Netcrook
Malware & Botnets / North America
Go-Fluent, Memory-Only, and Built for Theft: Why This Loader Matters
A Go-written loader that runs payloads in memory is a reminder that cybercrime often wins through reuse, not originality.
AI Lures, PowerShell Moves: Fake Claude Code Guides Become a Windows Trap for AsyncRAT
AI-branded decoys, Windows scripting, and Defender exclusions form a familiar abuse chain that ends with AsyncRAT.
When Home IPs Become a Cloak: Why Botnets Love Residential Proxies
DNS telemetry tied to Kimwolf-related activity shows how consumer-looking proxy layers can blur the line between ordinary traffic and hostile infrastructure.
Fake Mac Installers Are Turning Disk Images Into a Quiet Theft Channel
Malicious DMG files are being used to lure macOS users into opening lookalike installers, a simple trick that can put passwords and other secrets at risk.
Mac Users Are Being Tricked Into Opening the Trapdoor
Weaponized DMG installers are turning a normal macOS software flow into a fast credential-theft path, with infostealers built to grab browser sessions and wallet data before defenders notice.
When a Package Install Becomes the Breach: dbmux and the New Trust Problem
A malicious npm package found inside developer tooling shows how supply-chain abuse can begin before an app even launches, turning routine installs into high-risk execution events.
Tax Lures, Hidden Payloads: Windows Users Are Being Steered Toward Memory-Resident Malware
Tax-branded phishing emails are being used to deliver in-memory malware on Windows, a tactic that shifts detection away from saved files and toward what happens after a user opens the attachment.
Fake Fixes, Real Footholds: The ClickFix Playbook Behind a New Backdoor Chain
A social-engineering lure that looks like routine troubleshooting can become the first step in a staged intrusion, with attackers aiming to plant a foothold and move laterally inside victim networks.
When a Repository Turns into a Trigger: The AI Toolchain Lesson Behind Miasma
A reported worm tied to 73 Microsoft repositories on GitHub shows how modern coding tools can turn a project open into a security event.
A Rogue npm Package Put Developer Machines in the Crosshairs
The dbmux case shows why a routine package install can become an execution event, not a passive download, with developer endpoints serving as a high-value entry point for broader supply-chain abuse.
GitHub’s 105-Second Purge Exposed a Dangerous Shortcut in the Software Supply Chain
Dozens of Microsoft-linked repositories were disabled in a rapid enforcement wave, showing how trusted developer assets can be repurposed as malware distribution points.
Fake Utility Downloads Turn Search and Chatbots Into Malware Delivery Channels
A reported cryptojacking campaign uses spoofed system utilities, manipulated search results, and AI chatbot interactions to push ScreenConnect and mining malware.
MagicAd’s Android Playbook Shows How Adware Can Sneak In Through Trusted Doors
A reported Android Trojan used background ad flooding and platform-abuse tricks to blur the line between legitimate app behavior and hidden monetization.
When a Trusted Checkout Becomes the Trap
A digital skimming campaign aimed at Magento and Adobe Commerce checkout pages shows how attackers can abuse the trust around payment brands without breaking the payment network itself.
Background Ads, Front-Loaded Risk: The Android Trojan That Survives Store Cleanup
MagicAd shows how a short-lived app listing can still leave behind a persistent monetization engine on the device, even after the catalog entry disappears.
When a Tiny Python Hook Becomes a Supply-Chain Tripwire
A PyPI poisoning wave tied to Hades shows how a few hidden startup lines inside package releases can turn ordinary installs into silent execution paths.
Shai-Hulud Returns With a Bigger Blast Radius Across npm and PyPI
More than 100 packages were hit in a new supply-chain wave, with Miasma and Hades emerging as the latest names in a self-propagating campaign.
Fake Banking Apps, Real NFC Risk: Android’s Old Trust Model Gets Abused Again
A phishing-led Android trojan is using lookalike banking apps and user-approved sideloading to push NFC card-data theft into ordinary mobile workflows.
Weedhack Turns Minecraft Curiosity Into a Credential-Grabging Business
A subscription-style malware operation tied to Minecraft lures shows how fake mod sites, search poisoning, and social promotion can be turned into a repeatable theft pipeline.
Inside the Minecraft Mod Trap: How a Cheap Malware Kit Turns Playtime Into Account Theft
A subscription malware campaign tied to Minecraft mods shows how game communities can be turned into delivery channels for credential theft and privacy abuse.