Netcrook
Malware & Botnets
ClickFix Campaign Adds a Proxy Layer With Decade-Old PySoxy
A newly observed ClickFix intrusion chain is described as moving beyond a single pasted PowerShell command by adding an open-source Python SOCKS5 proxy into the mix.
When Signed Drivers Become the Weapon: The BYOVD Path into Ransomware
A Windows trust mechanism meant to protect endpoints can be turned against them, letting attackers use vulnerable drivers to undermine security controls before ransomware takes hold.
Fake Download Pages Turned Routine SSH Searches into a Malware Trap
Lookalike FinalShell and Xshell sites, paired with poisoned search results, turned an ordinary software hunt into a delivery path for Kong RAT.
Search Results Became the Trap: Fake Admin Tool Downloads Pushed Kong RAT
A malware campaign reportedly turned routine searches for FinalShell and Xshell into a delivery path for Kong RAT, showing how trust in download pages can become an entry point for remote control.
When a Home Laptop Becomes the Key to Corporate Systems
Infostealer malware on personal devices is less about nuisance and more about identity theft: browser cookies, VPN logins, and cloud tokens can be reused against business systems later.
Signed, Shipped, and Poisoned: The Package Pipeline That Turned Into a Credential Trap
A new Shai-Hulud wave shows how a compromised release workflow can make malicious npm and PyPI packages look trustworthy while quietly harvesting developer secrets.
Fake Claude Code Installers Turn a Developer Shortcut Into a Credential Trap
A counterfeit installer aimed at developers highlights how trusted setup habits can be repurposed into browser password and cookie theft.
When an npm Worm Starts Copying Itself, the Trust Model Becomes the Target
A new wave of malicious package activity tied to the TanStack ecosystem shows how one infected release can become a propagation engine, turning normal JavaScript dependency behavior into a supply-chain risk.
The npm Trust Trap: A Worm-Like Campaign Turns Ordinary Updates into Secret Theft
A fresh wave of compromise in the npm ecosystem shows how a single malicious package can cross from developer laptops into CI/CD pipelines, where credentials and publishing access become the real prize.
When a ZIP File Becomes the Delivery Room for a Stealer
A reported Vidar campaign shows how staged loaders, trusted utilities, and heavy obfuscation can narrow EDR visibility long enough for credential theft to happen.
TrickMo’s New Trick: Android Malware That Hides Behind Pivots, Not Just Password Theft
A newly observed TrickMo variant pairs TON-based command-and-control with SOCKS5 pivoting, a combination that can make infected Android devices harder to trace and easier to abuse.
TrickMo Returns with a Harder Edge on Android Banking and Authentication Apps
The mobile trojan’s latest form appears less interested in flashy new features and more focused on strengthening the machinery behind stealth, persistence, and device control.
Free-Content Bait Turns Into a Cross-Platform Malware Delivery Path
A lure built around free OnlyFans access is being used to spread CRPx0 across macOS and Windows, while Linux capability is reportedly still under development.
The JPEG That Wasn’t: How a Fake Image Can Open the Door to Remote Control
A file named like a harmless picture can be more than a lure; in staged malware chains, the real payload may arrive later through trusted remote-access tooling.
TrickMo Reappears as a Stealthier Android Trap for Money Apps
A fresh TrickMo variant is being tied to banking, fintech, and crypto-wallet users in parts of Europe, raising the stakes for mobile fraud even where the exact technical path is still not fully clear.
Trusted Plugins, Untrusted Payloads: The Jenkins Supply-Chain Trap Hiding in Plain Sight
A reported campaign around the Checkmarx Jenkins AST Plugin shows how security tooling itself can become a high-value target inside DevSecOps pipelines.
Official AI Python Client Reportedly Turned Into a Secret-Harvesting Trap
A backdoored release of the `mistralai` package shows how a trusted SDK can become an execution path for credential theft the moment Python loads it.
Poisoned Packages, Silent Pipelines: The TanStack npm Break-In That Put CI Secrets in the Crosshairs
A compromise affecting 84 npm packages shows how install-time code and CI credentials can collide inside the same trusted workflow.
Package Trust Turns Toxic as a New Mini Shai-Hulud Wave Hits Popular Ecosystems
A fresh supply-chain campaign linked to TeamPCP has been tied to npm and PyPI packages across several well-known projects, underscoring how easily trust in dependencies can be weaponized.
Microsoft Flags a Suspected Poisoning of Mistral AI’s Python Package
A tampered PyPI release can turn a routine dependency install into a supply-chain risk, especially when developers treat an SDK as trusted infrastructure.