Cybercrime/malcode – Lifeboat News: The Blog

Jan 30
2026

Google disrupts IPIDEA residential proxy networks fueled by malware

IPIDEA, one of the largest residential proxy networks used by threat actors, was disrupted earlier this week by Google Threat Intelligence Group (GTIG) in collaboration with industry partners.

The action included taking down domains associated with IPIDEA services, infected device management, proxy traffic routing. Additionally, intelligence has been shared on the IPIDEA software development kits (SDK) that distributed the proxying tool.

The operators of IPIDEA advertised it as a VPN service that “encrypts your online traffic and hides your real IP address,” used by 6.7 million users worldwide.

Jan 30
2026

Hugging Face abused to spread thousands of Android malware variants

A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services.

Hugging Face is a popular platform that hosts and distributes artificial intelligence (AI), natural language processing (NLP), and machine learning (ML) models, datasets, and applications.

It is considered a trusted platform unlikely to trigger security warnings, but bad actors have abused it in the past to host malicious AI models.

Jan 30
2026

Not a Kids Game: From Roblox Mod to Compromising Your Company

Seemingly harmless game mods can hide infostealer malware that quietly steals identities. Flare shows how Roblox mods can turn a home PC infection into corporate compromise.

Jan 30
2026

Aisuru botnet sets new record with 31.4 Tbps DDoS attack

The Aisuru/Kimwolf botnet launched a new massive distributed denial of service (DDoS) attack that peaked at 31.4 Tbps and 200 million requests per second, setting a new record.

The attack was part of a campaign targeting multiple companies, most of them in the telecommunications sector, and was detected and mitigated by Cloudflare last year on December 19.

Aisuru is responsible for the previous DDoS record that reached 29.7 Tbps. Another attack that Microsoft attributed to the botnet peaked at 15.72 Tbps and originated from 500,000 IP addresses.

Jan 29
2026

Securing Nonhuman Identities in K–12 Schools

Nonhuman identities, including artificial intelligence agents, pose a cybersecurity risk in education environments due to extensive and often-overlooked access permissions.

Jan 28
2026

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware, giving attackers persistent remote access to developer syst

Jan 28
2026

Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks

China-linked Mustang Panda used updated COOLCLIENT malware in 2025 espionage to steal data from government and telecom targets across Asia and Russia.

Jan 28
2026

Initial access hackers switch to Tsundere Bot for ransomware attacks

A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network access that could lead to ransomware attacks.

Proofpoint researchers have been tracking TA584’s activity since 2020 and say that the threat actor has significantly increased its operations recently, introducing a continuous attack chain that undermines static detection.

Tsundere Bot was first documented by Kaspersky last year and attributed to a Russian-speaking operator with links to the 123 Stealer malware.

Jan 28
2026

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake updates & web injections.

Jan 28
2026

Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities

Pakistan-linked hackers targeted Indian government entities using phishing, Google services, Golang malware, and GitHub-based command-and-control.