NGate Android Malware Steals Card Data via HandyPay
A dangerous piece of Android malware is back with a new disguise. NGate, which security researchers first identified in 2024, now poses as a legitimate NFC payment app called HandyPay. Once installed, it silently captures data from the victim's physical bank card and sends it straight to an attacker waiting at an ATM. No card theft required. The NGate Android
AgingFly Malware Hits Ukrainian Hospitals and Government
A newly discovered threat called AgingFly malware has been striking Ukrainian hospitals, emergency services, and local government bodies in a campaign that ran from March through April 2026. The attacks, identified by Ukraine's Computer Emergency Response Team (CERT-UA), are designed to steal login credentials, extract sensitive data from messaging apps, and hand attackers full remote control over infected systems. The
LucidRook Malware Targets NGOs and Universities in Taiwan
A sophisticated new threat has emerged from the cybersecurity research community's radar. LucidRook malware is the name researchers have given to a newly identified tool used in highly targeted spear-phishing attacks against non-governmental organizations and universities in Taiwan. The attacks, first observed in October 2025, were not the work of opportunistic criminals. They bear the hallmarks of a disciplined, well-resourced
Fake Claude Code Repos on GitHub Are Spreading Malware
Anthropic's accidental leak of the Claude Code source code on March 31 set off a frenzy of downloads across GitHub. Developers, researchers, and the simply curious all rushed to grab the exposed files. Criminals saw that rush and moved fast. Within 24 hours, fake GitHub repositories carrying Claude Code malware were live — and actively appearing in Google search results
NoVoice Malware Hits 2.3 Million Android Devices via Google Play
A new Android rootkit campaign called NoVoice malware has been discovered hiding inside more than 50 apps on Google Play. The apps collected at least 2.3 million downloads before being removed. Researchers warn that millions of devices may still be compromised. What Is NoVoice Malware? NoVoice malware is a rootkit. That means it burrows into the deepest layers of a
CrystalX RAT: The Malware That Spies, Steals, and Trolls You
A new piece of Windows malware is turning heads in the cybersecurity world. CrystalX RAT is a remote access Trojan discovered in early 2026. It combines spyware, credential theft, and cryptocurrency hijacking with "prankware" features. These features flip your screen, scramble your mouse buttons, and lock your keyboard, all while quietly draining your data in the background. What Is CrystalX
Perseus Android Malware Targets Your Notes App
Perseus Android malware is a newly discovered threat that goes further than most mobile banking trojans. While typical Android malware focuses on stealing login credentials or intercepting text messages, Perseus actively scans the note-taking apps on your phone, hunting for passwords, crypto wallet recovery phrases, and financial details you may have stored there for safekeeping. What Is Perseus and Where
Zombie ZIP: The Malware Trick Antivirus Tools Can’t See
A newly documented technique called Zombie ZIP allows malware to hide inside a deliberately malformed archive file, bypassing nearly every major antivirus and endpoint detection tool on the market. Security researcher Chris Aziz of Bombadil Systems discovered the technique and tested it against 51 antivirus engines on VirusTotal. It bypassed 50 of them. The CERT Coordination Center has since issued
PromptSpy Android Malware Uses Generative AI at Runtime
PromptSpy Android malware has introduced a new chapter in mobile cyber threats by integrating generative AI directly into its runtime operations. Security researchers recently identified it as the first known Android malware to actively communicate with a large language model while executing on an infected device. This shift moves AI from being a supporting tool for attackers into the core
Massiv Android Malware Spreads via Fake IPTV Apps
Massiv Android malware has emerged as a new banking threat targeting mobile users through fake IPTV applications. Attackers disguise the malware as a streaming app to trick users into installing it outside official app stores. Once active, it gives criminals deep access to infected devices and allows them to steal sensitive financial data. Security researchers observed the campaign primarily targeting
