Cybercrime/malcode – Lifeboat News: The Blog

Dec 17
2025

Cyberattack disrupts Venezuelan oil giant PDVSA’s operations

Petróleos de Venezuela (PDVSA), Venezuela’s state-owned oil company, was hit by a cyberattack over the weekend that disrupted its export operations.

Dec 17
2025

Cellik Android malware builds malicious versions from Google Play apps

A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed it in any app available on the Google Play Store.

Specifically, attackers can select apps from Android’s official app store and create trojanized versions that appear trustworthy and keep the real app’s interface and functionality.

By providing the expected capabilities, Cellik infections can go unnoticed for a longer time. Additionally, the seller claims that bundling the malware this way may help bypass Play Protect, although this is unconfirmed.

Dec 16
2025

Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

Researchers report phishing emails in Russia using ISO attachments to deploy Phantom Stealer against finance and related sectors.

Dec 16
2025

VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

Cybersecurity, ransomware, malware, encryption, cybercrime, linux, windows, telegram, data recovery

Dec 16
2025

Kali Linux 2025.4 released with 3 new tools, desktop updates

Kali Linux has released version 2025.4, its final update of the year, introducing three new hacking tools, desktop environment improvements, the preview of Wifipumpkin3 in NetHunter, and enhanced Wayland support.

Kali Linux is a distribution designed for cybersecurity professionals and ethical hackers to perform red-teaming, penetration testing, security assessments, and network research.

The distribution is available as an installable operating system or a live environment and supports a wide range of hardware, including Raspberry Pi devices and compatible Android phones through Kali NetHunter.

Dec 13
2025

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

PyStoreRAT spreads via fake GitHub tools using small Python or JavaScript loaders to fetch HTA files and install a modular RAT.

Dec 13
2025

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

Researchers detail new AI and phishing kits that steal credentials, bypass MFA, and scale attacks across major services.

Dec 12
2025

NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems

Researchers detail NANOREMOTE, a Windows backdoor using Google Drive API for covert control and data theft.

Dec 11
2025

WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor

WIRTE expands AshTag espionage operations, using phishing & DLL sideloading to target Middle East govts with persistent intelligence-gathering attacks

Dec 11
2025

Active Attacks Exploit Gladinet’s Hard-Coded Keys for Unauthorized Access and Code Execution

Huntress is warning of a new actively exploited vulnerability in Gladinet’s CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations so far.

“Threat actors can potentially abuse this as a way to access the web.config file, opening the door for deserialization and remote code execution,” security researcher Bryan Masters said.

The use of hard-coded cryptographic keys could allow threat actors to decrypt or forge access tickets, enabling them to access sensitive files like web.config that can be exploited to achieve ViewState deserialization and remote code execution, the cybersecurity company added.