Search results for stealth rust | Breaking Cybersecurity News | The Hacker News

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as credentials, browser information, and cryptocurrency wallet details," Elastic Security Labs researcher Jia Yu Chan said in an analysis. The attack chains begin with threat actors compromising legitimate websites with malicious JavaScript payloads that serve bogus CAPTCHA check pages, which prompt site visitors to "prove you are not [a] robot" by following a three-step process, a prevalent tactic called ClickFix . This involves instructing the potential victim to open the Windows Run dialog prompt, paste an already copied command into the "verification window"...

Several ransomware actors are using a malware called Skitnet as part of their post-exploitation efforts to steal sensitive data and establish remote control over compromised hosts. "Skitnet has been sold on underground forums like RAMP since April 2024," Swiss cybersecurity company PRODAFT told The Hacker News. "However, since early 2025, we have observed multiple ransomware operators using it in real-world attacks."  "For example, in April 2025, Black Basta leveraged Skitnet in Teams-themed phishing campaigns targeting enterprise environments. With its stealth features and flexible architecture, Skitnet appears to be gaining traction rapidly within the ransomware ecosystem." Skitnet , also called Bossnet , is a multi-stage malware developed by a threat actor tracked by the company under the name LARVA-306. A notable aspect of the malicious tool is that it uses programming languages like Rust and Nim to launch a reverse shell over DNS and evade detecti...

The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools. "These attacks highlight a notable shift in Tomiris's tactics, namely the increased use of implants that leverage public services (e.g., Telegram and Discord) as command-and-control (C2) servers," Kaspersky researchers Oleg Kupreev and Artem Ushkov said in an analysis. "This approach likely aims to blend malicious traffic with legitimate service activity to evade detection by security tools." The cybersecurity company said more than 50% of the spear-phishing emails and decoy files used in the campaign used Russian names and contained Russian text, indicating that Russian-speaking users or entities were the primary focus. The spear-phishing emails have also targeted Turkmenistan, Kyrgyzstan, Tajikistan, and Uzbekistan using tailored...

Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that's being propagated via fraudulent gaming websites. "Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background," Trellix security researchers Niranjan Hegde, Vasantha Lakshmanan Ambasankar, and Adarsh S said in an analysis. The stealer, initially marketed on Telegram for free under beta in late December 2024, has since transitioned to a malware-as-a-service (MaaS) model. It's equipped to steal passwords, cookies, and autofill information from both Chromium- and Gecko-based browsers, such as Google Chrome, Microsoft Edge, Brave, Opera, Vivaldi, and Mozilla Firefox. The operators of the malware have been found maintaining a number of Telegram channels to advertise the sale of compromised accounts as well as provide testimonials of their service. The...

The Pakistan-nexus  Transparent Tribe  actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 2024 and is anticipated to persist," the BlackBerry Research and Intelligence Team  said  in a technical report published early last week. The spear-phishing campaign is also notable for its abuse of popular online services such as Discord, Google Drive, Slack, and Telegram, once again underscoring how threat actors are  adopting legitimate programs  into their attack flows. According to BlackBerry, the targets of the email-based attacks included three companies that are crucial stakeholders and clients of the Department of Defense Production ( DDP ). All the three companies targeted are headquartered in the Indian city of Bengaluru. While the names of the firms were not disclosed, i...

If this had been a security drill, someone would've said it went too far. But it wasn't a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late. This is how attacks happen now—quiet, convincing, and fast. Defenders aren't just chasing hackers anymore—they're struggling to trust what their systems are telling them. The problem isn't too few alerts. It's too many, with no clear meaning. One thing is clear: if your defense still waits for obvious signs, you're not protecting anything. You're just watching it happen. This recap highlights the moments that mattered—and why they're worth your attention. ⚡ Threat of the Week APT41 Exploits Google Calendar for Command-and-Control — The Chinese state-sponsored threat actor known as APT41 deployed a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2). Google said it observed the spear-phishing attacks in October 2024 and that the malware was hosted on...

This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there's a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small. Meanwhile, law enforcement has scored wins against some shady online marketplaces, and technology giants are racing to patch problems before they become a full-blown crisis. If you've been too busy to keep track, now is the perfect time to catch up on what you may have missed. ⚡ Threat of the Week Cleo Vulnerability Comes Under Active Exploitation — A critical vulnerability (CVE-2024-50623) in Cleo's file transfer software—Harmony, VLTrader, and LexiCom—has been actively exploited by cybercriminals , creating major security risks for organizations worldwide. The flaw enables attackers to execute code remotely without authorization...

What if attackers aren't breaking in—they're already inside, watching, and adapting? This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn't just the breach—it's not knowing who's still lurking in your systems. If your defenses can't adapt quickly, you're already at risk. Here are the key cyber events you need to pay attention to this week. ⚡ Threat of the Week Lemon Sandstorm Targets Middle East Critical Infra — The Iranian state-sponsored threat group tracked as Lemon Sandstorm targeted an unnamed critical national infrastructure (CNI) in the Middle East and maintained long-term access that lasted for nearly two years using custom backdoors like HanifNet, HXLibrary, and NeoExpressRAT. The activity, which lasted from at least May 2023 to February 2025, entailed "extensive es...

The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed  Sphynx  and announced in February 2023, packs a "number of updated capabilities that strengthen the group's efforts to evade detection," IBM Security X-Force said in a new analysis. The "product" update was  first highlighted  by vx-underground in April 2023. Trend Micro, last month,  detailed  a Linux version of Sphynx that's "focused primarily on its encryption routine." BlackCat , also called ALPHV and Noberus, is the first Rust-language-based ransomware strain spotted in the wild. Active since November 2021, it has emerged as a formidable ransomware actor, victimizing  more than 350 targets  as of May 2023. The group, like other ransomware-as-a-service (RaaS) offerings, is  known  to operate a double extortion scheme,...