All CosmicBytez Labs articles tagged #Infostealer, across news, security advisories, how-to guides, and projects.
Group-IB researchers discovered ClickLock, a new macOS infostealer distributed via ClickFix lures that terminates all visible system processes in a loop until the victim surrenders their login password — with zero AV detections at discovery.
Group-IB researchers discovered ClickLock, a macOS infostealer that uses ClickFix social engineering to install a kill loop firing pkill every 210ms — trapping victims into surrendering their system password to restore their desktop.
The popular jscrambler npm package was hijacked in version 8.14.0, silently dropping and executing a cross-platform Rust-based infostealer via a malicious...
Kaspersky researchers have detailed a new campaign by Armored Likho — a threat actor overlapping with Eagle Werewolf — deploying modular RATs and the...
Kaspersky has identified a previously undocumented APT group — Armored Likho (aka Eagle Werewolf) — deploying an AI-assisted Python infostealer called...
Jamf Threat Labs has discovered PamStealer, a sophisticated two-stage macOS infostealer that impersonates the Maccy clipboard manager, delivers a...
A Microsoft Defender zero-day fuels ransomware before any patch exists; researchers dissect how syndicate groups run HR departments and tiered pricing;...
Hackers are actively exploiting CVE-2026-48558 in SimpleHelp remote support software to deploy Djinn Stealer, a previously undocumented cross-platform...
Attackers poisoned at least 18 npm and Go packages with a novel technique: hiding malware in .vscode/tasks.json auto-run tasks, bypassing npm v12's...
Microsoft and Europol dismantled both StealC and Amadey simultaneously in a single RICO filing — the first time a court-authorized takedown has targeted...
A coordinated law enforcement operation backed by Bitdefender, Bitsight, ESET, and Microsoft has dismantled the infrastructure powering Amadey and StealC,...
Elastic Security Labs has uncovered OXLOADER, a sophisticated new malware loader using malvertising via Google Ads to target developers searching for...
A newly detailed malware family called CryptoBandits routes all traffic through a local SOCKS5 proxy and the Tor network, blending credential theft with...
Two distinct malware campaigns have hit the npm ecosystem simultaneously — IronWorm deploys a Rust-based infostealer via 50+ poisoned packages, while a new…
Researchers have uncovered a large-scale SEO poisoning campaign that uses fake open-source and freeware project sites to funnel victims through a Traffic…
Cybersecurity researchers have uncovered a malicious npm package named codexui-android that targets developers using OpenAI Codex by masquerading as a…
Threat actors are exploiting ChatGPT's content-sharing feature to publish fake OpenAI outage pages that trick users into downloading trojanized ChatGPT…
Ukrainian cyberpolice, working with US law enforcement, identified an 18-year-old from Odesa suspected of running an infostealer malware operation that...
Cybersecurity researchers have discovered a fresh Mini Shai-Hulud supply chain attack compromising the @antv npm ecosystem through a hijacked maintainer...
Researchers have uncovered four malicious npm packages embedding infostealer malware and a Phantom Bot DDoS payload — one of which is a direct clone of...
A Flare threat intelligence analysis breaks down the REMUS infostealer — a rapidly evolving credential theft tool built around stolen browser sessions and...
A malicious repository impersonating OpenAI's "Privacy Filter" project climbed to Hugging Face's trending list and delivered information-stealing malware...
Threat actors are capitalising on the Claude Code source code leak by creating fake GitHub repositories that impersonate the leaked source to deliver...
A new report reveals how industrialized credential theft has become the common thread connecting ransomware campaigns, SaaS platform breaches, and...
Researchers have identified DeepLoad, a previously undocumented malware loader that combines ClickFix social engineering with WMI-based persistence to...
Threat actors known as TeamPCP compromised the Telnyx Python package on PyPI, uploading malicious versions that conceal credential-stealing malware inside...
A newly observed ClickFix campaign impersonates Cloudflare's CAPTCHA verification pages to deliver the Python-based Infiniti Stealer to macOS users via a...
The Trivy supply chain attack has expanded dramatically beyond GitHub Actions: malicious Docker Hub images (versions 0.69.4–0.69.6) carry an infostealer,...
The open-source Trivy security scanner was weaponized by threat actor TeamPCP in a supply chain attack that hijacked 75 release tags to deploy an...
A new infostealer named VoidStealer bypasses Chrome's Application-Bound Encryption by attaching a remote debugger to the browser process and using the...
A SmartLoader campaign distributes a trojanized Model Context Protocol (MCP) server disguised as Oura Health's legitimate tool, deploying StealC...
A Russian state-sponsored APT group dubbed ChainReaver-L compromised trusted file-sharing mirrors and 50 long-established GitHub accounts to distribute...
Threat actors are abusing publicly shared Claude AI artifacts and Google Ads to deliver the MacSync infostealer to macOS users through ClickFix social...