Netcrook
Malware & Botnets
Go-Fluent, Memory-Only, and Built for Theft: Why This Loader Matters
A Go-written loader that runs payloads in memory is a reminder that cybercrime often wins through reuse, not originality.
Overlay Tricks, In-Memory Execution, and the Loader Behind Multiple Stealers
GoFlateLoader stands out not for flashy evasion, but for a simple packaging pattern that helps multiple infostealers reach the execution stage.
OnyxC2 Turns Windows Tricks Into a Low-Cost Stealer Economy
Researchers describe a $250-a-month malware package built around broad application targeting and familiar Windows evasion tactics, a reminder that commodity theft is becoming more technically disciplined.
AI Lures, PowerShell Moves: Fake Claude Code Guides Become a Windows Trap for AsyncRAT
AI-branded decoys, Windows scripting, and Defender exclusions form a familiar abuse chain that ends with AsyncRAT.
When Home IPs Become a Cloak: Why Botnets Love Residential Proxies
DNS telemetry tied to Kimwolf-related activity shows how consumer-looking proxy layers can blur the line between ordinary traffic and hostile infrastructure.
BLUERABBIT Turns a Windows Foothold Into a Destructive Toolkit
A Golang backdoor tied to Windows environments now stands out for combining theft, file encryption, and wiping logic in one intrusion package.
Fake Mac Installers Are Turning Disk Images Into a Quiet Theft Channel
Malicious DMG files are being used to lure macOS users into opening lookalike installers, a simple trick that can put passwords and other secrets at risk.
BLUERABBIT Blends Theft, Encryption, and Wiping in One Windows Intrusion Tool
The Golang-based backdoor is reported to combine remote access, reconnaissance, cloud-assisted exfiltration, file encryption, and destructive disk wiping on Windows hosts.
Mac Users Are Being Tricked Into Opening the Trapdoor
Weaponized DMG installers are turning a normal macOS software flow into a fast credential-theft path, with infostealers built to grab browser sessions and wallet data before defenders notice.
Hijacked Edge Devices Are Turning into the Internet’s Quiet Scouting Grid
JDY has reappeared as a centrally controlled scanner across more than 1,500 SOHO and IoT devices, showing how compromised edge hardware can be repurposed for fast reconnaissance.
Relay Nets That Refuse to Die: The JDY Botnet and the Edge-Device Problem
A botnet tied to roughly 1,500 compromised devices shows how exposed infrastructure can outlast disruption and keep serving as a covert relay layer.
When a Package Install Becomes the Breach: dbmux and the New Trust Problem
A malicious npm package found inside developer tooling shows how supply-chain abuse can begin before an app even launches, turning routine installs into high-risk execution events.
Tax Lures, Hidden Payloads: Windows Users Are Being Steered Toward Memory-Resident Malware
Tax-branded phishing emails are being used to deliver in-memory malware on Windows, a tactic that shifts detection away from saved files and toward what happens after a user opens the attachment.
ClickFix Turns a Simple Copy-Paste Into a Backdoor Staging Ground
A social-engineering chain is being used to drop MLTBackdoor through user-run commands and disposable infrastructure, creating the kind of foothold that can support later ransomware activity.
Fake Fixes, Real Footholds: The ClickFix Playbook Behind a New Backdoor Chain
A social-engineering lure that looks like routine troubleshooting can become the first step in a staged intrusion, with attackers aiming to plant a foothold and move laterally inside victim networks.
When a Repository Turns into a Trigger: The AI Toolchain Lesson Behind Miasma
A reported worm tied to 73 Microsoft repositories on GitHub shows how modern coding tools can turn a project open into a security event.
A Rogue npm Package Put Developer Machines in the Crosshairs
The dbmux case shows why a routine package install can become an execution event, not a passive download, with developer endpoints serving as a high-value entry point for broader supply-chain abuse.
GitHub’s 105-Second Purge Exposed a Dangerous Shortcut in the Software Supply Chain
Dozens of Microsoft-linked repositories were disabled in a rapid enforcement wave, showing how trusted developer assets can be repurposed as malware distribution points.
Fake Utility Downloads Turn Search and Chatbots Into Malware Delivery Channels
A reported cryptojacking campaign uses spoofed system utilities, manipulated search results, and AI chatbot interactions to push ScreenConnect and mining malware.
MagicAd’s Android Playbook Shows How Adware Can Sneak In Through Trusted Doors
A reported Android Trojan used background ad flooding and platform-abuse tricks to blur the line between legitimate app behavior and hidden monetization.