Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 2

FBI: Over $20 million stolen in surge of ATM malware attacks in 2025

The FBI warned that Americans lost more than $20 million last year amid a massive surge in ATM “jackpotting” attacks, in which criminals use malware to force cash machines to dispense money.

According to a Thursday FBI flash alert, more than 700 ATM jackpotting incidents were reported last year alone in a significant spike compared to the roughly 1,900 total incidents reported across the United States since 2020.

These attacks can be carried out in minutes and target the software layer controlling an ATM’s physical hardware, using malicious tools such as the Ploutus malware. Most often, they go undetected by financial institutions and ATM operators until the cash is already gone.

Japanese tech giant Advantest hit by ransomware attack

Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data.

Preliminary investigation results revealed that an intruder gained access to certain parts of the company’s network on February 15.

Tokyo-based Advantest is a global leader in testing equipment for semiconductors, measuring instruments, digital consumer products, and wireless communications equipment.

PayPal discloses data breach that exposed user info for 6 months

PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year.

The incident affected the PayPal Working Capital (PPWC) loan app, which provides small businesses with quick access to financing.

PayPal discovered the breach on December 12, 2025, and determined that customers’ names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth had been exposed since July 1, 2025.

Hackers target Microsoft Entra accounts in device code vishing attacks

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts.

Unlike previous attacks that utilized malicious OAuth applications to compromise accounts, these campaigns instead leverage legitimate Microsoft OAuth client IDs and the device authorization flow to trick victims into authenticating.

This provides attackers with valid authentication tokens that can be used to access the victim’s account without relying on regular phishing sites that steal passwords or intercept multi-factor authentication codes.

PromptSpy is the first known Android malware to use generative AI at runtime

Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google’s Gemini model to adapt its persistence across different devices.

In a report today, ESET researcher Lukas Stefanko explains how a new Android malware family named “PromptSpy” is abusing the Google Gemini AI model to help it achieve persistence on infected devices.

“In February 2026, we uncovered two versions of a previously unknown Android malware family,” explains ESET.

Police arrests 651 suspects in African cybercrime crackdown

African law enforcement agencies arrested 651 suspects and recovered over $4.3 million in a joint operation targeting investment fraud, mobile money scams, and fake loan applications.

As INTERPOL revealed on Wednesday, Operation Red Card 2.0 identified 1,247 victims between December 8 and January 30 while targeting cybercrime operations linked to over $45 million in financial losses.

Authorities across 16 countries also seized 2,341 devices and took down 1,442 malicious websites, domains, and servers during this joint action coordinated by the African Joint Operation against Cybercrime (AFJOC).

/* */