QuickLens Chrome Extension Steals Crypto in ClickFix Attack
A routine browser update can quickly turn into a security disaster. That is exactly what happened when the QuickLens Chrome extension received a malicious update that transformed it into a crypto-stealing tool. The QuickLens Chrome extension originally offered Google Lens-style search features and gained around 7,000 users in the Chrome Web Store. After a change in ownership, version 5.8 introduced
Arkanix Stealer Emerges as AI-Built Malware Test
Arkanix Stealer appeared suddenly on underground forums and disappeared almost as quickly. Security researchers describe it as a short-lived infostealer that likely relied on AI-assisted development techniques. Although the campaign did not last long, Arkanix Stealer highlights how rapidly cybercriminals can now build and test new malware strains. Researchers first observed the malware being promoted through dark web channels, complete
AMOS Infostealer Exploits AI Trust to Target macOS Users
A growing malware campaign is targeting macOS users by abusing the popularity of artificial intelligence tools and online search results. The threat centers on AMOS, short for Atomic macOS Stealer, an infostealer designed to harvest sensitive data from Apple systems. Instead of relying on traditional phishing emails or software cracks, attackers are now embedding malware within seemingly helpful AI-related content
Mustang Panda Infostealers Expand CoolClient Backdoor
Mustang Panda infostealers are now playing a central role in the Chinese-linked threat actor’s espionage campaigns, marking a clear shift in how the group extracts value from compromised systems. Recent research shows that the CoolClient backdoor has evolved beyond basic remote access and now includes dedicated data-stealing capabilities. This development raises the risk profile of CoolClient infections, especially for government
SantaStealer Malware Targets Browsers and Crypto Wallets
SantaStealer malware has emerged as a new information-stealing threat that focuses on browser data and cryptocurrency wallets, using fake software installers to trick users into executing a malicious Windows payload. Once launched, the malware operates quietly in the background, harvesting sensitive information that attackers can quickly convert into financial gain. Rather than relying on persistence or advanced evasion, SantaStealer reflects
Rhadamanthys Infostealer Disruption Shakes Cybercrime Market
The Rhadamanthys infostealer disruption has sent shockwaves through the cybercrime world. In early November 2025, operators and paying "customers" suddenly lost access to their web panels and servers. SSH logins switched to certificate-only mode without warning, leaving hackers locked out of their own tools. This abrupt shutdown may indicate a coordinated law enforcement action, potentially linked to Europe’s ongoing Operation
Fake Microsoft Teams Installers Push Oyster Malware in Malvertising Attack
Fake Microsoft Teams installers push Oyster malware through a new malvertising campaign. Cybercriminals exploit paid ads to trick people into downloading malware instead of legitimate software. By imitating Microsoft’s trusted collaboration platform, attackers increase the chances of success. This campaign is especially concerning because Microsoft Teams is a core tool for remote work and daily business communication. Employees often search
TamperedChef Infostealer Hides in Fake PDF Editing App
The TamperedChef infostealer has emerged as a serious threat, hiding inside a fraudulent PDF editor promoted through Google Ads. This deceptive campaign tricked users into downloading an app that appeared legitimate, only to later activate malicious features. With delayed activation and credential theft, the campaign shows how cybercriminals continue to evolve their tactics. Malvertising and the Fake PDF Tool Attackers
Lumma Infostealer Returns After Global Takedown
The Lumma infostealer malware has made a swift comeback after a coordinated takedown effort by global law enforcement agencies in May 2025. Despite the seizure of over 2,300 domains and major disruption to its infrastructure, the malware-as-a-service (MaaS) platform has bounced back with new distribution tactics and restored capabilities. Major Disruption, Minor Setback Lumma, also known as LummaC2, was targeted
Steam Malware Attack Targets Chemia Early Access Game
Hackers have compromised the early access Steam game Chemia, injecting it with info-stealing malware and endangering unsuspecting players. The attack marks the third major Steam-related malware campaign in 2025, raising urgent concerns about the platform’s ability to vet developer uploads. Malware Hidden in Game Files The threat actor known as EncryptHub, also tracked as Larva‑208, tampered with the official Chemia
