Researchers found new Android malware linked to the Indian APT (Advanced Persistent Threat) group called Donot Team, which primarily targets South Asian government and military organisations. The malware, named Tanzeem and Tanzeem Update was first identified in October and December 2024. The Donot Team is using the OneSignal platform to deliver phishing links, a new development in its methods, while the malware collects information like call logs, contacts, and precise locations.

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
An updated version of a malware loader, known as Hijack Loader, has been discovered with new features aimed at evading detection and maintaining persistence. The