Category: Uncategorized

Japanese semiconductor test equipment supplier Advantest said it is dealing with a ransomware attack that has impacted several company systems. 

The company said it detected unusual activity within its IT environment on Sunday and activated incident response protocols and isolated the impacted systems. 

“Preliminary findings appear to indicate that an unauthorized third party may have gained access to portions of the company’s network and deployed ransomware,” Advantest said. 

“This investigation is actively ongoing and is being carried out in close collaboration with leading cybersecurity experts. Advantest is focused on understanding the full extent of this incident while reinforcing all possible defenses.”

Advantest is one of the largest manufacturers of test and measurement equipment used in the design and production of semiconductors for machine learning, autonomous vehicles, 5G systems and more. 

The Tokyo-based company reported more than $6.4 billion in sales in the last fiscal year as its tools have become critical assets in the production process of semiconductors globally. It’s unclear which group is behind the attack.

Incident response firm Dragos said in a recent report that the number of ransomware gangs targeting manufacturing companies has exploded over the last year. 

Dragos tracked about 119 ransomware gangs targeting industrial organizations in 2025, a nearly 50% increase compared to 2024. The groups attacked about 3,300 industrial organizations throughout the year. 

Ransomware gangs have repeatedly targeted the lucrative semiconductor industry over the last five years. Microchip Technology, one of the largest American semiconductor manufacturers, was attacked by the Play ransomware gang in 2024 while Applied Materials was hit in 2023. 

Chinese-owned semiconductor company Nexperia and Taiwan’s Foxsemicon both experienced ransomware attacks and a 2022 report said several other leading semiconductor firms were targeted by ransomware gangs.

Learn more.

In general, though, resorts will not prevent tourists from going off-piste so instead they offer advice. Another French resort, La Plagne, for instance, tells skiers to get information about conditions, make sure they have the necessary safety gear – avalanche transceiver, shovel and probe – know how to use them, and always go out with a professional guide and never alone.

Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google’s generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence.

The malware has been codenamed PromptSpy by ESET. The malware is equipped to capture lockscreen data, block uninstallation efforts, gather device information, take screenshots, and record screen activity as video.

“Gemini is used to analyze the current screen and provide PromptSpy with step-by-step instructions on how to ensure the malicious app remains pinned in the recent apps list, thus preventing it from being easily swiped away or killed by the system,” ESET researcher Lukáš Štefanko said in a report published today.

“Since Android malware often relies on UI navigation, leveraging generative AI enables the threat actors to adapt to more or less any device, layout, or OS version, which can greatly expand the pool of potential victims.”

Specifically, this involves hard-coding the AI model and a prompt in the malware, assigning the AI agent the persona of an “Android automation assistant.” It sends Gemini a natural language prompt along with an XML dump of the current screen that gives detailed information about every UI element, including its text, type, and exact position on the display.

An analysis of the language localization clues and the distribution vectors used suggests that the campaign is likely financially motivated and targets users in Argentina. Interestingly, evidence shows that PromptSpy was developed in a Chinese‑speaking environment, as indicated by the presence of debug strings written in simplified Chinese.

“PromptSpy is distributed by a dedicated website and has never been available on Google Play,” Štefanko said.

PromptSpy is assessed to be an advanced version of another previously unknown Android malware called VNCSpy, samples of which were first uploaded to the VirusTotal platform last month from Hong Kong.

The website, “mgardownload[.]com,” is used to deliver a dropper, which, when installed and launched, opens a web page hosted on “m-mgarg[.]com.” It masquerades as JPMorgan Chase, going by the name “MorganArg” in reference to Morgan Argentina. The dropper also instructs victims to grant it permissions to install apps from unknown sources to deploy PromptSpy. 

“In the background, the Trojan contacts its server to request a configuration file, which includes a link to download another APK, presented to the victim, in Spanish, as an update,” ESET said. “During our research, the configuration server was no longer accessible, so the exact download URL remains unknown.”

The findings illustrate how threat actors are incorporating AI tools into their operations and make malware more dynamic, giving them ways to automate actions that would otherwise be more challenging with conventional approaches.

Because PromptSpy prevents itself from being uninstalled by overlaying invisible elements on the screen, the only way for a victim to remove it is to reboot the device into Safe Mode, where third‑party apps are disabled and can be uninstalled.

“PromptSpy shows that Android malware is beginning to evolve in a sinister way,” ESET said. “By relying on generative AI to interpret on‑screen elements and decide how to interact with them, the malware can adapt to virtually any device, screen size, or UI layout it encounters.”

“Instead of hardcoded taps, it simply hands AI a snapshot of the screen and receives precise, step‑by‑step interaction instructions in return, helping it achieve a persistence technique resistant to UI changes.”