Find notable cyber news and cases, enriched with sources, timelines, and signals.

Amatera Stealer data-exfiltration and NetSupport RAT delivery

Malware Activity
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

Amatera Stealer is now being delivered through ClickFix phishing lures to steal data and stage NetSupport RAT, increasing risk to wallets, browsers, and email accounts. The malware uses mshta.exe, PowerShell, and MSBuild.exe to run a multi-step payload chain. The activity is significant because it combines credential theft, file targeting, and follow-on remote-control delivery in one infection path.

Related Happenings

AI-generated PowerShell Active Directory reconnaissance script

Malware Activity
H score23 First: 09.07.2026 17:00 Last: 09.07.2026 17:00 Sources 1

About this happening: An **AI-generated PowerShell script** was used in a real **Windows intrusion**, showing how one-off malware can automate **Active Directory reconnaissance** and evade signature-ba...

Microsoft AutoGen Studio AutoJack MCP WebSocket command execution security flaw

Vulnerability
H score33 First: 22.06.2026 20:28 Last: 22.06.2026 20:28 Sources 1

About this happening: Microsoft’s **AutoJack** chain exposed **AutoGen Studio** to **arbitrary command execution** for developers building from the main GitHub branch before the hardening commit.

Windows cryptocurrency clipper malware using USB LNK worming and Tor C2

Malware Activity
H score29 First: 18.06.2026 17:30 Last: 18.06.2026 17:30 Sources 1

About this happening: A **Windows-based cryptocurrency clipper** has been active since **February 2026**, using **USB-delivered LNK** worming to steal wallet data and reroute payments. The malware adds...

GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy

Malware Activity
H score41 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...

Vidar infostealer market rise and distribution expansion

Malware Activity
H score30 First: 28.04.2026 22:07 Last: 28.04.2026 22:07 Sources 1

About this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...

Timeline

  1. 17.11.2025 18:53 2 articles · 7mo ago

    EVALUSION ClickFix campaigns deliver Amatera Stealer and NetSupport RAT

    Initial Disclosure

    Researchers tracked EVALUSION campaigns that used ClickFix social engineering to deliver Amatera Stealer and stage NetSupport RAT on affected Windows systems. The payload chain used the Windows Run dialog, mshta.exe, PowerShell, MediaFire, PureCrypter, and MSBuild.exe, while Amatera was described as targeting crypto-wallets, browsers, messaging applications, FTP clients, and email services and using WoW64 SysCalls to evade sandboxes, antivirus tools, and EDR products.

    Show sources