This week's summary demonstrates how subtle behavioral changes, such as code modifications and employment scams, are redefining what "cybercrime" actually entails. A Lithuanian national has been detained on suspicion of using clipboard-stealing malware to infect
2.8 million systems.
During the Christmas 2025 holiday, a new "coordinated exploitation" campaign has been seen that targets Adobe ColdFusion servers. According to Kaspersky, pre-installed malware was found on some Android tablet models. Report: By making problematic content and scam ads "not findable" when authorities search for them through its Ad Library, Meta attempted to thwart regulators.
Meta has refuted the allegations, claiming that the cleaning process also aids in the removal of the advertisements from its systems. According to Unleash Protocol, it "detected unauthorized activity" involving its smart contracts that resulted in the transfer and withdrawal of user funds totaling about $3.9 million. 1,337.1 ETH of the pilfered money has been added to the Tornado Cash cryptocurrency mixing service.
Threat actors can automate ClickFix attacks with a new cybercrime tool called ErrTraffic. In order to create a false sense of urgency and trick users into following malicious instructions, it creates fictitious glitches on hacked websites. The service, marketed by a threat actor called "LenAI," is a cross-platform threat that can deliver customized payloads to Windows, macOS, Linux, and Android.
According to a recent report, cyber operations are now a crucial part of achieving strategic geopolitical goals. Attackers can take advantage of the 4-second window created by AWS IAM eventual consistency. More than 1.6 million distinct IP addresses are reportedly available through the IPCola proxy network.
Through persistent background activity, a widespread Android adware campaign has been seen to silently deplete resources and interfere with regular phone use. The campaign, known as GhostAd, makes use of a network of at least fifteen Android apps on Google Play that pose as benign utilities and tools for editing emojis. The Philippines, Pakistan, and Malaysia seem to be the main targets of the attacks.
In 2025, North Korean-affiliated hackers stole cryptocurrency valued at over $2 billion. This includes the $1.5 billion Bybit heist that broke all previous records in February
2025.
The actual frequency of attacks carried out by North Korean hackers has decreased, despite the overall increase in cryptocurrency theft. At the same time, Pyongyang's crypto theft operations are depending more and more on its IT workers to get employment at Web3 companies, cryptocurrency exchanges, and custodians. In one instance, Amazon claimed to have detected a "infinitesimal delay in the typed commands" and apprehended an IT employee.