The Breach News

New Android Banking Malware ‘ToxicPanda’ Pilfers Funds Through Deceptive Transfers

Nov 05, 2024
Mobile Security / Cyber Attack

A newly discovered Android banking malware, dubbed ToxicPanda, has already compromised over 1,500 devices, enabling cybercriminals to execute fraudulent transactions. According to Cleafy researchers Michele Roviello, Alessandro Strino, and Federico Valentini, “ToxicPanda’s primary aim is to facilitate money transfers from infected devices through account takeover (ATO) techniques, leveraging a method known as on-device fraud (ODF).” The malware is designed to circumvent banking security measures that verify user identity and authenticate transactions, along with behavioral detection strategies used by banks to flag suspicious money transfers. It is believed that ToxicPanda is linked to a Chinese-speaking threat actor and bears notable similarities to another Android malware called TgToxic, which can steal user credentials and deplete crypto wallets. TgToxic was first reported by Trend Micro in early 2023.

New Android Banking Malware ‘ToxicPanda’ Exploits Devices for Fraudulent Transactions November 5, 2024 Mobile Security / Cyber Attack A newly discovered strain of Android banking malware, named ToxicPanda, has reportedly compromised over 1,500 Android devices, enabling cybercriminals to execute unauthorized banking transactions. According to researchers Michele Roviello, Alessandro Strino, and…

Read More

New Android Banking Malware ‘ToxicPanda’ Pilfers Funds Through Deceptive Transfers

Nov 05, 2024
Mobile Security / Cyber Attack

A newly discovered Android banking malware, dubbed ToxicPanda, has already compromised over 1,500 devices, enabling cybercriminals to execute fraudulent transactions. According to Cleafy researchers Michele Roviello, Alessandro Strino, and Federico Valentini, “ToxicPanda’s primary aim is to facilitate money transfers from infected devices through account takeover (ATO) techniques, leveraging a method known as on-device fraud (ODF).” The malware is designed to circumvent banking security measures that verify user identity and authenticate transactions, along with behavioral detection strategies used by banks to flag suspicious money transfers. It is believed that ToxicPanda is linked to a Chinese-speaking threat actor and bears notable similarities to another Android malware called TgToxic, which can steal user credentials and deplete crypto wallets. TgToxic was first reported by Trend Micro in early 2023.

How Volunteering Shapes Careers in Cybersecurity

Recruitment & Reskilling Strategy, Training & Security Leadership Cyber Volunteers Can Gain Real-World Experience While Protecting Communities Brandy Harris • August 6, 2025 Image: Shutterstock In the evolving landscape of cybersecurity, aspiring professionals often envision a path paved with certifications, technical tests, and entry-level positions demanding extensive preparation. However, the…

Read MoreHow Volunteering Shapes Careers in Cybersecurity

The Unexpected Culprit: Git Repositories

In the ever-evolving landscape of cyber threats, while phishing and ransomware consistently steal headlines, there is a more insidious risk that lurks beneath the surface in many organizations: the exposure of Git repositories that leak sensitive data. This risk quietly undermines security by creating shadow access to critical systems. Git…

Read MoreThe Unexpected Culprit: Git Repositories

New Variant of ZuRu Malware Targets Developers through Compromised Termius macOS Application

July 10, 2025
Endpoint Security / Vulnerability

Cybersecurity experts have identified a new variant of the ZuRu malware affecting Apple macOS systems, known for propagating through trojanized versions of reputable software. In a recent report shared with The Hacker News, SentinelOne revealed that this malware has been posing as the popular cross-platform SSH client and server management tool, Termius, since late May 2025. Researchers Phil Stokes and Dinesh Devadoss noted, “ZuRu malware continues to exploit macOS users in search of legitimate business tools, evolving its loader and command-and-control techniques to backdoor its targets.” Initially documented in September 2021 on the Chinese question-and-answer platform Zhihu, ZuRu was part of a malicious campaign that redirected search results for the legitimate Terminal app iTerm2 to fraudulent websites designed to lure users into downloading the malware. In January 2024, Jamf Threat Labs also reported the distribution of this malware via pirated macOS applications.

New Variant of ZuRu Malware Targets Developers through Compromised Termius for macOS Published on July 10, 2025 In a concerning development for macOS users, cybersecurity experts have identified a new variant of the ZuRu malware. This malware is specifically targeting developers by masquerading as the widely-used SSH client and server…

Read More

New Variant of ZuRu Malware Targets Developers through Compromised Termius macOS Application

July 10, 2025
Endpoint Security / Vulnerability

Cybersecurity experts have identified a new variant of the ZuRu malware affecting Apple macOS systems, known for propagating through trojanized versions of reputable software. In a recent report shared with The Hacker News, SentinelOne revealed that this malware has been posing as the popular cross-platform SSH client and server management tool, Termius, since late May 2025. Researchers Phil Stokes and Dinesh Devadoss noted, “ZuRu malware continues to exploit macOS users in search of legitimate business tools, evolving its loader and command-and-control techniques to backdoor its targets.” Initially documented in September 2021 on the Chinese question-and-answer platform Zhihu, ZuRu was part of a malicious campaign that redirected search results for the legitimate Terminal app iTerm2 to fraudulent websites designed to lure users into downloading the malware. In January 2024, Jamf Threat Labs also reported the distribution of this malware via pirated macOS applications.

Malicious Game Optimization Apps Spread Winos 4.0 Malware to Gamers

Cybersecurity experts are raising alarms about a command-and-control (C&C) framework known as Winos, which is being propagated through gaming-related apps, including installation tools, speed boosters, and optimization utilities. According to a report from Fortinet FortiGuard Labs shared with The Hacker News, “Winos 4.0 is a sophisticated malicious framework designed for extensive functionality, stable architecture, and efficient control over various online endpoints for further actions.” This framework, rebuilt from Gh0st RAT, features several modular components, each assigned distinct tasks. Campaigns distributing Winos 4.0 were initially noted in June by Trend Micro and the KnownSec 404 Team, which are monitoring the activity under the names Void Arachne and Silver Fox. These attacks primarily target Chinese-speaking users, utilizing black hat Search Engine Optimization (SEO) methods, along with social media and messaging platforms like Te…

Winos 4.0 Malware Targets Gamers via Malicious Game Optimization Software Cybersecurity experts have issued an alert regarding a sophisticated malware framework known as Winos 4.0, which is infiltrating the gaming community through seemingly legitimate applications. These applications, including game installation tools, speed boosters, and optimization utilities, serve as vectors for…

Read More

Malicious Game Optimization Apps Spread Winos 4.0 Malware to Gamers

Cybersecurity experts are raising alarms about a command-and-control (C&C) framework known as Winos, which is being propagated through gaming-related apps, including installation tools, speed boosters, and optimization utilities. According to a report from Fortinet FortiGuard Labs shared with The Hacker News, “Winos 4.0 is a sophisticated malicious framework designed for extensive functionality, stable architecture, and efficient control over various online endpoints for further actions.” This framework, rebuilt from Gh0st RAT, features several modular components, each assigned distinct tasks. Campaigns distributing Winos 4.0 were initially noted in June by Trend Micro and the KnownSec 404 Team, which are monitoring the activity under the names Void Arachne and Silver Fox. These attacks primarily target Chinese-speaking users, utilizing black hat Search Engine Optimization (SEO) methods, along with social media and messaging platforms like Te…

Teen Hacker Reveals School Bathroom Smoke Detector Could Be an Audio Bug

New Hack Exploit Uncovered in School Smoke Detection Devices A notable cybersecurity incident has emerged from a high school in the Portland area where a 16-year-old hacker, Reynaldo Vasquez-Garcia, discovered vulnerabilities in devices linked to IPVideo Corporation, a subsidiary of Motorola. While experimenting with his school’s Wi-Fi network, Vasquez-Garcia identified…

Read MoreTeen Hacker Reveals School Bathroom Smoke Detector Could Be an Audio Bug

Sorry, Mr. Altman, But Passwords Aren’t Making a Comeback

AI-Based Attacks, Artificial Intelligence & Machine Learning, Fraud Management & Cybercrime OpenAI CEO Asserts AI Surpasses Voice Recognition, While Experts Remain Skeptical Suparna Goswami (gsuparna) • August 6, 2025 OpenAI CEO Sam Altman (Image: U.S. Senate) OpenAI’s CEO Sam Altman recently claimed that artificial intelligence has essentially “defeated” most current…

Read MoreSorry, Mr. Altman, But Passwords Aren’t Making a Comeback