Tsundere Botnet Targets Windows Users with JavaScript Code

Cybersecurity researchers have identified an expanding botnet called Tsundere that targets Windows users. Active since mid-2025, the botnet executes arbitrary JavaScript code from a C2 server. The malware is spread through various means, including Remote Monitoring and Management (RMM) tools and lures for popular games. The botnet uses the Ethereum blockchain to fetch C2 server details, making it resilient. The threat actor behind Tsundere is believed to be Russian-speaking and has links to other malicious activities, including the 123 Stealer.

Latest mentioned: 11-20

Earliest mentioned: 11-20

Sources

thehackernews.com securelist.com

Also Read

Contagious Interview Campaign Floods npm with Malicious Packages

Threat actors behind the Contagious Interview campaign have inundated the npm registry with 197 malicious packages designed to deliver a variant of OtterCookie. These packages, downloaded over 31,000 times, are crafted to evade detection, profile machines, and establish command-and-control channels. The malware aims to steal sensitive data, including browser credentials and cryptocurrency wallet information. The campaign is notable for its sustained tempo and adaptation to modern JavaScript and crypto-centric development workflows.

11-29Read more →