2025-11-13 AI创业新闻

Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform

Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service (PhaaS) platform called Lighthouse that has ensnared over 1 million users across 120 countries. The PhaaS kit is used to conduct large-scale SMS phishing attacks that exploit trusted brands like E-ZPass and USPS to steal people’s financial information by prompting them to click on a link using lures related to fake toll fees or package deliveries. While the scam in itself is fairly simple, it’s the industrial scale of the operation that has allowed it to illegally make more than a billion dollars over the past three years.

“They exploit the reputations of Google and other brands by illegally displaying our trademarks and services on fraudulent websites,” Halimah DeLaine Prado, General Counsel at Google, said . “We found at least 107 website templates featuring Google’s branding on sign-in screens specifically designed to trick people into believing the sites are legitimate.” The company said it’s taking legal action to dismantle the underlying infrastructure under the Racketeer Influenced and Corrupt Organizations (RICO) Act, the Lanham Act, and the Computer Fraud and Abuse Act. Lighthouse, along with other PhaaS platforms like Darcula and Lucid, is part of an interconnected cybercrime ecosystem operating out of China that is known to send thousands of smishing messages via Apple iMessage and Google Messages’ RCS capabilities to users in the U.S. and beyond in hopes of stealing sensitive data.

These kits have been put to use by a smishing syndicate tracked as Smishing Triad. In a report published in September, Netcraft revealed that Lighthouse and Lucid have been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries. Phishing templates associated with Lighthouse are licensed from anywhere between $88 for a week to $1,588 for a yearly subscription. “While Lighthouse operates independently of the XinXin group, its alignment with Lucid in terms of infrastructure and targeting patterns highlights the broader trend of collaboration and innovation within the PhaaS ecosystem,” Swiss cybersecurity company PRODAFT said in a report published in April.

It’s estimated that Chinese smishing syndicates may have compromised between 12.7 million and 115 million payment cards in the U.S. alone between July 2023 and October 2024. In recent years, cybercrime groups from China have also evolved to develop new tools like Ghost Tap to add stolen card details to digital wallets on iPhones and Android phones. As recently as last month, Palo Alto Networks Unit 42 said the threat actors behind Smishing Triad have used more than 194,000 malicious domains since January 1, 2024, mimicking a wide range of services, including banks, cryptocurrency exchanges, mail and delivery services, police forces, state-owned enterprises, and electronic tolls, among others.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws

Amazon’s threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products as part of attacks designed to deliver custom malware. “This discovery highlights the trend of threat actors focusing on critical identity and network access control infrastructure – the systems enterprises rely on to enforce security policies and manage authentication across their networks,” CJ Moses, CISO of Amazon Integrated Security, said in a report shared with The Hacker News. The attacks were flagged by its MadPot honeypot network, with the activity weaponizing the following two vulnerabilities - CVE-2025-5777 or Citrix Bleed 2 (CVSS score: 9.3) - An insufficient input validation vulnerability in Citrix NetScaler ADC and Gateway that could be exploited by an attacker to bypass authentication. (Fixed by Citrix in June 2025 ) CVE-2025-20337 (CVSS score: 10.0) - An unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could allow a remote attacker to execute arbitrary code on the underlying operating system as root.

(Fixed by Cisco in July 2025 ) While both shortcomings have come under active exploitation in the wild, the report from Amazon sheds light on the exact nature of the attacks leveraging them. The tech giant said it detected exploitation attempts targeting CVE-2025-5777 as a zero-day, and that further investigation of the threat led to the discovery of an anomalous payload aimed at Cisco ISE appliances by weaponizing CVE-2025-20337. The activity is said to have culminated in the deployment of a custom web shell disguised as a legitimate Cisco ISE component named IdentityAuditAction. “This wasn’t typical off-the-shelf malware, but rather a custom-built backdoor specifically designed for Cisco ISE environments,” Moses said.

The web shell comes fitted with capabilities to fly under the radar, operating entirely in memory and using Java reflection to inject itself into running threads. It also registers as a listener to monitor all HTTP requests across the Tomcat server and implements DES encryption with non-standard Base64 encoding to evade detection. Amazon described the campaign as indiscriminate, characterizing the threat actor as “highly resourced” owing to its ability to leverage multiple zero-day exploits, either by possessing advanced vulnerability research capabilities or having potential access to non-public vulnerability information. On top of that, the use of bespoke tools reflects the adversary’s knowledge of enterprise Java applications, Tomcat internals, and the inner workings of Cisco ISE.

The findings once again illustrate how threat actors are continuing to target network edge appliances to breach networks of interest, making it crucial that organizations limit access, through firewalls or layered access, to privileged management portals. “The pre-authentication nature of these exploits reveals that even well-configured and meticulously maintained systems can be affected,” Moses said. “This underscores the importance of implementing comprehensive defense-in-depth strategies and developing robust detection capabilities that can identify unusual behavior patterns.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

[Webinar] Learn How Leading Security Teams Reduce Attack Surface Exposure with DASR

Every day, security teams face the same problem—too many risks, too many alerts, and not enough time. You fix one issue, and three more show up. It feels like you’re always one step behind. But what if there was a smarter way to stay ahead—without adding more work or stress?

Join The Hacker News and Bitdefender for a free cybersecurity webinar to learn about a new approach called Dynamic Attack Surface Reduction (DASR) —a method that helps security teams close gaps before attackers even find them. Most tools today only tell you what’s wrong. They scan, report, and give you long lists of problems. But they don’t help you fix them fast enough.

The truth is, the attack surface keeps changing—new apps, cloud systems, remote devices, misconfigurations. It never stops. Attackers only need one open door. And that’s why traditional defenses often fail—they react too slowly.

Meet DASR: A Smarter Way to Stay Safe Dynamic Attack Surface Reduction (DASR) changes how we defend. Instead of waiting for threats, DASR works quietly in the background, watching for risky changes and closing weak spots automatically. You’ll learn in this cybersecurity expert webinar: Why traditional scans aren’t enough anymore How DASR uses automation and context to reduce risks in real time How to safely test and use DASR in your own environment Save your seat now and see how you can turn endless alerts into lasting protection. Who You’ll Hear From Two experts from Bitdefender will share real stories and lessons from the front lines: Cristian Iordache , GravityZone Solutions Director, who helps companies build stronger defenses that actually work.

Dragos Gavriluț , VP of Threat Research, who’s led security teams for over 20 years and built tools that stop real-world attacks. They’ll show how DASR and Bitdefender’s PHASR system help close the doors attackers rely on—before damage happens. Security shouldn’t feel like running in circles. With DASR, you can finally move from chasing problems to preventing them—calmly and confidently.

If you want a simpler, stronger, and faster way to stay ahead of threats, this is the session you don’t want to miss. Register now and take your first step toward a safer, smarter way to defend your organization. Found this article interesting? This article is a contributed piece from one of our valued partners.

Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security

Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD’s importance has grown as companies adopt hybrid and cloud infrastructure, but so has its complexity. Every application, user, and device traces back to AD for authentication and authorization, making it the ultimate target. For attackers, it represents the holy grail: compromise Active Directory , and you can access the entire network.

Why attackers target Active Directory AD serves as the gatekeeper for everything in your enterprise. So, when adversaries compromise AD, they gain privileged access that lets them create accounts, modify permissions, disable security controls, and move laterally, all without triggering most alerts. The 2024 Change Healthcare breach showed what can happen when AD is compromised. In this attack, hackers exploited a server lacking multifactor authentication, pivoted to AD, escalated privileges, and then executed a highly costly cyberattack.

Patient care came to a screeching halt. Health records were exposed. The organization paid millions in ransom. Once attackers control AD, they control your entire network.

And standard security tools often struggle to detect these attacks because they look like legitimate AD operations. Common attack techniques Golden ticket attacks generate counterfeit authentication tickets granting full domain access for months. DCSync attacks exploit replication permissions to extract password hashes directly from domain controllers. Kerberoasting gains elevated rights by targeting service accounts with weak passwords.

How hybrid environments expand the attack surface Organizations running hybrid Active Directory face challenges that didn’t exist five years ago. Your identity infrastructure now spans on-premises domain controllers, Azure AD Connect synchronization, cloud identity services, and multiple authentication protocols. Attackers exploit this complexity, abusing synchronization mechanisms to pivot between environments. OAuth token compromises in cloud services provide backdoor access to on-premises resources.

And legacy protocols like NTLM remain enabled for backward compatibility, giving intruders easy relay attack opportunities. The fragmented security posture makes things worse. On-premises security teams use different tools than cloud security teams, allowing visibility gaps to emerge at the boundaries. Threat actors operate in these blind spots while security teams struggle to correlate events across platforms.

Common vulnerabilities that attackers exploit Verizon’s Data Breach Investigation Report found that compromised credentials are involved in 88% of breaches. Cybercriminals harvest credentials through phishing, malware, brute force, and purchasing breach databases. Frequent vulnerabilities in Active Directory Weak passwords: Users reuse the same passwords across personal and work accounts, so one breach exposes multiple systems. Standard eight-character complexity rules seem secure, but hackers can crack them in seconds.

Service account problems: Service accounts often use passwords that never expire or change, and they typically have excessive permissions that allow lateral movement once compromised. Cached credentials: Workstations store administrative credentials in memory, where attackers can extract them with standard tools. Poor visibility: Teams lack insight into who uses privileged accounts , what level of access they have, and when they use them. Stale access: Former employees keep privileged access long after they leave because no one audits and removes it, leading to a buildup of stale accounts that attackers can exploit.

And the hits keep coming: April 2025 brought another critical AD flaw allowing privilege escalation from low-level access to system-level control. Microsoft released a patch, but many organizations struggle to test and deploy updates quickly across all domain controllers. Modern approaches to strengthen your Active Directory Defending AD requires a layered security approach that addresses credential theft, privilege management, and continuous monitoring. Strong password policies are your first defense Effective password policies play a critical role in protecting your environment.

Blocking passwords that appear in breach databases stops staffers from using credentials that hackers already have. Continuous scanning detects when user passwords are compromised in new breaches, not just at password reset. And dynamic feedback shows users whether their password is strong in real time, guiding them toward secure passwords they can actually remember. Privileged access management reduces your attack surface Implementing privileged access management helps minimize risk by limiting how and when administrative privileges are used .

Start by segregating administrative accounts from standard user accounts, so compromised user credentials can’t provide admin access. Enforce just-in-time access that grants elevated privileges only when needed and automatically revokes them afterward. Route all administrative tasks through privileged access workstations to prevent credential theft from regular endpoints. Zero-trust principles apply to Active Directory Adopting a zero-trust approach strengthens Active Directory security by verifying every access attempt rather than assuming trust within the network.

Enforce conditional access policies that evaluate user location, device health, and behavior patterns before granting access, not just username and password. Require multifactor authentication for all privileged accounts to stop malicious actors who steal credentials. Continuous monitoring catches attacks in progress Deploy tools that track every significant AD change, including group membership modifications, permission grants, policy updates, and unusual replication activity between domain controllers. Then, configure alerts for suspicious patterns, like multiple authentication failures from the same account, or administrative actions happening at 3 am when your admins are asleep.

Continuous monitoring provides the visibility needed to detect and stop attacks before they escalate. Patch management is a must-have for domain controllers Strong patch management practices are essential for maintaining secure domain controllers. Deploy security updates that close privilege escalation paths within days, not weeks, bad actors actively scan for unpatched systems. Active Directory security is a continuous process Active Directory security isn’t a one-off project you complete.

Hackers constantly refine techniques, new vulnerabilities emerge, and your infrastructure changes. That means your security also requires ongoing attention and continuous improvement. Passwords remain the most common attack vector, making them your top priority to fix. For the highest level of protection, invest in a solution that continuously monitors for compromised credentials and blocks them in real-time.

For example, a tool like Specops Password Policy integrates directly with Active Directory to block compromised credentials before they become a problem. Specops Password Policy continuously blocks over 4 billion compromised passwords, preventing users from creating credentials that attackers already have. Daily scans catch breached passwords in real-time instead of waiting for the next password change cycle. And when users create new passwords, dynamic feedback guides them toward strong options they can actually remember, reducing support calls while improving security.

Book a live demo of Specops Password Policy today . Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution, 11 information disclosure, three denial-of-service (DoS), two security feature bypass, and two spoofing bugs. The patches are in addition to the 27 vulnerabilities the Windows maker addressed in its Chromium-based Edge browser since the release of October 2025’s Patch Tuesday update.

The zero-day vulnerability that has been listed as exploited in Tuesday’s update is CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have been credited with discovering and reporting the issue. “Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally,” the company said in an advisory. That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition .

Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges. “An attacker with low-privilege local access can run a specially crafted application that repeatedly attempts to trigger this race condition,” Ben McCarthy, lead cybersecurity engineer at Immersive, said. “The goal is to get multiple threads to interact with a shared kernel resource in an unsynchronized way, confusing the kernel’s memory management and causing it to free the same memory block twice. This successful ‘double free’ corrupts the kernel heap, allowing the attacker to overwrite memory and hijack the system’s execution flow.” It’s currently not known how this vulnerability is being exploited and by whom, but it’s assessed to be used as part of a post-exploitation activity to escalate their privileges after obtaining initial access through some other means, such as social engineering, phishing, or exploitation of another vulnerability, Satnam Narang, senior staff research engineer at Tenable, said.

“When chained with other bugs this kernel race is critical: an RCE or sandbox escape can supply the local code execution needed to turn a remote attack into a SYSTEM takeover, and an initial low‑privilege foothold can be escalated to dump credentials and move laterally,” Mike Walters, president and co-founder of Action1, said in a statement. Also patched as part of the updates are two heap-based buffer overflow flaws in Microsoft’s Graphics Component ( CVE-2025-60724 , CVSS score: 9.8) and Windows Subsystem for Linux GUI ( CVE-2025-62220 , CVSS score: 8.8) that could result in remote code execution. Another vulnerability of note is a high-severity privilege escalation flaw in Windows Kerberos (CVE-2025-60704, CVSS score: 7.5) that takes advantage of a missing cryptographic step to gain administrator privileges. The vulnerability has been codenamed CheckSum by Silverfort.

“The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications,” Microsoft said . “An unauthorized attacker must wait for a user to initiate a connection.” Silverfort researchers Eliran Partush and Dor Segal, who discovered the shortcoming, described it as a Kerberos constrained delegation vulnerability that allows an attacker to impersonate arbitrary users and gain control over an entire domain by means of an adversary-in-the-middle (AitM) attack. An attacker who is able to successfully exploit the flaw could escalate privileges and move laterally to other machines in an organization. More concerning, threat actors could also gain the ability to impersonate any user in the company, allowing them to gain unfettered access or become a domain administrator.

“Any organization using Active Directory, with the Kerberos delegation capability turned on, is impacted,” Silverfort said . “Because Kerberos delegation is a feature within Active Directory, an attacker requires initial access to an environment with compromised credentials.” Software Patches from Other Vendors In addition to Microsoft, security updates have also been released by other vendors over the past several weeks to rectify several vulnerabilities, including — Adobe Amazon Web Services AMD Apple ASUS Atlassian AutomationDirect Bitdefender Broadcom (including VMware) Cisco Citrix ConnectWise D-Link Dell Devolutions Drupal Elastic F5 Fortinet GitLab Google Android Google Chrome Google Cloud Grafana Hitachi Energy HP HP Enterprise (including Aruba Networking and Juniper Networks ) IBM Intel Ivanti Jenkins Lenovo Linux distributions AlmaLinux , Alpine Linux , Amazon Linux , Arch Linux , Debian , Gentoo , Oracle Linux , Mageia , Red Hat , Rocky Linux , SUSE , and Ubuntu MediaTek Mitsubishi Electric MongoDB Moxa Mozilla Firefox and Firefox ESR NVIDIA Oracle Palo Alto Networks QNAP Qualcomm Rockwell Automation Ruckus Wireless Samba Samsung SAP Schneider Electric Siemens SolarWinds SonicWall Splunk Spring Framework Supermicro Synology TP-Link WatchGuard , and Zoom Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Google Launches ‘Private AI Compute’ — Secure AI Processing with On-Device-Level Privacy

Google on Tuesday unveiled a new privacy-enhancing technology called Private AI Compute to process artificial intelligence (AI) queries in a secure platform in the cloud. The company said it has built Private AI Compute to “unlock the full speed and power of Gemini cloud models for AI experiences, while ensuring your personal data stays private to you and is not accessible to anyone else, not even Google.” Private AI Compute has been described as a “secure, fortified space” for processing sensitive user data in a manner that’s analogous to on-device processing but with extended AI capabilities. It’s powered by Trillium Tensor Processing Units (TPUs) and Titanium Intelligence Enclaves (TIE), allowing the company to use its frontier models without sacrificing on security and privacy. In other words, the privacy infrastructure is designed to take advantage of the computational speed and power of the cloud while retaining the security and privacy assurances that come with on-device processing.

Google’s CPU and TPU workloads (aka trusted nodes) rely on an AMD-based hardware Trusted Execution Environment (TEE) that encrypts and isolates memory from the host. The tech giant noted that only attested workloads can run on the trusted nodes, and that administrative access to the workloads is cut off. Furthermore, the nodes are secured against potential physical data exfiltration attacks. The infrastructure also supports peer-to-peer attestation and encryption between the trusted nodes to ensure that user data is decrypted and processed only within the confines of a secure environment and is shielded from broader Google infrastructure.

“Each workload requests and cryptographically validates the workload credentials of the other, ensuring mutual trust within the protected execution environment,” Google explained. “Workload credentials are provisioned only upon successful validation of the node’s attestation against internal reference values. Failure of validation prevents connection establishment, thus safeguarding user data from untrusted components.” The overall process flow works like this: A user client establishes a Noise protocol encryption connection with a frontend server and establishes bi-directional attestation. The client also validates the server’s identity using an Oak end-to-end encrypted attested session to confirm that it’s genuine and not modified.

Following this step, the server sets up an Application Layer Transport Security ( ALTS ) encryption channel with other services in the scalable inference pipeline, which then communicates with model servers running on the hardened TPU platform. The entire system is “ephemeral by design,” meaning an attacker who manages to gain privileged access to the system cannot obtain past data, as the inputs, model inferences, and computations are discarded as soon as the user session is completed. Google Private AI Compute Architecture Google has also touted the various protections baked into the system to maintain its security and integrity and prevent unauthorized modifications. These include - Minimizing the number of components and entities that must be trusted for data confidentiality Using Confidential Federated Compute for collecting analytics and aggregate insights Encryption for client-server communications Binary authorization to ensure only signed, authorized code and validated configurations are running across its software supply chain Isolating user data in Virtual Machines (VMs) to contain compromise Securing systems against physical exfiltration with memory encryption and input/output memory management unit ( IOMMU ) protections Zero shell access on the TPU platform Using IP blinding relays operated by third-parties to tunnel all inbound traffic to the system and obscure the true origin of the request Isolating the system’s authentication and authorization from inference using Anonymous Tokens NCC Group, which has conducted an external assessment of Private AI Compute between April and September 2025, said it was able to discover a timing-based side channel in the IP blinding relay component that could be used to “unmask” users under certain conditions.

However, Google has deemed it low risk due to the fact that the multi-user nature of the system introduces a “significant amount of noise” and makes it challenging for an attacker to correlate a query to a specific user. The cybersecurity company also said it identified three issues in the implementation of the attestation mechanism that could result in a denial-of-service (DoS) condition, as well as various protocol attacks. Google is currently working on mitigations for all of them. “Although the overall system relies upon proprietary hardware and is centralized on Borg Prime, […] Google has robustly limited the risk of user data being exposed to unexpected processing or outsiders, unless Google, as a whole organization, decides to do so,” it said.

“Users will benefit from a high level of protection from malicious insiders.” The development mirrors similar moves from Apple and Meta, which have released Private Cloud Compute ( PCC ) and Private Processing to offload AI queries from mobile devices in a privacy-preserving way. “Remote attestation and encryption are used to connect your device to the hardware-secured sealed cloud environment, allowing Gemini models to securely process your data within a specialized, protected space,” Jay Yagnik, Google’s vice president for AI Innovation and Research, said. “This ensures sensitive data processed by Private AI Compute remains accessible only to you and no one else, not even Google.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

WhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Biggest Banks

Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp. According to a report from CyberProof, both malware strains are written in .NET, target Brazilian users and banks, and feature identical functionality to decrypt, targeting banking URLs and monitor banking applications. More importantly, both include the ability to spread through WhatsApp Web . Maverick was first documented by Trend Micro early last month, attributing it to a threat actor dubbed Water Saci .

The campaign involves two components: A self-propagating malware referred to as SORVEPOTEL that’s spread via the desktop web version of WhatsApp and is used to deliver a ZIP archive containing the Maverick payload. The malware is designed to monitor active browser window tabs for URLs that match a hard-coded list of financial institutions in Latin America. Should the URLs match, it establishes contact with a remote server to fetch follow-on commands to gather system information and serve phishing pages to steal credentials. Cybersecurity firm Sophos, in a subsequent report , was the first to raise the possibility of whether the activity could be related to prior reported campaigns that disseminated Coyote targeting users in Brazil and if Maverick is an evolution of Coyote.

Another analysis from Kaspersky found that Maverick did contain many code overlaps with Coyote, but noted it’s treating it as a completely new threat targeting Brazil en masse. The latest findings from CyberProof show that the ZIP file contains a Windows shortcut (LNK) that, when launched by the user, runs cmd.exe or PowerShell to connect to an external server (“zapgrande[.]com”) to download the first-stage payload. The PowerShell script is capable of launching intermediate tools designed to disable Microsoft Defender Antivirus and UAC, as well as retrieve a .NET loader. The loader, for its part, features anti-analysis techniques to check for the presence of reverse engineering tools and self-terminate if found.

The loader then proceeds to download the main modules of the attack: SORVEPOTEL and Maverick. It’s worth mentioning here that Maverick is only installed after ensuring that the victim is located in Brazil by checking the time zone, language, region, and date and time format of the infected host. CyberProof said it also found evidence of the malware being used to single out hotels in Brazil, indicating a possible expansion of targeting. The disclosure comes as Trend Micro detailed Water Saci’s new attack chain that employs an email-based command-and-control (C2) infrastructure, relies on multi-vector persistence for resilience, and incorporates several advanced checks to evade detection, enhance operational stealth, and restrict execution to only Portuguese-language systems.

“The new attack chain also features a sophisticated remote command-and-control system that allows threat actors real-time management, including pausing, resuming, and monitoring the malware’s campaign, effectively converting infected machines into a botnet tool for coordinated, dynamic operations across multiple endpoints,” the cybersecurity company said in a report published late last month. New Water Saci attack chain observed The infection sequence eschews .NET binaries in favor of Visual Basic Script (VB Script) and PowerShell to hijack WhatsApp browser sessions and spread the ZIP file via the messaging app. Similar to the previous attack chain, the WhatsApp Web hijack is performed by downloading ChromeDriver and Selenium for browser automation. The attack is triggered when a user downloads and extracts the ZIP archive, which includes an obfuscated VBS downloader (“Orcamento.vbs” aka SORVEPOTEL), which, in turn, issues a PowerShell command to download and execute a PowerShell script (“tadeu.ps1”) directly in memory.

This PowerShell script is used to take control of the victim’s WhatsApp Web session and distribute the malicious ZIP files to all contacts associated with their account, while also displaying a deceptive banner named “WhatsApp Automation v6.0” to conceal its malicious intent. Furthermore, the script contacts a C2 server to fetch message templates and exfiltrate contact lists. “After terminating any existing Chrome processes and clearing old sessions to ensure clean operation, the malware copies the victim’s legitimate Chrome profile data to its temporary workspace,” Trend Micro said. “This data includes cookies, authentication tokens, and the saved browser session.” Water Saci campaign timeline “This technique allows the malware to bypass WhatsApp Web’s authentication entirely, gaining immediate access to the victim’s WhatsApp account without triggering security alerts or requiring QR code scanning.” The malware, the cybersecurity company added, also implements a sophisticated remote control mechanism that allows the adversary to pause, resume, and monitor the WhatsApp propagation in real-time, effectively turning it into malware capable of controlling the compromised hosts like a bot.

As for how it actually distributes the ZIP archive, the PowerShell code iterates through every harvested contact and checks for a pause command prior to sending personalized messages by substituting variables in the message template with time-based greetings and contact names. Another significant aspect of SORVEPOTEL is that it leverages IMAP connections to terra.com[.]br email accounts using hardcoded email credentials to connect to the email account and retrieve commands rather than using a traditional HTTP-based communication. Some of these accounts have been secured using multi-factor authentication (MFA) to prevent unauthorized access. This added security layer is said to have introduced operational delays since each login requires the threat actor to manually enter a one-time authentication code to access the inbox and save the C2 server URL used to send the commands.

The backdoor then periodically polls the C2 server for fetching the instruction. The list of supported commands is as follows - INFO, to collect detailed system information CMD, to run a command via cmd.exe and export the results of the execution to a temporary file POWERSHELL, to run a PowerShell command SCREENSHOT, to take screenshots TASKLIST, to enumerate all running processes KILL, to terminate a specific process LIST_FILES, to enumerate files/folders DOWNLOAD_FILE, to download files from infected system UPLOAD_FILE, to upload files to infected system DELETE, to delete specific files/folders RENAME, to rename files/folders COPY, to copy files/folders MOVE, to move files/folders FILE_INFO, to get detailed metadata about a file SEARCH, to recursively search for files matching specified patterns CREATE_FOLDER, to create folders REBOOT, to initiate a system restart with 30-second delay SHUTDOWN, to initiate a system shutdown with 30-second delay UPDATE, to download and install an updated version of itself CHECK_EMAIL, to check the attacker-controlled email for new C2 URLs The widespread nature of the campaign is driven by the popularity of WhatsApp in Brazil, which has over 148 million active users , making it the second largest market in the world after India. “The infection methods and ongoing tactical evolution, along with the region-focused targeting, indicate that Water Saci is likely linked to Coyote, and both campaigns operate within the same Brazilian cybercriminal ecosystem,” Trend Micro said, describing the attackers as aggressive in “quantity and quality.” “Linking the Water Saci campaign to Coyote reveals a bigger picture that exhibits a significant shift in the banking trojan’s propagation methods. Threat actors have transitioned from relying on traditional payloads to exploiting legitimate browser profiles and messaging platforms for stealthy, scalable attacks.” Found this article interesting?

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusions with domain controller compromise taking place within 17 hours of initial infection. “GootLoader is back and now leveraging custom WOFF2 fonts with glyph substitution to obfuscate filenames,” security researcher Anna Pham said , adding the malware “exploits WordPress comment endpoints to deliver XOR-encrypted ZIP payloads with unique keys per file.” GootLoader, affiliated with a threat actor tracked as Hive0127 (aka UNC2565), is a JavaScript-based malware loader that’s often distributed via search engine optimization (SEO) poisoning tactics to deliver additional payloads, including ransomware. In a report published last September, Microsoft revealed the threat actor referred to as Vanilla Tempest receives hand-offs from GootLoader infections by the threat actor Storm-0494, leveraging the access to drop a backdoor called Supper (aka SocksShell or ZAPCAT), as well as AnyDesk for remote access.

These attack chains have led to the deployment of INC ransomware. It’s worth noting that Supper has also been grouped together with Interlock RAT (aka NodeSnake), another malware primarily associated with Interlock ransomware. “While there is no direct evidence of Interlock using Supper, both Interlock and Vice Society have been associated with Rhysida at different times, suggesting possible overlaps in the broader cybercriminal ecosystem,” Forescout noted last month. Then, earlier this year, the threat actor behind GootLoader was found to have leveraged Google Ads to target victims looking for legal templates, such as agreements, on search engines to redirect them to compromised WordPress sites hosting malware-laced ZIP archives.

The latest attack sequence documented by Huntress shows that searches for terms like “missouri cover utility easement roadway” on Bing are being used to direct unsuspecting users to deliver the ZIP archive. What’s notable this time around is the use of a custom web font to obfuscate the filenames displayed on the browser so as to defeat static analysis methods. “So, when the user attempts to copy the filename or inspect the source code – they will see weird characters like ‛›μI€vSO₽*‘Oaμ==€‚‚33O%33‚€×:O[TM€v3cwv,,” Pham explained. “However, when rendered in the victim’s browser, these same characters magically transform into perfectly readable text like Florida_HOA_Committee_Meeting_Guide.pdf.

This is achieved through a custom WOFF2 font file that Gootloader embeds directly into the JavaScript code of the page using Z85 encoding, a Base85 variant that compresses the 32KB font into a 40K.” Also observed is a new trick that modifies the ZIP file such that when opened with tools like VirusTotal, Python’s ZIP utilities, or 7-Zip, it unpacks as a harmless-looking .TXT file. On Windows File Explorer, the archive extracts a valid JavaScript file, which is the intended payload. “This simple evasion technique buys the actor time by hiding the true nature of the payload from automated analysis,” a security researcher, who has long been tracking the malware under the pseudonym “GootLoader,” said of the evolution. The JavaScript payload present within the archive is designed to deploy Supper, a backdoor capable of remote control and SOCKS5 proxying.

In at least one instance, the threat actors are said to have used Windows Remote Management (WinRM) to move laterally to the Domain Controller and create a new user with admin-level access. “The Supper SOCKS5 backdoor uses tedious obfuscation protecting simple functionality – API hammering, runtime shellcode construction, and custom encryption add analysis headaches, but the core capabilities remain deliberately basic: SOCKS proxying and remote shell access,” Huntress said. “This ‘good enough’ approach proves that threat actors don’t need cutting-edge exploits when properly obfuscated bread-and-butter tools achieve their objectives.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

CISO’s Expert Guide To AI Supply Chain Attacks

AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert guide to AI Supply chain attacks here . TL;DR AI-enabled supply chain attacks are exploding in scale and sophistication

Malicious package uploads to open-source repositories jumped 156% in the past year .

AI-generated malware has game-changing characteristics

It’s polymorphic by default, context-aware, semantically camouflaged, and temporally evasive. Real attacks are already happening
From the 3CX breach affecting 600,000 companies to NullBulge attacks weaponizing Hugging Face and GitHub repositories. Detection times have dramatically increased - IBM’s 2025 report shows breaches take an average of 276 days to identify, with AI-assisted attacks potentially extending this window. Traditional security tools are struggling
Static analysis and signature-based detection fail against threats that actively adapt.

New defensive strategies are emerging

Organizations are deploying AI-aware security to improve threat detection. Regulatory compliance is becoming mandatory
The EU AI Act imposes penalties of up to €35 million or 7% of global revenue for serious violations. Immediate action is critical
This isn’t about future-proofing but present-proofing. The Evolution from Traditional Exploits to AI-Powered Infiltration Remember when supply chain attacks meant stolen credentials and tampered updates?

Those were simpler times. Today’s reality is far more interesting and infinitely more complex. The software supply chain has become ground zero for a new breed of attack. Think of it like this: if traditional malware is a burglar picking your lock, AI-enabled malware is a shapeshifter that studies your security guards’ routines, learns their blind spots, and transforms into the cleaning crew.

Take the PyTorch incident . Attackers uploaded a malicious package called torchtriton to PyPI that masqueraded as a legitimate dependency. Within hours, it had infiltrated thousands of systems, exfiltrating sensitive data from machine learning environments. The kicker?

This was still a “traditional” attack. Fast forward to today, and we’re seeing something fundamentally different. Take a look at these three recent examples –

NullBulge Group - Hugging Face & GitHub Attacks (2024) A threat actor called NullBulge conducted supply chain attacks by weaponizing code in open-source repositories on Hugging Face and GitHub, targeting AI tools and gaming software.

The group compromised the ComfyUI_LLMVISION extension on GitHub and distributed malicious code through various AI platforms, using Python-based payloads that exfiltrated data via Discord webhooks and delivered customized LockBit ransomware. 2. Solana Web3.js Library Attack (December 2024) On December 2, 2024, attackers compromised a publish-access account for the @solana/web3.js npm library through a phishing campaign. They published malicious versions 1.95.6 and 1.95.7 that contained backdoor code to steal private keys and drain cryptocurrency wallets, resulting in the theft of approximately $160,000–$190,000 worth of crypto assets during a five-hour window.

Wondershare RepairIt Vulnerabilities (September 2025) The AI-powered image and video enhancement application Wondershare RepairIt exposed sensitive user data through hardcoded cloud credentials in its binary. This allowed potential attackers to modify AI models and software executables and launch supply chain attacks against customers by replacing legitimate AI models retrieved automatically by the application. Download the CISO’s expert guide for full vendor listings and implementation steps .

The Rising Threat: AI Changes Everything Let’s ground this in reality. The 3CX supply chain attack of 2023 compromised software used by 600,000 companies worldwide, from American Express to Mercedes-Benz. While not definitively AI-generated, it demonstrated the polymorphic characteristics we now associate with AI-assisted attacks: each payload was unique, making signature-based detection useless. According to Sonatype’s data, malicious package uploads jumped 156% year-over-year.

More concerning is the sophistication curve. MITRE’s recent analysis of PyPI malware campaigns found increasingly complex obfuscation patterns consistent with automated generation, though definitive AI attribution remains challenging. Here’s what makes AI-generated malware genuinely different: Polymorphic by default: Like a virus that rewrites its own DNA, each instance is structurally unique while maintaining the same malicious purpose. Context-aware: Modern AI malware includes sandbox detection that would make a paranoid programmer proud.

One recent sample waited until it detected Slack API calls and Git commits, signs of a real development environment, before activating. Semantically camouflaged: The malicious code doesn’t just hide; it masquerades as legitimate functionality. We’ve seen backdoors disguised as telemetry modules, complete with convincing documentation and even unit tests. Temporally evasive: Patience is a virtue, especially for malware.

Some variants lie dormant for weeks or months, waiting for specific triggers or simply outlasting security audits. Why Traditional Security Approaches Are Failing Most organizations are bringing knives to a gunfight, and the guns are now AI-powered and can dodge bullets. Consider the timeline of a typical breach. IBM’s Cost of a Data Breach Report 2025 found it takes organizations an average of 276 days to identify a breach and another 73 days to contain it.

That’s nine months where attackers own your environment. With AI-generated variants that mutate daily, your signature-based antivirus is essentially playing whack-a-mole blindfolded. AI isn’t just creating better malware, it’s revolutionizing the entire attack lifecycle: Fake Developer Personas: Researchers have documented “SockPuppet” attacks where AI-generated developer profiles contributed legitimate code for months before injecting backdoors. These personas had GitHub histories, Stack Overflow participation, and even maintained personal blogs – all generated by AI.

Typosquatting at Scale: In 2024, security teams identified thousands of malicious packages targeting AI libraries. Names like openai-official, chatgpt-api, and tensorfllow (note the extra ‘l’) trapped thousands of developers. Data Poisoning: Recent Anthropic Research demonstrated how attackers could compromise ML models at training time, inserting backdoors that activate on specific inputs. Imagine your fraud detection AI suddenly ignoring transactions from specific accounts.

Automated Social Engineering: Phishing isn’t just for emails anymore. AI systems are generating context-aware pull requests, comments, and even documentation that appears more legitimate than many genuine contributions. A New Framework for Defense Forward-thinking organizations are already adapting, and the results are promising. The new defensive playbook includes: AI-Specific Detection: Google’s OSS-Fuzz project now includes statistical analysis that identifies code patterns typical of AI generation.

Early results show promise in distinguishing AI-generated from human-written code – not perfect, but a solid first line of defense. Behavioral Provenance Analysis: Think of this as a polygraph for code. By tracking commit patterns, timing, and linguistic analysis of comments and documentation, systems can flag suspicious contributions. Fighting Fire with Fire: Microsoft’s Counterfit and Google’s AI Red Team are using defensive AI to identify threats.

These systems can identify AI-generated malware variants that evade traditional tools. Zero-Trust Runtime Defense: Assume you’re already breached. Companies like Netflix have pioneered runtime application self-protection (RASP) that contains threats even after they execute. It’s like having a security guard inside every application.

Human Verification: The “proof of humanity” movement is gaining traction. GitHub’s push for GPG-signed commits adds friction but dramatically raises the bar for attackers. The Regulatory Imperative If the technical challenges don’t motivate you, perhaps the regulatory hammer will. The EU AI Act isn’t messing around, and neither are your potential litigators.

The Act explicitly addresses AI supply chain security with comprehensive requirements, including: Transparency obligations: Document your AI usage and supply chain controls Risk assessments: Regular evaluation of AI-related threats Incident disclosure: 72-hour notification for AI-involved breaches Strict liability: You’re responsible even if “the AI did it” Penalties scale with your global revenue, up to €35 million or 7% of worldwide turnover for the most serious violations. For context, that would be a substantial penalty for a large tech company. But here’s the silver lining: the same controls that protect against AI attacks typically satisfy most compliance requirements. Your Action Plan Starts Now The convergence of AI and supply chain attacks isn’t some distant threat – it’s today’s reality.

But unlike many cybersecurity challenges, this one comes with a roadmap. Immediate Actions (This Week): Audit your dependencies for typosquatting variants. Enable commit signing for critical repositories. Review packages added in the last 90 days.

Short-term (Next Month): Deploy behavioral analysis in your CI/CD pipeline. Implement runtime protection for critical applications. Establish “proof of humanity” for new contributors. Long-term (Next Quarter): Integrate AI-specific detection tools.

Develop an AI incident response playbook. Align with regulatory requirements. The organizations that adapt now won’t just survive, they’ll have a competitive advantage. While others scramble to respond to breaches, you’ll be preventing them.

For the full action plan and recommended vendors, download the CISO’s guide PDF here. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Npm Package Targeting GitHub-Owned Repositories Flagged as Red Team Exercise

Cybersecurity researchers have discovered a malicious npm package named “@acitons/artifact” that typosquats the legitimate “ @actions/artifact “ package with the intent to target GitHub-owned repositories. “We think the intent was to have this script execute during a build of a GitHub-owned repository, exfiltrate the tokens available to the build environment, and then use those tokens to publish new malicious artifacts as GitHub,” Veracode said in an analysis. The cybersecurity company said it observed six versions of the package – from 4.0.12 to 4.0.17 – that incorporated a post-install hook to download and run malware. That said, the latest version available for download from npm is 4.0.10, indicating that the threat actor behind the package, blakesdev , has removed all the offending versions.

The package was first uploaded on October 29, 2025, and has since accrued 31,398 weekly downloads. In total, it has been downloaded 47,405 times , according to data from npm-stat. Veracode also said it identified another npm package named “8jfiesaf83” with similar functionality. It’s no longer available for download, but it appears to have been downloaded 1,016 times .

Further analysis of one of the malicious versions of the package has revealed that the postinstall script is configured to download a binary named “harness” from a now-removed GitHub account . The binary is an obfuscated shell script that includes a check to prevent execution if the time is after 2025-11-06 UTC. It’s also designed to run a JavaScript file named “verify.js” that checks for the presence of certain GITHUB_ variables that are set as part of a GitHub Actions workflow, and exfiltrates the collected data in encrypted format to a text file hosted on the “app.github[.]dev” subdomain. “The malware was only targeting repositories owned by the GitHub organization, making this a targeted attack against GitHub,” Veracode said.

“The campaign appears to be targeting GitHub’s own repositories as well as a user y8793hfiuashfjksdhfjsk which exists but has no public activity. This user account could be for testing.” Update In a statement shared with The Hacker News, a GitHub spokesperson said the identified packages were part of a “tightly controlled exercise” conducted by GitHub’s Red Team. “GitHub takes security seriously and regularly tests its security posture through rigorous, realistic Red Team exercises to ensure resilience against current threat actor techniques. At no point were GitHub systems or data at risk,” the spokesperson added.

(The story was updated after publication with a response from GitHub stating it was a red teaming exercise from the Microsoft-owned subsidiary.) Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Android Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for Hackers

Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that’s sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model. According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply, and delete incoming notifications. “It’s a MaaS product with seller documentation, videos, and a bot-driven subscription model that helps novice attackers by providing a low barrier to entry,” Zimperium researcher Vishnu Pratapagiri said in a report last week. “Because it targets financial workflows (fake windows for banks) and abuses the SMS handler role (for intercepting 2-factor SMS), it poses a direct threat to enterprise customers using BYOD and to any organization whose employees rely on mobile banking or sensitive mobile apps.” The threat actor, in their advertisement for Fantasy Hub, refers to victims as “ mammoths ,” a term often used by Telegram-based cybercriminals operating out of Russia.

Customers of the e-crime solution receive instructions related to creating fake Google Play Store landing pages for distribution, as well as the steps to bypass restrictions. Prospective buyers can choose the icon, name, and page they wish to receive a slick-looking page. The bot, which manages paid subscriptions and builder access, is also designed to let threat actors upload any APK file to the service and return a trojanized version with the malicious payload embedded into it. The service is available for one user (i.e., one active session) for a weekly price of $200 or for $500 per month.

Users can also opt for a yearly subscription that costs $4,500. The command-and-control (C2) panel associated with the malware provides details about the compromised devices, along with information about the subscription status itself. The panel also offers the attackers the ability to issue commands to collect various kinds of data. “Sellers instruct buyers to create a bot, capture the chat ID, and configure tokens to route general and high-priority alerts to separate chats,” Zimperium said.

“This design closely mirrors HyperRat , an Android RAT that was detailed last month.” As for the malware, it abuses the default SMS privileges like ClayRAT to obtain access to SMS messages, contacts, camera, and files. By prompting the user to set it as the default SMS handling app, it allows the malicious program to obtain multiple powerful permissions in one go rather than having to ask for individual permissions at runtime. The dropper apps have been found to masquerade as a Google Play update to lend it a veneer of legitimacy and trick users into granting it the necessary permissions. Besides using fake overlays to obtain banking credentials associated with Russian financial institutions such as Alfa, PSB, T-Bank, and Sberbank, the spyware relies on an open-source project to stream camera and microphone content in real-time over WebRTC.

“The rapid rise of Malware-as-a-Service (MaaS) operations like Fantasy Hub shows how easily attackers can weaponize legitimate Android components to achieve full device compromise,” Pratapagiri said. “Unlike older banking trojans that rely solely on overlays, Fantasy Hub integrates native droppers, WebRTC-based live streaming, and abuse of the SMS handler role to exfiltrate data and impersonate legitimate apps in real time.” The disclosure comes as Zscaler ThreatLabz revealed that Android malware transactions increased by 67% year-over-year, driven by sophisticated spyware and banking trojans. As many as 239 malicious applications have been flagged on the Google Play Store, with the apps being downloaded 42 million times collectively between June 2024 and May 2025. Some of the noteworthy Android malware families observed during the time period were Anatsa (aka TeaBot and Toddler), Void (aka Vo1d), and a never-before-seen Android RAT dubbed Xnotice that has targeted job seekers in the oil and gas sector in the Middle East and North African regions by passing off as job application apps distributed via fake employment portals.

Once installed, the malware steals banking credentials through overlays, and collects other sensitive data like multi-factor authentication (MFA) codes, SMS messages, and screenshots. “Threat actors deploy sophisticated banking trojans like Anatsa, ERMAC , and TrickMo , which often masquerade as legitimate utilities or productivity apps on both official and third-party app stores,” the company said . “Once installed, they use highly deceptive techniques to capture usernames, passwords, and even the two-factor authentication (2FA) codes needed to authorize transactions.” The findings also follow an advisory from CERT Polska about new samples of Android malware called NGate (aka NFSkate) targeting users of Polish banks to plunder card details via Near Field Communication (NFC) relay attacks. Links to the malicious apps are distributed via phishing emails or SMS messages that purport to come from the banks and warn recipients of a technical problem or a security incident, thereby nudging them into installing the app.

Upon launching the app in question, the victim is prompted to verify their payment card directly within the app by tapping it on the back of the Android device. However, doing so causes the app to stealthily capture the card’s NFC data and exfiltrate it to an attacker-controlled server, or directly to a companion app installed by the threat actor who wants to withdraw cash from an ATM. “The campaign is designed to enable unauthorized cash withdrawals at ATMs using victims’ own payment cards,” the agency said . “Criminals don’t physically steal the card; they relay the card’s NFC traffic from the victim’s Android phone to a device the attacker controls at an ATM.” Found this article interesting?

Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature

Google’s Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet’s Triofox file-sharing and remote access platform. The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads. The tech giant said it observed a threat cluster tracked as UNC6485 weaponizing the flaw as far back as August 24, 2025, nearly a month after Gladinet released patches for the flaw in version 16.7.10368.56560 . It’s worth noting that CVE-2025-12480 is the third flaw in Triofox that has come under active exploitation this year alone, after CVE-2025-30406 and CVE-2025-11371 .

“Added protection for the initial configuration pages,” according to release notes for the software. “These pages can no longer be accessed after Triofox has been set up.” Mandiant said the threat actor weaponized the unauthenticated access vulnerability to gain access to the configuration pages, and then used them to create a new native admin account, Cluster Admin, by running the setup process. The newly created account was subsequently used to conduct follow-on activities. “To achieve code execution, the attacker logged in using the newly created Admin account.

The attacker uploaded malicious files to execute them using the built-in antivirus feature,” security researchers Stallone D’Souza, Praveeth DSouza, Bill Glynn, Kevin O’Flynn, and Yash Gupta said. “To set up the antivirus feature, the user is allowed to provide an arbitrary path for the selected anti-virus. The file configured as the antivirus scanner location inherits the Triofox parent process account privileges, running under the context of the SYSTEM account.” The attackers, per Mandiant, ran their malicious batch script (“centre_report.bat”) by configuring the path of the antivirus engine to point to the script. The script is designed to download an installer for Zoho Unified Endpoint Management System (UEMS) from 84.200.80[.]252, and use it to deploy remote access programs like Zoho Assist and AnyDesk on the host.

The remote access afforded by Zoho Assist was leveraged to conduct reconnaissance, followed by attempts to change passwords for existing accounts and add them to local administrators and the “Domain Admins” group for privilege escalation. As a way to sidestep detection, the threat actors downloaded tools like Plink and PuTTY to set up an encrypted tunnel to a command-and-control (C2) server over port 433 via SSH with the ultimate goal of allowing inbound RDP traffic. While the ultimate objective of the campaign remains unknown, it’s advised that Triofox users update to the latest version, audit admin accounts, and verify that Triofox’s antivirus engine is not configured to execute unauthorized scripts or binaries. Found this article interesting?

Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon

The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control. “Attackers impersonated psychological counselors and North Korean human rights activists, distributing malware disguised as stress-relief programs,” the Genians Security Center (GSC) said in a technical report. What’s notable about the attacks targeting Android devices is also the destructive ability of the threat actors to exploit Google’s asset tracking services Find Hub (formerly Find My Device) to remotely reset victim devices, thereby leading to the unauthorized deletion of personal data. The activity was detected in early September 2025.

The development marks the first time the hacking group has weaponized legitimate management functions to remotely reset mobile devices. The activity is also preceded by an attack chain in which the attackers approach targets via spear-phishing emails to obtain access to their computers, and leverage their logged-in KakaoTalk chat app sessions to distribute the malicious payloads to their contacts in the form of a ZIP archive. The spear-phishing emails are said to mimic legitimate entities like the National Tax Service to deceive recipients into opening malicious attachments to deliver remote access trojans like Lilith RAT that can remotely commandeer compromised machines and deliver additional payloads. Konni Attack Flow “The threat actor stayed hidden in the compromised computer for over a year, spying via the webcam and operating the system when the user was absent,” GSC noted.

“In this process, the access obtained during the initial intrusion enables system control and additional information collection, while evasion tactics allow long-term concealment.” The deployed malware on the victim’s computer allows the threat actors to carry out internal reconnaissance and monitoring, as well as exfiltrate victims’ Google and Naver account credentials. The stolen Google credentials are then used to log in to Google’s Find Hub and initiate a remote wipe of their devices. In one case, the attackers have been found to sign into a recovery email account registered under Naver, delete security alert emails from Google, and empty the inbox’s trash folder to cover up traces of the nefarious activity. The ZIP file propagated via the messaging app contains a malicious Microsoft Installer (MSI) package (“Stress Clear.msi”), which abuses a valid signature issued to a Chinese company to give the application an illusion of legitimacy.

Once launched, it invokes a batch script to perform initial setup and proceeds to run a Visual Basic Script (VB Script) that displays a fake error message about a language pack compatibility issue, while the malicious commands are executed in the background. This includes launching an AutoIt script that’s configured to run every minute by means of a scheduled task in order to execute additional commands received from an external server (“116.202.99[.]218”). While the malware shares some similarities with Lilith RAT, it has been codenamed EndRAT (also referred to as EndClient RAT by security researcher Ovi Liber) due to the differences observed. The list of supported commands is as follows - shellStart , to start a remote shell session shellStop , to stop remote shell refresh , to send system information list , to list drives or root directory goUp , to move up one directory download , to exfiltrate a file upload , to receive a file run , to execute a program on host delete , to delete a file on host Genians said the Konni APT actors have also utilized an AutoIt script to launch Remcos RAT version 7.0.4, which was released by its maintainers, Breaking Security, on September 10, 2025, indicating that the adversary is actively using newer versions of the trojan in its attacks.

Also observed on victim devices are Quasar RAT and RftRAT , another trojan previously put to use by Kimsuky in 2023. “This suggests that the malware is tailored to Korea-focused operations and that obtaining relevant data and conducting in-depth analysis requires substantial effort,” the South Korean cybersecurity company said. In a statement shared with The Hacker News, a Google spokesperson said the attack does not exploit any security flaw in Android or Find Hub, urging users to enable 2-Step Verification or passkeys to safeguard against credential theft. Users at an elevated risk of targeted attacks because of who they are or what they do are recommended to enroll in Google’s Advanced Protection Program for improved account security.

“This attack did not exploit any security flaw in Android or Find Hub. The report indicates this targeted attack required PC malware to be present in order to steal Google account credentials and abuse legitimate functions in Find Hub,” the spokesperson added. Lazarus Group’s New Comebacker Variant Detailed The disclosure comes as ENKI detailed the Lazarus Group’s use of an updated version of the Comebacker malware in attacks aimed at aerospace and defense organizations using tailored Microsoft Word document lures consistent with an espionage campaign. The lures impersonate Airbus, Edge Group, and the Indian Institute of Technology Kanpur.

The infection chain kicks off when victims open the file and enable macros, causing the embedded VBA code to execute and deliver a decoy document that’s displayed to the user, along with a loader component that’s responsible for launching Comebacker in memory. The malware, for its part, establishes communication with a command-and-control (C2) server over HTTPS and enters into a loop to poll for new commands or download an encrypted payload and execute it. “The actor’s use of highly specific lure documents indicates that this is a targeted spear phishing campaign,” ENKI said in a technical report. “Although there are no reports of victims so far, the C2 infrastructure remains active at the time of this publication.” Kimsuky Uses a New JavaScript Dropper The findings also coincide with the discovery of a new JavaScript-based malware dropper that has been employed by Kimsuky in its recent operations, demonstrating the actor’s continued refinement of its malware arsenal.

The initial access mechanism by which the JavaScript malware is distributed is currently not known. Kimsuky JavaScript Dropper Flow The starting point of the attack is an initial JavaScript file (“themes.js”) that contacts an adversary-controlled infrastructure to fetch more JavaScript code that’s capable of executing commands, exfiltrating data, and retrieving a third-stage JavaScript payload to create a scheduled task to launch the first JavaScript file every minute and launch an empty Word document, likely as a decoy. “Since the Word document is empty and does not run any macros in the background, it may be a lure,” the Pulsedive Threat Research said in an analysis published last week. Found this article interesting?