February 10, 2026
Headlines
Home » malware » Page 4

Tag: malware

Custom illustration showing a hacker silhouette controlling cloud-service icons (OneDrive, Yandex Cloud) overlaying an IT supply chain network diagram.

APT31 Targets Russian IT via Yandex Cloud & OneDrive C2

yohanmanuja39 mins

Between 2024 and 2025, China-linked APT31 conducted a stealthy espionage campaign targeting Russian IT contractors and government integrators. The group masked its command-and-control using legitimate cloud services such as Yandex Cloud and OneDrive, deployed loaders like CloudyLoader via DLL side-loading, and maintained long dwell times within compromised networks. This article decodes APT31’s tool-kit, tactics and persistence model, and offers detection and response guidance for defenders.

Read More
Chinese APT router hijacking diagram showing EdgeStepper on a router redirecting software updates to a PlushDaemon command server

Chinese PlushDaemon APT Turns Routers into Software Traps

yohanmanuja28 mins

A China-aligned threat group known as PlushDaemon runs a Chinese APT router hijacking campaign that implants EdgeStepper on vulnerable routers, reroutes software-update traffic for popular Chinese-language applications and delivers the SlowStepper espionage toolkit through trusted update channels, turning routine network gear into an adversary-in-the-middle platform.

Read More
Custom illustration showing a Windows workstation under surveillance while an obfuscated loader labeled “BadAudio” communicates with APT24 command-and-control infrastructure.

How APT24 Uses BadAudio Malware in Multi-Vector Espionage

yohanmanuja18 mins

BadAudio gives APT24 a stealthy first-stage foothold in a long-running espionage campaign that focuses on Windows environments. The C++ downloader hides behind DLL search-order hijacking, control-flow obfuscation and AES-encrypted C2, while the group rotates between watering-hole attacks, supply-chain compromises and targeted spearphishing to deliver it. This article breaks down BadAudio’s loader behavior, APT24’s evolving tradecraft and the defensive steps that help security teams detect, contain and disrupt this PRC-nexus operation.

Read More
Custom illustration showing fake software installers with TamperedChef branding dropping a hidden JavaScript backdoor on a workstation.

TamperedChef Malware Uses Fake Installers in Global Campaign

yohanmanuja06 mins

TamperedChef malware no longer hides only behind a rogue PDF editor. In its latest evolution, the campaign uses signed fake software installers, malvertising and SEO poisoning to deliver an obfuscated JavaScript backdoor via a dropped XML-scheduled task. Telemetry shows a strong footprint in the U.S. and heavy impact on healthcare, construction and manufacturing, where users often search online for product manuals and tools. This article unpacks the global infrastructure, shell-company certificates and execution chain so defenders can hunt and harden effectively.

Read More