#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Salesforce Security Handbook

Code Obfuscation | Breaking Cybersecurity News | The Hacker News

Category — Code Obfuscation
New Android Banking Trojan “Klopatra” Uses Hidden VNC to Control Infected Smartphones

New Android Banking Trojan "Klopatra" Uses Hidden VNC to Control Infected Smartphones

Oct 01, 2025 Malware / Mobile Security
A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan (RAT) in late August 2025, said it leverages Hidden Virtual Network Computing (VNC) for remote control of infected devices and dynamic overlays for facilitating credential theft, ultimately enabling fraudulent transactions. "Klopatra represents a significant evolution in mobile malware sophistication," security researchers Federico Valentini, Alessandro Strino, Simone Mattia, and Michele Roviello said . "It combines extensive use of native libraries with the integration of Virbox, a commercial-grade code protection suite, making it exceptionally difficult to detect and analyze." Evidence gathered from the malware's command-and-control (C2) infrastructure and linguistic clues in the associated...
Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes

Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes

Aug 07, 2025 Malware / Threat Intelligence
Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. "At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes it in memory," Socket security researcher Olivia Brown said . The list of identified packages is below - github.com/stripedconsu/linker github.com/agitatedleopa/stm github.com/expertsandba/opt github.com/wetteepee/hcloud-ip-floater github.com/weightycine/replika github.com/ordinarymea/tnsr_ids github.com/ordinarymea/TNSR_IDS github.com/cavernouskina/mcp-go github.com/lastnymph/gouid github.com/sinfulsky/gouid github.com/briefinitia/gouid
Stealthy BLOODALCHEMY Malware Targeting ASEAN Government Networks

Stealthy BLOODALCHEMY Malware Targeting ASEAN Government Networks

May 24, 2024 APT Malware / Cyber Espionage
Cybersecurity researchers have discovered that the malware known as  BLOODALCHEMY  used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. "The origin of BLOODALCHEMY and Deed RAT is ShadowPad and given the history of ShadowPad being utilized in numerous APT campaigns, it is crucial to pay special attention to the usage trend of this malware," Japanese company ITOCHU Cyber & Intelligence  said . BLOODALCHEMY was  first documented  by Elastic Security Labs in October 2023 in connection with a campaign mounted by an intrusion set it tracks as REF5961 targeting the Association of Southeast Asian Nations (ASEAN) countries. A barebones x86 backdoor written in C, it's injected into a signed benign process ("BrDifxapi.exe") using a technique called DLL side-loading, and is capable of overwriting the toolset, gathering ho...
cyber security

How to Remove Otter AI from Your Org

websiteNudge SecuritySaaS Security / Artificial Intelligence
AI notetakers like Otter AI spread fast and introduce a slew of data privacy risks. Learn how to find and remove viral notetakers.
cyber security

[Download Report] State of AI in the SOC 2025: What 280+ Security Leaders Say

websiteProphet SecurityAI SOC Analyst
SOC teams face alert overload. Download this report to learn how SOCs are using AI for faster and smarter triage, investigation, and response.
YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group

YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group

Oct 26, 2023 Endpoint Protection / Malware
A relatively new threat actor known as  YoroTrooper  is likely made up of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani entities, barring the government's Anti-Corruption Agency. "YoroTrooper attempts to obfuscate the origin of their operations, employing various tactics to make its malicious activity appear to emanate from Azerbaijan, such as using VPN exit nodes local to that region," security researchers Asheer Malhotra and Vitor Ventura  said . First documented by the cybersecurity company in March 2023, the adversary is  known to be active  since at least June 2022, singling out various state-owned entities in the Commonwealth of Independent States (CIS) countries. Slovak cybersecurity firm ESET is tracking the activity under the name  SturgeonPhisher . YoroTrooper's at...
c
Expert Insights Articles Videos
Cybersecurity Resources