TrickMo.C, first observed in early 2026, is not a routine update to a banking trojan. The operators have rebuilt it as a platform that runs a local TON (The Open Network) proxy on compromised Android phones and routes command-and-control traffic through encrypted .ADNL addresses. That redesign converts infected devices into covert, remotely programmable network nodes […]
CrystalRAT (aka CrystalX RAT) is being sold openly on Telegram as an easy-to-use malware package, but calling it merely “prankware” misses the point: it is a modular malware-as-a-service that combines full remote access, clipboard-based cryptocurrency theft, and nuisance/psychological disruption into a single commercially marketed toolkit. Why the “prank” label understates the risk Security vendors and […]
A recent campaign abuses TikTok for Business’ use of Google Single Sign-On and the platform’s permissive profile bio redirects to mount reverse-proxy AITM phishing that captures credentials and session cookies, then pivots into Google Ad Manager for large-scale ad fraud — all while evading two-factor protections with Cloudflare Turnstile–protected pages hosted on Google Storage. How […]
VoidStealer v2.0 demonstrates a concrete condition under which Chrome’s Application-Bound Encryption (ABE) can be bypassed: if the browser places the v20_master_key into user-mode registers during decryption, a debugger that sets hardware breakpoints can capture that key without SYSTEM privileges or code injection. How VoidStealer v2.0 captures the master key during Chrome startup The attack starts […]
