1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Huge hacking campaign uses spoofed Ghidra, dnSpy, and SpiderFoot

    From TechnologyDaily@1337:1/100 to All on Thursday, June 04, 2026 11:00:26
    Huge hacking campaign uses spoofed Ghidra, dnSpy, and SpiderFoot security tools to harvest ad revenue and serve malware

    Date:
    Thu, 04 Jun 2026 09:53:09 +0000

    Description:
    More than 100 spoofed websites were redirecting users and offering infostealers.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Over 100 spoofed sites mimic trusted security tools Campaign serves SessionGate, RemusStealer, AnimateClipper Primary goal appears to be traffic monetization A large-scale malicious campaign was recently uncovered, spoofing reputable open-source security tools to harvest ad revenue and serve malware to developers and security researchers.

    Security outfit Check Point Research (CPR) recently published an in-depth report, detailing the campaign. Apparently, threat actors created more than 100 websites spoofing tools such as Ghidra, dnSpy, and SpiderFoot. Visitors were routed through a Traffic Distribution System (TDS) and served multiple malware variants, including SessionGate, RemusStealer, and AnimateClipper. What makes this campaign especially notable is the choice of brands: a high-risk subset of sites impersonates trusted reverse-engineering tools such as Ghidra and dnSpy, used by security researchers and malware analysts, the report reads. Latest Videos From Watch full video here: Traffic acquisition and monetization CPR describes SessionGate as a new multi-stage loader that makes it very difficult to obtain the final payload. RemusStealer is a newly emerged infostealer targeting browsers and extensions, while AnimateClipper
    is a cryptocurrency clipper capable of hijacking transactions across more
    than 20 blockchains.

    Despite these websites serving multiple malware, CPR does not believe it to
    be the main goal. Instead, it believes the campaigns primary objective is traffic acquisition and monetization. You may like Infostealers are being disguised as Claude Code, OpenClaw and other AI developer tools Thousands of compromised websites abused by DriveSurge in active ClickFix and FakeUpdates campaigns CPUID download page hacked and tools replaced with links to malicious files

    However, by embedding a gated TDS layer and funneling search traffic into it, the operators become part of a distribution chain whose downstream consumers can include malware distributors, CPR stressed. The same traffic pipeline
    that drives gray monetization can also selectively route real users to malicious payloads.

    While CPR did not say how many people were affected by this attack, it does stress that the campaign is rather large-scale. It involves more than 100 websites, as well as more than 5,000 total submissions to VirusTotal. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    To defend against this campaign, and others like it, users are advised not to blindly trust search engine results, and to be careful when clicking on
    links, even when theyre at the very top of Google and other reputable
    engines. The best antivirus for all budgets Our top picks, based on
    real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/huge-hacking-campaign-uses-spoofed-ghid ra-dnspy-and-spiderfoot-security-tools-to-harvest-ad-revenue-and-serve-malware


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)