Malpedia Library

Click here to download all references as Bib-File.•

2026-04-08 ⋅ Black Lotus Labs ⋅ Danny Adamitis, Ryan English
FrostArmada: All thriller, no (malware) filler

2026-04-07 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

2026-04-07 ⋅ IC3 ⋅ CISA, CNMF, Department of Energy (DOE), EPA, FBI, NSA
AA26-097A: Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

2026-04-07 ⋅ NCSC UK ⋅ NCSC UK
APT28 exploit routers to enable DNS hijacking operations

2026-04-01 ⋅ cocomelonc ⋅ cocomelonc
MacOS hacking part 13: sysinfo stealer via VirusTotal API. Simple C example

2026-03-31 ⋅ Google ⋅ Adrian Hernandez, Ashley Zaya, Austin Larsen, Christopher Gardner, Dima Lenz, Michael Rudden, Mon Liclican, Tyler McLellan
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
WAVESHAPER

2026-03-29 ⋅ cocomelonc ⋅ cocomelonc
MacOS malware persistence 7: Re-opened applications. Simple C example

2026-03-26 ⋅ ANY.RUN ⋅ khr0x, raptur3
Active Magecart Campaign Targets Spain, Steals Card Data via Hijacked eStores for Bank Fraud
magecart

2026-03-26 ⋅ Rapid7 ⋅ Rapid7
BPFdoor in Telecom Networks: Sleeper Cells in the Backbone
BPFDoor tsh

2026-03-25 ⋅ ANY.RUN ⋅ Achmad Adhikara, GridGuardGhoul
Kamasers Analysis: A Multi-Vector DDoS Botnet Targeting Organizations Worldwide
Kamasers

2026-03-23 ⋅ Netomize ⋅ Mohamad Mokbel
Detect SnappyClient C&C Traffic Using PacketSmith + Yara-X Detection Module
SnappyClient

2026-03-20 ⋅ IC3 ⋅ FBI, IC3
I-032026-PSA: Russian Intelligence Services Target Commercial Messaging Application Accounts

2026-03-20 ⋅ FBI ⋅ FBI
Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets

2026-03-20 ⋅ cocomelonc ⋅ cocomelonc
MacOS malware persistence 6: PAM module injection. Simple C example

2026-03-20 ⋅ Nextron Systems ⋅ Pezier Pierre-Henri
RegPhantom Backdoor Threat Analysis
RegPhantom

2026-03-19 ⋅ cocomelonc ⋅ cocomelonc
MacOS malware persistence 5: cron jobs. Simple C example

2026-03-18 ⋅ Google ⋅ Google Threat Intelligence Group
The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors
GHOSTBLADE

2026-03-17 ⋅ Hunt.io ⋅ Hunt.io
Iranian Botnet Exposed via Open Directory: 15-Node Relay Network and Active C2

2026-03-16 ⋅ Ransom-ISAC ⋅ François-Julien Alcaraz, Yashraj Solanki
Contagious Interview: VS Code to RAT
StoatWaffle

2026-03-12 ⋅ Gdata ⋅ John Dador
Endgame Harvesting: Inside ACRStealer’s Modern Infrastructure
ACR Stealer