source
12 points by gus_ 59 days ago | 2 comments
TP-Link routers have been infected by a botnet to spread malware (tomsguide.com)
Security, Malware, IoT, Botnets, Networking
12 points by mmphosis 59 days ago | 3 comments
YouTubers extorted via copyright strikes to spread malware (bleepingcomputer.com)
Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos.
Cybersecurity, YouTube, Malware, Cryptocurrency
11 points by akyuu 59 days ago | 0 comments
Polymorphic Chrome Extensions Impersonate Password Managers to Steal Credentials (cyberinsider.com)
A newly discovered class of malicious browser extensions, dubbed polymorphic extensions, can impersonate legitimate extensions such as password managers in real time, tricking users into handing over sensitive credentials.
Cybersecurity, Browser Extensions, Password Managers, Malware
11 points by thunderbong 60 days ago | 4 comments