Signal

Threat actors exploit trusted platforms and reputation manipulation in malware campaigns

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-06-17 18:14 UTCUpdated 2026-06-18 22:53 UTC

rss

malwarethreat_actorssecurity_toolingincident_response

Trend in the last 24h

Current brief openSource links open

This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.

Back Evidence (3)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (3 domains)

3 top sources shown

SC Media - Malware campaign uses VirusTotal manipulation and legitimate news sites

scworld.com · scworld.com · 2026-06-18 22:53 UTC

Claude Chat Abuse and more

The Hacker News - ThreatsDay Bulletin · thehackernews.com · 2026-06-18 15:27 UTC

CSO Online - Attackers abuse Google Ads, GitLab, and Claude to deliver malware

csoonline.com · csoonline.com · 2026-06-18 12:25 UTC

View all evidence

Overview

Recent malware campaigns have leveraged trusted platforms such as Google Ads, GitLab pages, and the Claude AI chat feature to deliver malicious payloads through social engineering tactics.

Entities

GoogleGitLabClaudeClaude AI

Score total

1.13

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Campaigns are recent and actively targeting users via popular AI tools and platforms.
Growing reliance on AI and legitimate services creates new attack surfaces for threat actors.
Security teams must adapt to evolving social engineering tactics and reputation manipulation.

Why it matters

Attackers exploit trusted platforms to increase malware delivery success and evade detection.
Manipulation of reputation systems like VirusTotal undermines malware detection and response efforts.
Use of legitimate services complicates incident response and requires enhanced user awareness.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

Threat actors abuse Google Ads, GitLab pages, and Claude's shared chat feature to deliver malware via social engineering.
Malware campaigns manipulate VirusTotal and legitimate news sites to boost malware reputation and use ghost networks on social media to increase engagement.

How sources frame it

CSO Online: neutral
The Hacker News: neutral
SC Media: neutral

All evidence

CSO Online - Attackers abuse Google Ads, GitLab, and Claude to deliver malware

csoonline.com · csoonline.com · 2026-06-18 12:25 UTC

Claude Chat Abuse and more

The Hacker News - ThreatsDay Bulletin · thehackernews.com · 2026-06-18 15:27 UTC

SC Media - Malware campaign uses VirusTotal manipulation and legitimate news sites

scworld.com · scworld.com · 2026-06-18 22:53 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 3 / 0

Top publishers (this list)

csoonline.com (1)
The Hacker News - ThreatsDay Bulletin (1)
scworld.com (1)

Top origin domains (this list)

csoonline.com (1)
thehackernews.com (1)
scworld.com (1)