Malpedia Library

Click here to download all references as Bib-File.•

2025-08-22 ⋅ K7 Security ⋅ Harihara Sudhan
Examining the tactics of BQTLOCK Ransomware & its variants
BQTlock

2025-08-21 ⋅ Zscaler ⋅ Himanshu Sharma
Android Document Readers and Deception: Tracking the Latest Updates to Anatsa
Anatsa

2025-08-21 ⋅ GBHackers on Security ⋅ Aman Mishra
Threat Actors Weaponize PDF Editor Trojan to Convert Devices into Proxies
TamperedChef

2025-08-21 ⋅ Swiss Post Cybersecurity ⋅ Louis Schürmann
The ClickFix Deception: How a Fake CAPTCHA Deploys an Evasive Infostealer
donut_injector

2025-08-21 ⋅ CrowdStrike ⋅ Counter Adversary Operations
MURKY PANDA: A Trusted-Relationship Threat in the Cloud

2025-08-20 ⋅ Kroll ⋅ Marc Messer, Otavio Passos, Ryan Hicks
XWORM Returns to Haunt Systems with Ghost Crypt
XWorm

2025-08-20 ⋅ HarfangLab ⋅ HarfangLab CTR
UAC-0057 keeps applying pressure on Ukraine and Poland
PicassoLoader

2025-08-19 ⋅ cocomelonc ⋅ cocomelonc
MacOS hacking part 9: shellcode injection via task_for_pid - thread hijacking. Simple C (Intel) example

2025-08-19 ⋅ The Wall Street Journal ⋅ Robert McMillan
Oregon Man Accused of Operating One of Most Powerful Attack ‘Botnets’ Ever Seen
RapperBot

2025-08-19 ⋅ IBM X-Force ⋅ Raymond Joseph Alfonso
IBM X-Force Threat Analysis: QuirkyLoader - A new malware loader delivering infostealers and RATs
QuirkyLoader

2025-08-19 ⋅ Red Canary ⋅ Chris Brook, Christina Johns, Tyler Edmonds
Patching for persistence: How DripDropper Linux malware moves through the cloud

2025-08-18 ⋅ Trellix ⋅ Alex Lanstein, Pham Duy Phuc
The Coordinated Embassy Hunt: Unmasking the DPRK-linked GitHub C2 Espionage Campaign
XenoRAT

2025-08-18 ⋅ 0x0d4y ⋅ 0x0d4y
Veletrix Loader Infection: A Look from a Digital Forensic Perspective
VELETRIX

2025-08-18 ⋅ Medium RaghavtiResearch ⋅ BeGoodToAll
Qilin Ransomware-as-a-Service: Threat Analysis and Strategic Outlook
Qilin AgendaCrypt

2025-08-18 ⋅ Trellix ⋅ Ryan Weil
A Comprehensive Analysis of HijackLoader and Its Infection Chain
HijackLoader

2025-08-16 ⋅ t0ast's blog ⋅ t0ast
Warlock Group: We're only here for SharePoint and the Lamborghinis
WarLock

2025-08-15 ⋅ cocomelonc ⋅ cocomelonc
Malware development trick 50: phishing attack using a fake login page with Telegram exfiltration. Simple Javascript example.

2025-08-15 ⋅ Bleeping Computer ⋅ Bill Toulas
Colt Telecom attack claimed by WarLock ransomware, data up for sale
WarLock

2025-08-14 ⋅ Hunt.io ⋅ Hunt.io
Hunt.io Exposes and Analyzes ERMAC V3.0 Banking Trojan Full Source Code Leak
ERMAC

2025-08-13 ⋅ Gdata ⋅ Karsten Hahn
JustAskJacky: AI causes a Trojan Horse Comeback
TamperedChef