North Korean hackers exploit npm packages to deploy multi-stage malware, targeting job-seeking developers

A new mobile crypto-stealing malware called SparkKitty was found in apps on Google Play and the Apple App Store, targeting Android and iOS devices.
The malware is a possible evolution of SparkCat, which Kaspersky discovered in January. SparkCat used optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from images saved on infected devices.
When installing crypto wallets, the installation process tells users to write down the wallet’s recovery phrase and store it in a secure, offline location.
The threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals.
The new feature takes the form of a “Call Lawyer” feature on the affiliate panel, per Israeli cybersecurity company Cybereason.
The development represents a newfound resurgence of the e-crime group as once-popular ransomware groups like LockBit, Black Cat, RansomHub, Everest, and BlackLock have suffered abrupt cessations, operational failures, and defacements. The group, also tracked as Gold Feather and Water Galura, has been active since October 2022.
Cybersecurity firm Radware said nearly 40% of all hacktivist DDoS activity has been directed against Israel since the onset of the latest flare-up. On June 17, the hacktivist group DieNet warned it would launch cyber-attacks at the United States should it join the conflict against Iran.
The message has since been amplified by other groups like Arabian Ghosts, Sylhet Gang, and Team Fearless, suggesting that these entities are forming a potential collaboration in cyberspace as battle rages on the ground.
“Companies are urged to take maximum vigilance. The warning signs are clear. Critical infrastructure, supply chains, and even global businesses could become collateral targets if the cyber crossfire intensifies,” said Pascal Geenens, director of threat intelligence at Radware.
“Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks,” Cloudflare’s Omer Yoachimik said. “The 7.3 Tbps attack delivered 37.4 terabytes in 45 seconds.”
Earlier this January, the web infrastructure and security company said it had mitigated a 5.6 Tbps DDoS attack aimed at an unnamed internet service provider (ISP) from Eastern Asia. The attack originated from a Mirai-variant botnet in October 2024.
Then in April 2025, Cloudflare revealed it defended against a massive 6.5 Tbps flood that likely emanated from Eleven11bot, a botnet comprising roughly 30,000 webcams and video recorders. The hyper-volumetric attack lasted about 49 seconds.
Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns.
“Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns,” PRODAFT said in a report shared with The Hacker News.
AntiDot is advertised as a “three-in-one” solution with capabilities to record the device screen by abusing Android’s accessibility services, intercept SMS messages, and extract sensitive data from third-party applications.
The campaign is suspected to be the work of a Russian-speaking threat actor owing to the presence of several artifacts written in the Russian language and the timezone of the attacker’s commits (UTC+03:00). It’s estimated that more than 1,500 devices may have fallen prey to the scheme.
“This case highlights how popular gaming communities can be exploited as effective vectors for malware distribution, emphasizing the importance of caution when downloading third-party content,” the researchers said.
“The Stargazers Ghost Network has been actively distributing this malware, targeting Minecraft players seeking mods to enhance their gameplay. What appeared to be harmless downloads were, in fact, Java-based loaders that deployed two additional stealers, capable of exfiltrating credentials and other sensitive data.”
Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack in May 2025 that peaked at 7.3 Tbps, targeting a hosting provider.
DDoS attacks flood targets with massive amounts of traffic with the sole aim to overwhelm servers and create service slowdowns, disruptions, or outages.
This new attack, which is 12% larger than the previous record, delivered a massive data volume of 37.4 TB in just 45 seconds. This is the equivalent of about 7,500 hours of HD streaming or 12,500,000 jpeg photos.