Search results for cracked apps | Breaking Cybersecurity News | The Hacker News

Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data. Kaspersky, which identified the artifacts in the wild,  said  they are designed to target machines running macOS Ventura 13.6 and later, indicating the malware's ability to infect Macs on both Intel and Apple silicon processor architectures. The attack chains leverage booby-trapped disk image (DMG) files that include a program named "Activator" and a pirated version of legitimate software such as xScope. Users who end up opening the DMG files are urged to move both files to the Applications folder and run the Activator component to apply a supposed patch and run the xScope app. Launching Activator, however, displays a prompt asking the victim to enter the system administrator password, thereby allowing it to execute a Mach-O binary with elevated permissions in order to launch the modif...

Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses. "The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky  said  in a new report based on messages posted on online forums between 2019 and 2023. Dropper apps  are the primary means for threat actors looking to sneak malware via the Google Play Store. Such apps often masquerade as seemingly innocuous apps, with malicious updates introduced upon clearing the review process and the applications have amassed a significant user base. This is achieved by using a loader program that's responsible for injecting malware into a clean app, which is then made available for download from the app marketplace. Users who install the tampered app are prompted to grant it intrusive permiss...

Thousands of adware apps for Android have been found to masquerade as cracks or modded versions of popular applications to serve unwanted ads to users as part of a campaign ongoing since October 2022. "The campaign is designed to aggressively push adware to Android devices with the purpose to drive revenue," Bitdefender said in a technical report shared with The Hacker News. "However, the threat actors involved can easily switch tactics to redirect users to other types of malware such as banking Trojans to steal credentials and financial information or ransomware." The Romanian cybersecurity company said it has discovered 60,000 unique apps carrying the adware, with a majority of the detections located in the U.S., South Korea, Brazil, Germany, the U.K., France, Kazakhstan, Romania, and Italy. It's worth pointing out that none of the apps are distributed through the official Google Play Store. Instead, users searching for apps like Netflix, PDF viewers, se...

One of the best 3rd party Android Mobile Keyboard called ' SwiftKey ' turned into a Keylogger Trojan by an Android developer to show the possible security threat of using pirated cracked apps from from non-official App Stores, " anyone pirating Swiftkey is taking a serious risk " developer said to ' The Hacker News '. He demonstrated how to inject a Keylogger snippets of code into a legitimate Android Keyboard application that infected a mobile device with Trojan, connected with a remote server and transmitted data from the device inducing your all key logs. " Cracked copies of PC and iPhone apps can have malware as well of course but on both those platforms most software is compiled to machine code. Android apps are coded in Java and compiled to byte code that is run on the Dalvik VM and this byte code is not that hard to edit and insert back into an APK. " he explained. He developed a keylogger from SwiftKey( APK Download ), a mali...

An ongoing campaign has been found to leverage a network of websites acting as a "dropper as a service" to deliver a bundle of malware payloads to victims looking for "cracked" versions of popular business and consumer applications. "These malware included an assortment of click fraud bots, other information stealers, and even ransomware," researchers from cybersecurity firm Sophos  said  in a report published last week. The attacks work by taking advantage of a number of bait pages hosted on WordPress that contain "download" links to software packages, which, when clicked, redirect the victims to a different website that delivers potentially unwanted browser plug-ins and malware, such as installers for  Raccoon Stealer , Stop ransomware, the Glupteba backdoor, and a variety of malicious cryptocurrency miners that masquerade as antivirus solutions. "Visitors who arrive on these sites are prompted to allow notifications; If they allow th...

Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They're going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches. The real danger now isn't just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can become an entry point if it's left unpatched or overlooked. Here's a clear look at the week's biggest risks, from exploited network flaws to new global campaigns and fast-moving vulnerabilities. ⚡ Threat of the Week Flaws in Multiple Network Security Products Come Under Attack — Over the past week, Fortinet , SonicWall , Cisco , and WatchGuard said vulnerabilities in their products have been exploited by threat actors in real-world attacks. Cisco said attacks exploiting CVE-2025-20393, a critical flaw in AsyncOS, have been abused by a China-nexus advanced persistent threat (APT) actor cod...

Yesterday WikiLeaks published thousands of documents revealing top CIA hacking secrets , including the agency's ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems. It dubbed the first release as Vault 7 . Vault 7 is just the first part of leak series " Year Zero " that WikiLeaks will be releasing in coming days. Vault 7 is all about a covert global hacking operation being run by the US Central Intelligence Agency (CIA). According to the whistleblower organization, the CIA did not inform the companies about the security issues of their products; instead held on to security bugs in software and devices, including iPhones, Android phones, and Samsung TVs, that millions of people around the world rely on. One leaked document suggested that the CIA was even looking for tools to remotely control smart cars and trucks, allowing the agency to cause "accidents" which would effectively be "nearly undetectable assas...

Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. Jamf Threat Labs, which made the discovery, said the XMRig coin miner was executed by means of an unauthorized modification in Final Cut Pro, a video editing software from Apple. "This malware makes use of the Invisible Internet Project (i2p) [...] to download malicious components and send mined currency to the attacker's wallet," Jamf researchers Matt Benyo, Ferdous Saljooki, and Jaron Bradley  said  in a report shared with The Hacker News. An earlier iteration of the campaign was  documented  exactly a year ago by Trend Micro, which pointed out the malware's use of i2p to conceal network traffic and speculated that it may have been delivered as a DMG file for Adobe Photoshop CC 2019.  The Apple device management company said the source of the cryptojacking apps can be traced to Pirate Bay, with the earliest uploads dating all th...

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed  Cuckoo  by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs. The exact distribution vector is currently unclear, although there are indications that the binary is hosted on sites like dumpmedia[.]com, tunesolo[.]com, fonedog[.]com, tunesfun[.]com, and tunefab[.]com that claim to offer free and paid versions of applications dedicated to ripping music from streaming services and converting it into the MP3 format. The disk image file downloaded from the websites is responsible for spawning a bash shell to gather host information and ensuring that the compromised machine is not located in Armenia, Belarus, Kazakhstan, Russia, Ukraine. The malicious binary is executed only if the locale check is successful. It also establishes persis...

This week showed just how fast things can go wrong when no one's watching. Some attacks were silent and sneaky. Others used tools we trust every day — like AI, VPNs, or app stores — to cause damage without setting off alarms. It's not just about hacking anymore. Criminals are building systems to make money, spy, or spread malware like it's a business. And in some cases, they're using the same apps and services that businesses rely on — flipping the script without anyone noticing at first. The scary part? Some threats weren't even bugs — just clever use of features we all take for granted. And by the time people figured it out, the damage was done. Let's look at what really happened, why it matters, and what we should all be thinking about now. ⚡ Threat of the Week Silently Patched Fortinet Flaw Comes Under Attack — A vulnerability that was patched by Fortinet in FortiWeb Web Application Firewall (WAF) has been exploited in the wild since early October 2025 by threat actors to c...

This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference.  Let's take a closer look at how these efforts are shaping a safer digital world. ⚡ Threat of the Week DeepSeek's Popularity Invites Scrutiny — The overnight popularity of DeepSeek, an artificial intelligence (AI) platform originating from China, has led to extensive scrutiny of its models, with several analyses finding ways to jailbreak its system and produce malicious or prohibited content. While jailbreaks and prompt injections are a persistent concern in mainstream AI products, the findings also show that the model lacks enough protections to prevent potential abuse by malicious actors . The AI chatbot ha...

Power doesn't just disappear in one big breach. It slips away in the small stuff—a patch that's missed, a setting that's wrong, a system no one is watching. Security usually doesn't fail all at once; it breaks slowly, then suddenly. Staying safe isn't about knowing everything—it's about acting fast and clear before problems pile up. Clarity keeps control. Hesitation creates risk. Here are this week's signals—each one pointing to where action matters most. ⚡ Threat of the Week Ghost Tap NFC-Based Mobile Fraud Takes Off — A new Android trojan called PhantomCard has become the latest malware to abuse near-field communication (NFC) to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil. In these attacks, users who end up installing the malicious apps are instructed to place their credit/debit card on the back of the phone to begin the verification process, only for the card data to be sent to an attacker-controlled NFC relay...

Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that's exactly what we saw in last week's activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature, or reused login tokens. These aren't just tech issues — they're habits being exploited. Let's walk through the biggest updates from the week and what they mean for your security. ⚡ Threat of the Week Recently Patched Windows Flaw Comes Under Active Exploitation — A recently patched security flaw affecting Windows NTLM has been exploited by malicious actors to leak NTLM hashes or user passwords and infiltrate systems since March 19, 2025. The flaw, CVE-2025-24054 (CVSS score: 6.5), is a hash disclosure spoofing bug that was fixed by Microsoft last month as part of its Patch Tuesday updates...