Find notable cyber news and cases, enriched with sources, timelines, and signals.

Pkr_mtsi Windows loader delivers multiple payloads

Malware Activity
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

pkr_mtsi is a Windows loader now being used to push trojanized installers through malvertising and SEO poisoning, increasing initial-access risk for Windows users. First seen on April 24, 2025 and still active, it has delivered Oyster, Vidar, Vanguard Stealer, and Supper. The loader commonly masquerades as PuTTY, Rufus, or Microsoft Teams, luring victims through fake download sites promoted by ads and manipulated search rankings. Its evolving tradecraft includes modified UPX stages, anti-analysis checks, and regsvr32.exe execution paths that make unpacking and detection harder.

Related Happenings

Vidar infostealer delivered through TikTok and Instagram Reels

Malware Activity
H score27 First: 10.06.2026 19:00 Last: 10.06.2026 19:00 Sources 1

About this happening: Threat actors are using **TikTok** and **Instagram Reels** to deliver **Vidar infostealer** through fake free-software tutorials, putting viewers at risk of **credential**, **fina...

Atlas RAT and related loaders deployed for remote access and credential theft

Malware Activity
H score33 First: 04.06.2026 00:45 Last: 04.06.2026 00:45 Sources 1

About this happening: **TA4922**, a **China-linked** and likely **financially motivated** malware activity, has expanded beyond **East Asia** into **Europe** and **Africa**. The group uses **Atlas RAT*...

Beagle backdoor distributed via fake Claude site and DLL sideloading

Malware Activity
H score23 First: 07.05.2026 16:15 Last: 07.05.2026 16:15 Sources 1

About this happening: The **Beagle** backdoor is now being distributed through a **fake Claude website**, putting **Windows users** at risk of infection through a **DLL sideloading chain**. The lure de...

Microsoft Teams adds "Report a Call" for suspicious calls with phased rollout

Security Tool/Service
H score11 First: 29.01.2026 16:49 Last: 29.01.2026 16:49 Sources 1

About this happening: Microsoft is adding **"Report a Call"** to **Teams**, letting users flag **suspicious or unwanted calls** as potential **scams or phishing**. The feature is **enabled by default**...

Microsoft Teams rolls out Brand Impersonation Protection for external call warnings

Security Tool/Service
H score14 First: 22.01.2026 18:28 Last: 22.01.2026 18:28 Sources 1

About this happening: **Microsoft Teams** is adding **Brand Impersonation Protection** to warn users about suspicious **first-time external callers**, reducing social-engineering risk in call flows. Th...

Timeline

  1. 07.01.2026 18:45 1 articles · 6mo ago

    pkr_mtsi first observed in malvertising campaigns

    Initial Disclosure

    pkr_mtsi is first observed as a malicious Windows packer used in large-scale malvertising and SEO-poisoning campaigns to distribute trojanized installers that deliver Oyster, Vidar, Vanguard Stealer, and Supper.

    Show sources
  2. 07.01.2026 18:45 2 articles · 6mo ago

    pkr_mtsi analysis adds detection and execution details

    Technical Analysis Update

    Research updates pkr_mtsi tradecraft with heavier obfuscation, hashed API resolution, anti-analysis checks, modified UPX-packed intermediate stages, and DLL variants that execute through regsvr32.exe and registry-based COM registration; a broader YARA rule is released to detect known variants and monitor predictable NtProtectVirtualMemory errors.

    Show sources