A new warning documents an ongoing campaign by Chinese hackers making use of the sophisticated BRICKSTORM malware to target public sector organizations and IT companies for long-term espionage purposes. The average dwell time for these documented breaches is a little over a year.
Google's report of novel AI-enabled malware in the wild is a game changer if these capabilities are now being picked up by sophisticated attackers. It identifies two specific new malware families, "PROMPTFLUX" and "PROMPTSTEAL," that are the first to incorporate a "just in time" dynamic function creation feature that draws on an LLM.
A new Russia-based family of malware has been observed using a large language model (LLM) to issue commands on compromised systems in real time, which can potentially improve attacker capability by allowing them to shift tactics during an attack without having to introduce new payloads.
The malware that the researchers were able to coax out of DeepSeek was rudimentary and required some manual code editing to make it functional. But the incident demonstrates that the guardrails preventing malicious behavior in generative AI systems remain thin.
Security researchers have discovered a network of over 3,000 GitHub accounts involved in an extensive malware distribution campaign.
A Europol-headed law enforcement operation has put a serious dent in the dropper malware ecosystem, disrupting the botnets that these dropper systems rely on to function, with over 100 servers and 2,000 domains impacted across about a dozen countries.
It’s no secret that banking applications – both traditional and emerging fintech apps – still remain a prime target for financially-motivated cyberattacks. Cybercriminals are money-motivated, targeting the applications and institutions with the potential for the highest reward.
The self-replicating malware's name refers back to the infamous "Morris worm" that tore through the early version of the internet in the late 80s. Morris II focuses on tricking GenAI into turning input into malicious output and spreading it.
The Inferno Drainer malware that plagued the crypto world throughout 2023 ultimately compromised about 130,000 victims and stole about $87 million in total, according to a new report from Group-IB. It was part of a broader movement of "crypto drainer" services that some security experts believe is poised to become the next big thing in cybercrime in 2024.
The long-running Qakbot malware botnet was disrupted by international law enforcement action in August, but its operators appear to still have some capability and are continuing to run spam email campaigns that attempt to pass ransomware.










