Threats Tagged 'malware'

Maltrail IOC for 2026-06-23

A new malware masquerading as ClearMic, a legitimate microphone noise suppression application, has been identified. This malicious software is a Remote Access Trojan (RAT) that logs keystrokes, captures screens, hijacks clipboard data, records microphone audio, and exfiltrates this information to a remote server. It also deletes Windows Shadow Copies to hinder file recovery, a behavior typical of ransomware. The malware detects sandbox environments to evade analysis. Users who have installed this malware are advised to disconnect from the internet, run anti-malware tools, and change passwords from a clean device.

Maltrail IOC for 2026-06-22

AryStinger is a malware family that hijacks over 4,300 outdated routers built on Realtek RTL819X chips, primarily D-Link DIR-850L devices, to create a stealthy reconnaissance and intrusion support network. It exploits old vulnerabilities disclosed in 2013 and 2016 to install a lightweight Linux binary that performs distributed scanning and information gathering without typical malicious activities like file encryption or cryptocurrency mining. A second, more capable Go-based build targets NAS devices via a 2025 code injection vulnerability. The malware communicates with its command and control infrastructure using obfuscated protocols and establishes persistence via Dropbear SSH. The infected routers act as Executors that perform parallel scanning tasks, enabling efficient network footprinting. The infection is concentrated mainly in South Korea and China but also affects other countries. The malware's low detection rate and use of legacy hardware with no firmware updates pose ongoing risks to privacy, enterprise security, and national infrastructure.

MediumMalwareSouth KoreaChinaSweden+2#cybersecurity#reddit#malware

Maltrail IOC for 2026-06-21

Maltrail IOC for 2026-06-20

Maltrail IOC for 2026-06-19

Cybercriminals conducted a campaign abusing GitHub, YouTube, and VirusTotal to distribute crypto-stealing malware disguised as legitimate cryptocurrency trading and gambling tools. The malware, targeting Windows and macOS, is a Rust-based clipboard hijacker that replaces copied cryptocurrency wallet addresses with attacker-controlled ones. The campaign used fake GitHub stars, coordinated accounts, inflated download counts, AI-narrated YouTube tutorials, and manipulated VirusTotal feedback to build trust and appear legitimate. Over 5,000 GitHub downloads and more than 44,000 SourceForge downloads were recorded, with significant activity from Pakistan and India. The attackers frequently rotated wallet addresses to evade detection. The campaign demonstrates advanced reputation manipulation techniques to spread malware beyond classic distribution methods.

Maltrail IOC for 2026-06-18

The entire @mastra npm scope was hijacked, affecting 141 packages including @mastra/core. The attacker did not modify the original source code but added a malicious dependency named easy-day-js, a seemingly benign dayjs clone. The attack exploited semantic versioning by specifying a dependency version range (^1.11.21) while the latest tag pointed to a newer version (1.11.22) containing a malicious postinstall hook. This allowed the malicious code to execute during package installation without immediate detection.