Author: Declan Murphy
Safety researchers at Kaspersky have recognized BeatBanker, a dual-mode Android Trojan, concentrating on customers by way of a faux Google Play Retailer. Uncover how this malware makes use of silent audio loops to remain hidden whereas stealing cryptocurrency. In case your Android telephone has been feeling sluggish or working unusually scorching currently, the perpetrator may be a weird new malware that makes use of music to remain hidden. Safety consultants at Kaspersky’s analysis unit Securelist have been monitoring a Trojan they’ve named BeatBanker, and it’s one of many extra artistic bits of monetary exploitation we’ve seen shortly. At the moment…
Ravie LakshmananMar 11, 2026Cybercrime / Synthetic Intelligence Meta on Wednesday mentioned it disabled over 150,000 accounts related to rip-off facilities in Southeast Asia as a part of a coordinated effort in partnership with authorities from Thailand, the U.S., the U.Okay., Canada, Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia. The trouble additionally led to 21 arrests made by the Royal Thai Police, the corporate mentioned. The motion builds upon a pilot initiative in December 2025 that resulted in Meta eradicating 59,000 accounts, Pages, and Teams from its platforms and 6 arrest warrants. “On-line scams have change into considerably…
BeatBanker is a brand new Android malware marketing campaign focusing on customers in Brazil, combining banking fraud, crypto‑mining, and, in its newest wave, full machine takeover by way of a RAT. It spreads virtually fully by phishing pages that mimic the Google Play Retailer and trick victims into putting in weaponized APKs disguised as legit apps and updates. The operation begins on a counterfeit app retailer hosted at cupomgratisfood[.]store that visually mimics Google Play. There, victims are lured with an app known as “INSS Reembolso,” posing as Brazil’s official social safety portal for advantages, statements and repair requests. By abusing…
Satnam Narang, senior employees analysis engineer at Tenable, commented on the repair for Azure Mannequin Context Protocol (MCP) instruments. “This bug is a server-side request forgery,” he mentioned in an e mail, “so an attacker may exploit it by sending a request to a susceptible Azure MCP Server. However exploitation requires that the server settle for user-provided parameters. “MCP servers have change into extraordinarily fashionable for connecting massive language fashions and agentic AI functions,” he famous, “and with the rise of instruments like OpenClaw and different brokers, it has change into much more essential to safe these instruments from cybercriminals.”…
ShinyHunters, the infamous group of hackers, has issued a ultimate warning to roughly 400 organisations, claiming to have efficiently damaged into their non-public information. The group is threatening to leak this delicate info onto the web except their extortion calls for are met. In accordance with earlier analysis agency Mandiant, the hackers are particularly focusing on web sites constructed utilizing Salesforce Expertise Cloud, a preferred instrument companies use to create public portals and assist centres. How the Data Was Taken The problem centres on how these web sites are arrange for public use. Salesforce gives a visitor consumer profile in…
Ravie LakshmananMar 10, 2026Database Safety / Vulnerability Cybersecurity researchers have disclosed 9 cross-tenant vulnerabilities in Google Looker Studio that might have permitted attackers to run arbitrary SQL queries on victims’ databases and exfiltrate delicate information inside organizations’ Google Cloud environments. The shortcomings have been collectively named LeakyLooker by Tenable. There isn’t a proof that the vulnerabilities had been exploited within the wild. Following accountable disclosure in June 2025, the problems have been addressed by Google. The record of safety flaws is as follows – “The vulnerabilities broke basic design assumptions, revealed a brand new assault class, and will have allowed…
A brand new Android Distant Entry Trojan (RAT) named SurxRAT, which is being offered as a business malware platform via a Telegram-based malware‑as‑a‑service (MaaS) ecosystem. The malware, marketed underneath the SURXRAT V5 branding, permits cybercriminals to create custom-made Android malware builds able to surveillance, credential theft, distant gadget management, and ransomware-style gadget locking. The malware seems to be operated by an Indonesian risk actor who promotes the platform via Telegram channels, concentrating on aspiring cybercriminals who need prepared‑to‑deploy Android assault instruments. Not like conventional malware campaigns the place operators conduct assaults themselves, SurxRAT follows a business affiliate mannequin. The developer…
He identified that “.arpa” queries are usually pointer (PTR) queries for reverse lookups. Within the malicious queries, regular handle (A or AAAA) queries might be used. The hostname may even be atypical. A traditional in-addr.arpa hostname has a really particular format, with an IP handle adopted by the in-addr.arpa suffix. The rest with that suffix needs to be blocked, or a minimum of alerted on, he stated. “It’s an excellent, old skool transfer to seek out vulnerabilities within the complexity of the evolution of the web,” stated David Shipley, head of Canadian safety consciousness coaching supplier Beauceron Safety. “To determine…
Australia, New Zealand, Tonga, Warn of Rising INC Ransom Assaults Concentrating on Pacific Networks ACSC, NCSC, and CERT Tonga warn of rising INC Ransom exercise focusing on healthcare and organizations throughout Australia, New Zealand, and Pacific states. Cybersecurity businesses throughout the Pacific area are sharing issues in regards to the ransomware group INC Ransom’s increasing actions and the rising affect of its affiliate community. A joint advisory issued by the Australian Cyber Safety Centre (ACSC), Nationwide Pc Emergency Response Staff Tonga (CERT Tonga), and the New Zealand Nationwide Cyber Safety Centre (NCSC) highlights how the INC Ransom ecosystem has develop into…
Cyber safety researchers at Menace Hunter Group say a long-running Iranian cyber espionage group has breached a number of U.S. organizations in a marketing campaign that started earlier this yr and has continued whilst geopolitical tensions escalate. The exercise has been linked to MuddyWater, an Iran-aligned superior persistent risk group believed to function beneath the nation’s Ministry of Intelligence and Safety. The hackers are recognized for cyber-espionage operations that concentrate on gaining persistent entry to networks and accumulating delicate knowledge from authorities and personal sector targets. The marketing campaign started in early February 2026 Researchers first noticed the newest wave…