New mobile malware Agent Smith targets Android devices to install malicious versions of popular apps. The malware displays fraudulent ads for the attackers' financial gain but can be further used for bigger attacks. Google has removed the malicious apps.
Microsoft found a malware campaign pushing the Astaroth info stealer into the memory of infected computers. This particular campaign was notable in its fileless distribution method and complex attack chain.
A newly discovered backdoor malware dubbed Godlua was discovered conducting DDoS attacks. Unique to this Lua-based malware is its abuse of the DNS over HTTPS (DoH) protocol to secure its communication channels.