New Infostealer Campaign Targets Users via Spoofed Software Installers
Introduction As part of our commitment to sharing interesting hunts, we are launching these ‘Flash Hunting Findings’ to highlight active threats. Our latest investigation tracks an operation active between January 11 and January 15, 2026, which uses consistent ZIP file structures and a unique behash (“4acaac53c8340a8c236c91e68244e6cb”) for identification. The campaign relies on a trusted executable […] more…
Introducing Saved Searches in Google Threat Intelligence (GTI) and VirusTotal (VT): Enhance Collaboration and Efficiency
We are excited to announce the launch of Saved Searches in Google Threat Intelligence (GTI) and VirusTotal (VT), a powerful new feature designed to streamline your threat hunting workflows and foster seamless collaboration across your security team. From Campaign to Feature: Better Search Efficiency For the last month, we’ve highlighted the critical importance of mastering […] more…
VTPRACTITIONERS{ACRONIS}: Tracking FileFix, Shadow Vector, and SideWinder
Introduction We have recently started a new blog series called #VTPRACTITIONERS. This series aims to share with the community what other practitioners are able to research using VirusTotal from a technical point of view. Our first blog saw our colleagues at SEQRITE tracking UNG0002, Silent Lynx, and DragonClone. In this new post, Acronis Threat Research […] more…
Reversing at Scale: AI-Powered Malware Detection for Apple’s Binaries
TL;DR: We ran our new AI-based Mach-O analysis pipeline in production, no metadata, no prior detections, just raw Apple binaries. On Oct 18, 2025, out of 9,981 first-seen samples, VT Code Insight surfaced multiple real Mac and iOS malware cases that had 0 antivirus detections at submission time, including a multi-stage AppleScript infostealer and an […] more…
Hugging Face and VirusTotal: Building Trust in AI Models
We’re happy to announce a collaboration with Hugging Face, an open platform that fosters collaboration and transparency in AI, to make security insights more accessible to the community. VirusTotal’s analysis results are now integrated directly into the Hugging Face platform, helping users understand potential risks in model files, datasets, and related artifacts before they download […] more…
VTPRACTITIONERS{SEQRITE}: Tracking UNG0002, Silent Lynx and DragonClone
Introduction One of the best parts of being at VirusTotal (VT) is seeing all the amazing ways our community uses our tools to hunt down threats. We love hearing about your successes, and we think the rest of the community would too. That’s why we’re so excited to start a new blog series where we’ll […] more…
Simpler Access for a Stronger VirusTotal
VirusTotal (VT) was founded on a simple principle: we are all stronger when we work together. Every file shared, every engine integrated, and every rule contributed strengthens our collective defense against cyber threats. In the spirit of that collaboration, and in light of recent community discussions, we want to share our vision for the future […] more…
Crowdsourced AI += Exodia Labs
We’re adding a new specialist to VirusTotal’s Crowdsourced AI lineup: Exodia Labs, with an AI engine focused on analyzing Chrome extension (.CRX) files. This complements our existing Code Insight and other AI contributors by helping users better understand this format and detect possible threats. What you get in VirusTotal Second opinion for .CRX: Exodia Labs […] more…
Advanced Threat Hunting: Automating Large-Scale Operations with LLMs
Last week, we were fortunate enough to attend the fantastic LABScon conference, organized by the SentinelOne Labs team. While there, we presented a workshop titled ‘Advanced Threat Hunting: Automating Large-Scale Operations with LLMs.’ The main goal of this workshop was to show attendees how they could automate their research using the VirusTotal API and Gemini. […] more…
Supercharging Your Threat Hunts: Join VirusTotal at Labscon for a Workshop on Automation and LLMs
We are excited to announce that our colleague Joseliyo Sánchez, will be at Labscon to present our workshop: Advanced Threat Hunting: Automating Large-Scale Operations with LLMs. This workshop is a joint effort with SentinelOne and their researcher, Aleksandar Milenkoski. In today’s rapidly evolving threat landscape, security professionals face an overwhelming tide of data and increasingly […] more…
Uncovering a Colombian Malware Campaign with AI Code Analysis
VirusTotal Code Insight keeps adding new file formats. This time, we’re looking at two vector-based formats from very different eras: SWF and SVG. Curiously, right after we rolled out this update in production, one of the very first submitted files gave us a perfect, and unexpected, example of Code Insight in action: it uncovered an […] more…
Integrating Code Insight into Reverse Engineering Workflows
More than two years have passed since we announced the launch of Code Insight at RSA 2023. From that time on, we have been applying this technology in different scenarios, expanding its use in new file formats (1, 2). As we advance in the automated analysis of new files with Code Insight, we want to offer […] more…
Applying AI Analysis to PDF Threats
In our previous post we extended VirusTotal Code Insights to browser extensions and supply-chain artifacts. A key finding from that analysis was how our AI could apply contextual knowledge to its evaluation. It wasn’t just analyzing code in isolation, it was correlating a package’s stated purpose (its name and description) with its actual behavior, flagging […] more…
Code Insight Expands to Uncover Risks Across the Software Supply Chain
Audio version of this post, created with NotebookLM Deep Dive Your browser does not support the audio element. When we launched Code Insight, we started by analyzing PowerShell scripts. Since then, we have been continuously expanding its capabilities to cover more file types. Today, we announce that Code Insight can now analyze a broader range […] more…
YARA-X 1.0.0: The Stable Release and Its Advantages
Audio version of this post, created with NotebookLM Deep Dive Your browser does not support the audio element. Short note for everyone who already lives and breathes YARA: Victor (aka plusvic) just launched YARA-X 1.0.0. Full details: https://virustotal.github.io/yara-x/blog/yara-x-is-stable/ What changes for you Area YARA 4.x YARA-X Engine C/C++, manual memory Rust, memory-safe Rule compatibility – […] more…
What 17,845 GitHub Repos Taught Us About Malicious MCP Servers
Audio version of this post, created with NotebookLM Deep Dive Your browser does not support the audio element. Spoiler: VirusTotal Code Insight’s preliminary audit flagged nearly 8% of MCP (Model Context Protocol) servers on GitHub as potentially forged for evil, though the sad truth is, bad intentions aren’t required to follow bad practices and publish […] more…
2017 Antivirus News | Powered by WordPress |
Fluxipress Theme
| Show My IP Address, check blacklists
| Free Favicon, Android and Apple Icon Generator
| Bitcoin and Crypto Currency News
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Read More Privacy & Cookies Policy
