#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Maximizing Efficiency and Security in Government Cloud Environments

Infostealer | Breaking Cybersecurity News | The Hacker News

Category — Infostealer
Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique

Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique

May 23, 2025 Cryptocurrency / Malware
The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. "The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk," Expel said in a report shared with The Hacker News. "This removes many opportunities for browsers or security tools to detect or block the malware." Latrodectus, believed to be a successor to IcedID, is the name given to a malware that acts as a downloader for other payloads, such as ransomware. It was first documented by Proofpoint and Team Cymru in April 2024.
Customer Account Takeovers: The Multi-Billion Dollar Problem You Don’t Know About

Customer Account Takeovers: The Multi-Billion Dollar Problem You Don't Know About

Apr 30, 2025 Malware / Data Breach
Everyone has cybersecurity stories involving family members. Here's a relatively common one. The conversation usually goes something like this:  "The strangest thing happened to my streaming account. I got locked out of my account, so I had to change my password. When I logged back in, all my shows were gone. Everything was in Spanish and there were all these Spanish shows I've never seen before. Isn't that weird?" This is an example of an account takeover attack on a customer account. Typically what happens is that a streaming account is compromised, probably due to a weak and reused password, and access is resold as part of a common digital black market product, often advertised as something like "LIFETIME STREAMING SERVICE ACCOUNT - $4 USD." In the grand scheme of things, this is a relatively mild inconvenience for most customers. You can reset your credentials with a much stronger password, call your bank to issue a new credit card and be back to binge-watching The Crown i...
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

Sep 30, 2024 Identity Theft / Phishing Attack
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this , as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).  Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn't a new technique – so what's changed? Session hijacking has a new look When we think of the classic example of session hijacking, we think of old-school Man-in-the-Middle (MitM) attacks that involved snooping on unsecured local network traffic to capture credentials or, more commonly, financial details like credit card data. Or, by conducting client-side attacks compromising a webpage, running malicious JavaScript and using cross-site scripting (XSS) to steal the victim's session ID.  Session hijacking looks quite different these days. No longer network-based, modern session hijacking is an identity-based att...
cyber security

Navigating the Maze: How to Choose the Best Threat Detection Solution

websiteSygniaThreat Detection / Cybersecurity
Discover how to continuously protect your critical assets with the right MDR strategy. Download the Guide.
cyber security

Phishing Response Automation Playbook: Reduce Security Analysts' Time on Phishing Alerts

websiteUnderdefensePhishing Protection / Incident Response
Automate your phishing detection and response: from identifying phishing emails to conducting impact analysis and remediation. This playbook includes a phishing response checklist and a step-by-step guide for handling detected phishing emails.
10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

Jul 15, 2024 Cyber Crime / Data Protection
Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that's basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we slowly learning its full destructive potential. In this article, we will describe how the entire cybercriminal ecosystem operates, the ways various threat actors exploit data originating from it, and most importantly, what you can do about it. Let's start with what infostealer malware actually is. As the name suggests, it's malware that... steals data. Depending on the specific type, the information it extracts might differ slightly, but most will try to extract the following: Cryptocurrency wallets Bank account information and saved credit card details Saved passwords from various apps Bro...
Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

Jun 19, 2024 Cybercrime / Cryptocurrency
A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft. The attack chains involve the use of a purported virtual meeting software named Vortax (and 23 other apps) that are used as a conduit to deliver Rhadamanthys , StealC , and Atomic macOS Stealer (AMOS), Recorded Future's Insikt Group said in an analysis published this week. "This campaign, primarily targeting cryptocurrency users, marks a significant rise in macOS security threats and reveals an expansive network of malicious applications," the cybersecurity company noted , describing markopolo as "agile, adaptable, and versatile." There is evidence connecting the Vortax campaign to prior activity that leveraged trap phishing techniques to target macOS and Windows users via Web3 gaming lures. A crucial aspect of the malicious o...
New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

Apr 21, 2024 Malware / Cryptocurrency
A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server  IP address  has been previously identified as associated with the malware. RedLine Stealer,  first documented  in March 2020, is typically delivered via email and malvertising campaigns, either directly or via  exploit kits  and loader malware like  dotRunpeX  and  HijackLoader . The off-the-shelf malware is capable of harvesting information from cryptocurrency wallets, VPN software, and web browsers, such as saved credentials, autocomplete data, credit card information, and geolocations based on the victims' IP addresses. Over the years, RedLine Stealer has been co-opted by several threat actors into their attack chains, making it a prevalent strai...
Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware

Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware

Jan 05, 2024 Network Security / Malware
Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol ( BGP ) traffic. "The Orange account in the IP network coordination center (RIPE) has suffered improper access that has affected the browsing of some of our customers," the company  said  in a message posted on X (formerly Twitter). However, the company emphasized no personal data was compromised and that the incident only affected some browsing services. The threat actor, who goes by the name Ms_Snow_OwO on X,  claimed  to have gained access to Orange Spain's RIPE account. RIPE is a regional Internet registry ( RIR ) that oversees the allocation and registration of IP addresses and autonomous system (AS) numbers in Europe, Central Asia, Russia, and West Asia. "Using the stolen account, the threat actor modified the AS number belonging to Ora...
The Alarming Rise of Infostealers: How to Detect this Silent Threat

The Alarming Rise of Infostealers: How to Detect this Silent Threat

Jul 26, 2023 Malware / Data Safety
A new study conducted by Uptycs has uncovered a stark increase in the distribution of information stealing (a.k.a. infostealer or stealer) malware. Incidents have more than doubled in Q1 2023, indicating an alarming trend that threatens global organizations. According to the new Uptycs' whitepaper,  Stealers are Organization Killers , a variety of new info stealers have emerged this year, preying on Windows, Linux, and macOS systems. Telegram has notably been used extensively by these malware authors for command, control, and data exfiltration. What is a Stealer? A stealer is a type of malware that targets its victim by stealing sensitive information that can include passwords, login credentials, and other personal data. After collecting such data, the stealer sends it to the threat actor's command and control (C2) system. RedLine and Vidar, two well-known stealers, took advantage of log-providing services to infiltrate private systems. RedLine primarily targets credenti...
ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection

ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection

Apr 28, 2023 Data Security / Malware
A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have been affected by an evasive information-stealing malware called  ViperSoftX . ViperSoftX was first documented by Fortinet in 2020, with cybersecurity company Avast detailing a campaign in November 2022 that  leveraged  the malware to distribute a malicious Google Chrome extension capable of siphoning cryptocurrencies from wallet applications. Now a  new analysis  from Trend Micro has revealed the malware's adoption of "more sophisticated encryption and basic anti-analysis techniques, such as byte remapping and web browser communication blocking." The arrival vector of ViperSoftX is typically a software crack or a key generator (keygen), while also employing actual non-malicious software like multimedia editors and system cleaner apps as "carriers." One of the key steps performed by the malware before downloading a first-stage Po...
Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques

Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques

Apr 05, 2023 Cyber Threat / Dark Web
The threat actor behind the information-stealing malware known as  Typhon Reborn  has resurfaced with an updated version (V2) that packs in improved capabilities to evade detection and resist analysis. The new version is offered for sale on the criminal underground for $59 per month, $360 per year, or alternatively, for $540 for a lifetime subscription. "The stealer can harvest and exfiltrate sensitive information and uses the Telegram API to send stolen data to attackers," Cisco Talos researcher Edmund Brumaghin  said  in a Tuesday report. Typhon was  first documented  by Cyble in August 2022, detailing its myriad features, including hijacking clipboard content, capturing screenshots, logging keystrokes, and stealing data from crypto wallet, messaging, FTP, VPN, browser, and gaming apps. Based on another stealer malware called  Prynt Stealer , Typhon is also capable of delivering the XMRig cryptocurrency miner. In November 2022, Palo Alto Network...
Expert Insights Articles Videos
Cybersecurity Resources