Researchers identified a group of loan apps that share a common framework for encrypting and exfiltrating data from a victim’s device to a command and control (C2) server using a similar HTTP endpoint infrastructure.

In today’s rapidly evolving cyber landscape, malware threats continue to adapt, employing new tactics and leveraging popular platforms to reach unsuspecting victims. One such emerging threat is the Lumma Stealer.

McAfee Labs warned of the spread of AsyncRAT through popular software cracks. Cybercriminals are disguising this malware as cracked versions of well-known software, tricking users into unknowingly installing a sophisticated remote access trojan.

A new mobile malware called SpyAgent has been uncovered by McAfee's Mobile Research Team. This malware targets mnemonic keys used for cryptocurrency wallets by scanning for images containing them on your device.

McAfee Labs has uncovered a unique malware delivery method called the “Clickfix” infection chain, which starts with users being directed to compromised websites and instructed to paste a script into a PowerShell terminal.

McAfee Mobile Research Team found an Android malware that pretends to be the official app of Bahrain and advertises that users can renew or apply for driver’s licenses, visas, and ID cards on mobile.

Scammers exploit Instagram's influencer program to hijack users' accounts by hacking into them, posting about cryptocurrencies, and then tricking victims into providing their login credentials to "vote" for the scammer's fake influencer contest.

Researchers found a novel infection chain associated with the DarkGate malware, which is a Remote Access Trojan (RAT) developed using Borland Delphi and marketed as a Malware-as-a-Service (MaaS) offering on a Russian-language cybercrime forum.

PikaBot, along with other malicious loaders like QBot and DarkGate, heavily depends on spam campaigns for distribution. Its initial access strategies are intricately crafted, utilizing geographically targeted spam emails for specific countries.

The Xamalicious backdoor, implemented with Xamarin, targets Android devices by gaining accessibility privileges and communicating with a C2 server to download a second-stage payload, potentially enabling fraudulent actions without user consent.