Malware

The Lazarus Group's operation, codenamed "graphalgo," began in May 2025.

The current LummaStealer campaigns are heavily reliant on CastleLoader, a modular malware loader that executes payloads in memory with extensive obfuscation.

The loader uses a novel string mutation mechanism and in-memory execution to evade detection.

SecurityWeek reports that novel commercial spyware toolkit ZeroDayRAT could be leveraged to enable total remote compromise of both Android and iOS devices.

Organizations in the cryptocurrency sector have had their Windows and macOS systems targeted by North Korean hacking operation UNC1069 in financially-motivated malware campaigns, according to BleepingComputer.

The fraudulent website, impersonating the legitimate 7-Zip project at 7zip[.]com, mimics the original site's structure and text.

The malware was discovered through a Docker honeypot and is used for cryptojacking.