2026-03-01 AI创业新闻

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. “Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly as documented,” Oasis Security said in a report published this week. The flaw has been codenamed ClawJacked by the cybersecurity company. The attack assumes the following threat model: A developer has OpenClaw set up and running on their laptop, with its gateway , a local WebSocket server, bound to localhost and protected by a password.

The attack kicks in when the developer lands on an attacker-controlled website through social engineering or some other means. The infection sequence then follows the steps below - Malicious JavaScript on the web page opens a WebSocket connection to localhost on the OpenClaw gateway port. The script brute-forces the gateway password by taking advantage of a missing rate-limiting mechanism. Post successful authentication with admin-level permissions, the script stealthily registers as a trusted device, which is auto-approved by the gateway without any user prompt.

The attacker gains complete control over the AI agent, allowing them to interact with it, dump configuration data, enumerate connected nodes, and read application logs. “Any website you visit can open one to your localhost. Unlike regular HTTP requests, the browser doesn’t block these cross-origin connections,” Oasis Security said. “So while you’re browsing any website, JavaScript running on that page can silently open a connection to your local OpenClaw gateway.

The user sees nothing.” “That misplaced trust has real consequences. The gateway relaxes several security mechanisms for local connections - including silently approving new device registrations without prompting the user. Normally, when a new device connects, the user must confirm the pairing. From localhost, it’s automatic.” Following responsible disclosure, OpenClaw pushed a fix in less than 24 hours with version 2026.2.25 released on February 26, 2026.

Users are advised to apply the latest updates as soon as possible, periodically audit access granted to AI agents, and enforce appropriate governance controls for non-human (aka agentic) identities. The development comes amid a broader security scrutiny of the OpenClaw ecosystem, primarily stemming from the fact that AI agents hold entrenched access to disparate systems and the authority to execute tasks across enterprise tools, leading to a significantly larger blast radius should they be compromised. Reports from Bitsight and NeuralTrust have detailed how OpenClaw instances left connected to the internet pose an expanded attack surface, with each integrated service further broadening the blast radius and can be transformed into an attack weapon by embedding prompt injections in content (e.g., an email or a Slack message) processed by the agent to execute malicious actions. The disclosure comes as OpenClaw also patched a log poisoning vulnerability that allowed attackers to write malicious content to log files via WebSocket requests to a publicly accessible instance on TCP port 18789.

Since the agent reads its own logs to troubleshoot certain tasks, the security loophole could be abused by a threat actor to embed indirect prompt injections, leading to unintended consequences. The issue was addressed in version 2026.2.13 , which was shipped on February 14, 2026. “If the injected text is interpreted as meaningful operational information rather than untrusted input, it could influence decisions, suggestions, or automated actions,” Eye Security said . “The impact would therefore not be ‘instant takeover,’ but rather: manipulation of agent reasoning, influencing troubleshooting steps, potential data disclosure if the agent is guided to reveal context, and indirect misuse of connected integrations.” In recent weeks, OpenClaw has also been found susceptible to multiple vulnerabilities ( CVE-2026-25593 , CVE-2026-24763 , CVE-2026-25157 , CVE-2026-25475 , CVE-2026-26319, CVE-2026-26322, CVE-2026-26329 ), ranging from moderate to high severity, that could result in remote code execution, command injection, server-side request forgery (SSRF), authentication bypass, and path traversal.

The vulnerabilities have been addressed in OpenClaw versions 2026.1.20 , 2026.1.29 , 2026.2.1 , 2026.2.2 , and 2026.2.14 . “As AI agent frameworks become more prevalent in enterprise environments, security analysis must evolve to address both traditional vulnerabilities and AI-specific attack surfaces,” Endor Labs said. Elsewhere, new research has demonstrated that malicious skills uploaded to ClawHub, an open marketplace for downloading OpenClaw skills, are being used as conduits to deliver a new variant of Atomic Stealer , a macOS information stealer developed and rented by a cybercrime actor known as Cookie Spider . “The infection chain begins with a normal SKILL.md that installs a prerequisite,” Trend Micro said .

“The skill appears harmless on the surface and was even labeled as benign on VirusTotal. OpenClaw then goes to the website, fetches the installation instructions, and proceeds with the installation if the LLM decides to follow the instructions.” The instructions hosted on the website “openclawcli.vercel[.]app” include a malicious command to download a stealer payload from an external server (“91.92.242[.]30”) and run it. Threat hunters have also flagged a new malware delivery campaign in which a threat actor by the name @liuhui1010 has been identified, leaving comments on legitimate skill listing pages, urging users to explicitly run a command they provided on the Terminal app if the skill “doesn’t work on macOS.” The command is designed to retrieve Atomic Stealer from “91.92.242[.]30,” an IP address previously documented by Koi Security and OpenSourceMalware for distributing the same malware via malicious skills uploaded to ClawHub. What’s more, a recent analysis of 3,505 ClawHub skills by AI security company Straiker has uncovered no less than 71 malicious ones, some of which posed as legitimate cryptocurrency tools but contained hidden functionality to redirect funds to threat actor-controlled wallets.

Two other skills, bob-p2p-beta and runware, have been attributed to a multi-layered cryptocurrency scam that employs an agent-to-agent attack chain targeting the AI agent ecosystem. The skills have been attributed to a threat actor who operates under the aliases “26medias” on ClawHub and “BobVonNeumann” on Moltbook and X. “BobVonNeumann presents itself as an AI agent on Moltbook, a social network designed for agents to interact with each other,” researchers Yash Somalkar and Dan Regalado said. “From that position, it promotes its own malicious skills directly to other agents, exploiting the trust that agents are designed to extend to each other by default.

It’s a supply chain attack with a social engineering layer built on top.” What bob-p2p-beta does, however, is instruct other AI agents to store Solana wallet private keys in plaintext, purchase worthless $BOB tokens on pump.fun, and route all payments through an attacker-controlled infrastructure. The second skill claims to offer a benign image generation tool to build the developer’s credibility. Given that ClawHub is becoming a new fertile ground for attackers, users are advised to audit skills before installing them, avoid providing credentials and keys unless it’s essential, and monitor skill behavior. The security risks associated with self-hosted agent runtimes like OpenClaw have also prompted Microsoft to issue an advisory, warning that unguarded deployment could pave the way for credential exposure/exfiltration, memory modification, and host compromise if the agent can be tricked into retrieving and running malicious code either through poisoned skills or prompt injections.

“Because of these characteristics, OpenClaw should be treated as untrusted code execution with persistent credentials,” the Microsoft Defender Security Research Team said . “It is not appropriate to run on a standard personal or enterprise workstation.” “If an organization determines that OpenClaw must be evaluated, it should be deployed only in a fully isolated environment such as a dedicated virtual machine or separate physical system. The runtime should use dedicated, non-privileged credentials and access only non-sensitive data. Continuous monitoring and a rebuild plan should be part of the operating model.” Found this article interesting?

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google API keys (identified by the prefix “AIza”) embedded in client-side code to provide Google-related services like embedded maps on websites. “With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account,” security researcher Joe Leon said , adding the keys “now also authenticate to Gemini even though they were never intended for it.” The problem occurs when users enable the Gemini API on a Google Cloud project (i.e., Generative Language API), causing the existing API keys in that project, including those accessible via the website JavaScript code, to gain surreptitious access to Gemini endpoints without any warning or notice. This effectively allows any attacker who scrapes websites to get hold of such API keys and use them for nefarious purposes and quota theft, including accessing sensitive files via the /files and /cachedContents endpoints, as well as making Gemini API calls, racking up huge bills for the victims.

In addition, Truffle Security found that creating a new API key in Google Cloud defaults to “Unrestricted,” meaning it’s applicable for every enabled API in the project, including Gemini. “The result: thousands of API keys that were deployed as benign billing tokens are now live Gemini credentials sitting on the public internet,” Leon said. In all, the company said it found 2,863 live keys accessible on the public internet, including a website associated with Google. The disclosure comes as Quokka published a similar report, finding over 35,000 unique Google API keys embedded in its scan of 250,000 Android apps.

“Beyond potential cost abuse through automated LLM requests, organizations must also consider how AI-enabled endpoints might interact with prompts, generated content, or connected cloud services in ways that expand the blast radius of a compromised key,” the mobile security company said . “Even if no direct customer data is accessible, the combination of inference access, quota consumption, and possible integration with broader Google Cloud resources creates a risk profile that is materially different from the original billing-identifier model developers relied upon.” Although the behavior was initially deemed intended, Google has since stepped in to address the problem. “We are aware of this report and have worked with the researchers to address the issue,” a Google spokesperson told The Hacker News via email. “Protecting our users’ data and infrastructure is our top priority.

We have already implemented proactive measures to detect and block leaked API keys that attempt to access the Gemini API.” It’s currently not known if this issue was ever exploited in the wild. However, in a Reddit post published two days ago, a user claimed a “stolen” Google Cloud API Key resulted in $82,314.44 in charges between February 11 and 12, 2026, up from a regular spend of $180 per month. We have reached out to Google for further comment, and we will update the story if we hear back. Users who have set up Google Cloud projects are advised to check their APIs and services, and verify if artificial intelligence (AI)-related APIs are enabled.

If they are enabled and publicly accessible (either in client-side JavaScript or checked into a public repository), make sure the keys are rotated. “Start with your oldest keys first,” Truffle Security said. “Those are the most likely to have been deployed publicly under the old guidance that API keys are safe to share, and then retroactively gained Gemini privileges when someone on your team enabled the API.” “This is a great example of how risk is dynamic, and how APIs can be over-permissioned after the fact,” Tim Erlin, security strategist at Wallarm, said in a statement. “Security testing, vulnerability scanning, and other assessments must be continuous.” “APIs are tricky in particular because changes in their operations or the data they can access aren’t necessarily vulnerabilities, but they can directly increase risk.

The adoption of AI running on these APIs, and using them, only accelerates the problem. Finding vulnerabilities isn’t really enough for APIs. Organizations have to profile behavior and data access, identifying anomalies and actively blocking malicious activity.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a “supply chain risk.” “This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of our AI model, Claude: the mass domestic surveillance of Americans and fully autonomous weapons,” the company said . “No amount of intimidation or punishment from the Department of War will change our position on mass domestic surveillance or fully autonomous weapons.” In a social media post on Truth Social, U.S. President Donald Trump said he was ordering all federal agencies to phase out the use of Anthropic technology within the next six months.

A subsequent X post from Hegseth mandated that all contractors, suppliers, and partners doing business with the U.S. military cease any “commercial activity with Anthropic” effective immediately. “In conjunction with the President’s directive for the Federal Government to cease all use of Anthropic’s technology, I am directing the Department of War to designate Anthropic a Supply Chain Risk to National Security,” Hegseth wrote . The designation comes after weeks of negotiations between the Pentagon and Anthropic over the use of its AI models by the U.S.

military. In a post published this week, the company argued that its contracts should not facilitate mass domestic surveillance or the development of autonomous weapons, citing reasons that the technology isn’t capable enough to support them safely and reliably. “We support the use of AI for lawful foreign intelligence and counterintelligence missions,” Anthropic noted. “But using these systems for mass domestic surveillance is incompatible with democratic values.

AI-driven mass surveillance presents serious, novel risks to our fundamental liberties.” The company also called out the U.S. Department of War’s (DoW) position that it will only work with AI companies that allow “any lawful use” of the technology, while removing any safeguards that may exist, as part of efforts to build an “AI-first” warfighting force and bolster national security. “Diversity, Equity, and Inclusion and social ideology have no place in the DoW, so we must not employ AI models which incorporate ideological ‘tuning’ that interferes with their ability to provide objectively truthful responses to user prompts,” a memorandum issued by the Pentagon last month reads. “The Department must also utilize models free from usage policy constraints that may limit lawful military applications.” Responding to the designation, Anthropic described it as “legally unsound” and said it would set a dangerous precedent for any American company that negotiates with the government.

It also noted that a supply chain risk designation under 10 USC 3252 can only extend to the use of Claude as part of DoW contracts, and that it cannot affect the use of Claude to serve other customers. Sean Parnell, the Pentagon’s chief spokesperson, said in a Thursday X post that the department has no interest in conducting mass domestic surveillance or deploying autonomous weapons without human involvement, describing the narrative as “fake.” “Here’s what we’re asking: Allow the Pentagon to use Anthropic’s model for all lawful purposes,” Parnell said. “This is a simple, common-sense request that will prevent Anthropic from jeopardizing critical military operations and potentially putting our warfighters at risk. We will not let ANY company dictate the terms regarding how we make operational decisions.” The ongoing stalemate has also polarized the tech industry.

Hundreds of employees at Google and OpenAI have signed an open letter urging their companies to stand with Anthropic in its clash with the Pentagon over military applications for AI tools like Claude. xAI CEO Elon Musk sided with the Trump administration on Friday, saying “Anthropic hates Western Civilization.” The standoff between Anthropic and the U.S. government comes as OpenAI CEO Sam Altman said OpenAI reached an agreement with the U.S. Department of Defense (DoD) to deploy its models in their classified network.

It also asked DoD to extend those terms to all AI companies. “AI safety and wide distribution of benefits are the core of our mission. Two of our most important safety principles are prohibitions on domestic mass surveillance and human responsibility for the use of force, including for autonomous weapon systems,” Altman said in a post on X. “The DoW agrees with these principles, reflects them in law and policy, and we put them into our agreement.” Found this article interesting?

How to Discover Shadow AI [Free Guide]

DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams

The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering . The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived proceeds stolen from victims of cryptocurrency investment scams, the department added. “Criminal actors and professional money launderers use cyber-enabled fraud schemes to swindle their victims and conceal their ill-gotten gains,” said HSI Charlotte Acting Special Agent in Charge Kyle D.

Burns. “HSI special agents work diligently to trace the illicit proceeds of crime across the globe to disrupt and dismantle the transnational criminal organizations that seek to defraud hardworking Americans.” As is the norm in such cybercrime operations, threat actors are known to target individuals by cultivating romantic relationships after approaching them on dating and social media messaging apps. These activities are carried out by individuals who are trafficked into scam compounds operating primarily in Southeast Asia with promises of high-paying jobs. The cybercrime syndicates behind the scams then confiscate their passports and are coerced into conning victims online by posing as charming strangers or brokers on investment platforms, or face brutal consequences.

The end goal is to coax unsuspecting users into parting with their hard-earned money in fraudulent cryptocurrency investment schemes. According to the DoJ, the fake platforms displayed made-up investment portfolios displaying unusually high returns in a deliberate attempt to make victims invest more of their funds. The reality hits when users try to withdraw their funds, at which point they are asked to pay an extra fee as a way to extract even more money from them. “Once the victims’ money transferred to a cryptocurrency wallet under the scammers’ control, the crooks quickly routed that money through many other wallets to hide the nature, source, control, and ownership of that stolen money,” the department added.

In a coordinated announcement, Tether said it has frozen around $4.2 billion in assets linked to illicit activity to date, including nearly $250 million related to scam networks since June 2025 alone. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France. The non-profit entity said the compromises are likely accomplished via the exploitation of CVE-2025-64328 (CVSS score: 8.6), a high-severity security flaw that could enable post-authentication command injection. “The impact is that any user with access to the FreePBX Administration panel could leverage this vulnerability to execute arbitrary shell commands on the underlying host,” FreePBX said in an advisory for the flaw in November 2025.

“An attacker could leverage this to obtain remote access to the system as the asterisk user.” The vulnerability affects FreePBX versions higher than and including 17.0.2.36. It was resolved in version 17.0.3. As mitigations, it’s advised to add security controls to ensure that only authorized users have access to the FreePBX Administrator Control Panel (ACP), restrict access from hostile networks to the ACP, and update the filestore module to the latest version. The vulnerability has since come under active exploitation in the wild, prompting the U.S.

Cybersecurity and Infrastructure Security Agency (CISA) to add it to its Known Exploited Vulnerabilities (KEV) catalog earlier this month. Source: The Shadowserver Foundation In a report published late last month, Fortinet FortiGuard Labs revealed that the threat actor behind the cyber fraud operation codenamed INJ3CTOR3 has been exploiting CVE-2025-64328 starting early December 2025 to deliver a web shell codenamed EncystPHP. “By leveraging Elastix and FreePBX administrative contexts, the web shell operates with elevated privileges, enabling arbitrary command execution on the compromised host and initiating outbound call activity through the PBX environment,” the cybersecurity company noted. FreePBX users are recommended to update their FreePBX deployments to the latest version as soon as possible to counter active threats.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

Cybersecurity researchers have disclosed details of a malicious Go module that’s designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate “golang.org/x/crypto” codebase, but injects malicious code that’s responsible for exfiltrating secrets entered via terminal password prompts to a remote endpoint, fetches a shell script in response, and executes it. “This activity fits namespace confusion and impersonation of the legitimate golang.org/x/crypto subrepository (and its GitHub mirror github.com/golang/crypto),” Socket security researcher Kirill Boychenko said . “The legitimate project identifies go.googlesource.com/crypto as canonical and treats GitHub as a mirror, a distinction the threat actor abuses to make github.com/xinfeisoft/crypto look routine in dependency graphs.” Specifically, the backdoor has been placed within the “ssh/terminal/terminal.go” file, so that every time a victim application invokes ReadPassword() – a function supposedly meant to read input like passwords from a terminal – it causes those interactive secrets to be captured.

The main responsibility of the downloaded script is to function as a Linux stager, appending a threat actor’s SSH key to the “/home/ubuntu/.ssh/authorized_keys” file, set iptables default policies to ACCEPT in an attempt to loosen firewall restrictions, and retrieve additional payloads from an external server while disguising them with the .mp5 extension. Of the two payloads, one is a helper that tests internet connectivity and attempts to communicate with an IP address (“154.84.63[.]184”) over TCP port 443. The program likely functions as a recon or loader, Socket noted. The second downloaded payload has been assessed to be Rekoobe, a known Linux trojan that has been detected in the wild since at least 2015 .

The backdoor is capable of receiving commands from an attacker-controlled server to download more payloads, steal files, and execute a reverse shell. As recently as August 2023, Rekoobe has been put to use by Chinese nation-state groups like APT31 . While the package still remains listed on pkg.go.dev, the Go security team has taken steps to block the library as malicious. “This campaign will likely repeat because the pattern is low-effort and high-impact: a lookalike module that hooks a high-value boundary (ReadPassword), uses GitHub Raw as a rotating pointer, then pivots into curl | sh staging and Linux payload delivery,” Boychenko said.

“Defenders should anticipate similar supply chain attacks targeting other ‘credential edge’ libraries (SSH helpers, CLI auth prompts, database connectors) and more indirection through hosting surfaces to rotate infrastructure without republishing code.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the deployment of malware families, such as RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE, and BLUELIGHT to facilitate surveillance on a victim’s system. It was discovered by the cybersecurity company in December 2025. “In the Ruby Jumper campaign, when a victim opens a malicious LNK file, it launches a PowerShell command and scans the current directory to locate itself based on file size,” security researcher Seongsu Park said .

“Then, the PowerShell script launched by the LNK file carves multiple embedded payloads from fixed offsets within that LNK, including a decoy document, an executable payload, an additional PowerShell script, and a batch file.” One of the lure documents used in the campaign displays an article about the Palestine-Israel conflict that’s translated from a North Korean newspaper into Arabic. All three remaining payloads are used to progressively move the attack to the next stage, with the batch script launching PowerShell, which, in turn, is responsible for loading shellcode containing the payload after decrypting it. The Windows executable payload, named RESTLEAF, is spawned in memory, and uses Zoho WorkDrive for C2, marking the first time the threat actor has abused the cloud storage service in its attack campaigns. Once it’s successfully authenticated with the Zoho WorkDrive infrastructure by means of a valid access token, RESTLEAF downloads shellcode, which is then executed via process injection, eventually leading to the deployment of SNAKEDROPPER, which installs the Ruby runtime, sets up persistence using a scheduled task, and drops THUMBSBD and VIRUSTASK.

THUMBSBD, which is disguised as a Ruby file and uses removable media to relay commands and transfer data between internet-connected and air-gapped systems. It’s capable of harvesting system information, downloading a secondary payload from a remote server, exfiltrating files, and executing arbitrary commands. If the presence of any removable media is detected, the malware creates a hidden folder and uses it to stage operator-issued commands or store execution output. One of the payloads delivered by THUMBSBD is FOOTWINE, an encrypted payload with an integrated shellcode launcher that comes fitted with keylogging and audio and video capturing capabilities to conduct surveillance.

It communicates with a C2 server using a custom binary protocol over TCP. The complete set of commands supported by the malware is as follows - sm , for interactive command shell fm , for file and directory manipulation gm , for managing plugins and configuration rm , for modifying the Windows Registry pm , for enumerating running processes dm , for taking screenshots and captures keystrokes cm , for performing audio and video surveillance s_d , for receiving batch script contents from C2 server, saving it to the file %TEMP%\SSMMHH_DDMMYYYY.bat, and executing it pxm , for setting up a proxy connection and relaying traffic bidirectionally. [filepath] , for loading a given DLL THUMBSBD is also designed to distribute BLUELIGHT , a backdoor previously attributed to ScarCruft since at least 2021. The malware weaponizes legitimate cloud providers, including Google Drive, Microsoft OneDrive, pCloud, and BackBlaze, for C2 to run arbitrary commands, enumerate the file system, download additional payloads, upload files, and remove itself.

Also delivered as a Ruby file, VIRUSTASK functions similar to THUMBSBD in that it acts as a removable media propagation component to spread the malware to non-infected air-gapped systems. “Unlike THUMBSBD which handles command execution and exfiltration, VIRUSTASK focuses exclusively on weaponizing removable media to achieve initial access on air-gapped systems,” Park explained. “The Ruby Jumper campaign involves a mult-stage infection chain that begins with a malicious LNK file and utilizes legitimate cloud services (like Zoho WorkDrive, Google Drive, Microsoft OneDrive, etc.) to deploy a novel, self-contained Ruby execution environment,” Park said. “Most critically, THUMBSBD and VIRUSTASK weaponize removable media to bypass network isolation and infect air-gapped systems.” Found this article interesting?

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). “A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar,” the Microsoft Threat Intelligence team said in a post on X. “This downloader used PowerShell and living-off-the-land binaries (LOLBins) like cmstp.exe for stealthy execution.” The attack chain is also designed to evade detection by deleting the initial downloader and by configuring Microsoft Defender exclusions for the RAT components. Persistence is achieved by means of a scheduled task and Windows startup script named “world.vbs,” before the final payload is deployed on the compromised host.

The malware, per Microsoft, is a “multi-purpose malware” that acts as a loader, runner, downloader, and RAT. Once launched, it connects to an external server at “79.110.49[.]15” for command-and-control (C2) communications, allowing it to exfiltrate data and deploy additional payloads. As ways to defend against the threat, users are advised to audit Microsoft Defender exclusions and scheduled tasks, remove malicious tasks and startup scripts, isolate affected endpoints, and reset credentials for users active on compromised hosts. The disclosure comes as BlackFog disclosed details of a new Windows RAT malware family called Steaelite that was first advertised on criminal forums in November 2025 as a “best Windows RAT” with “fully undetectable” (FUD) capabilities.

It’s compatible with both Windows 10 and 11. Unlike other off-the-shelf RATs sold to criminal actors, Steaelite bundles together data theft and ransomware, packaging them into one web panel, with an Android ransomware module on the way. The panel also incorporates various developer tools to facilitate keylogging, client-to-victim chat, file searching, USB spreading, wallpaper modification, UAC bypass, and clipper functionality . Other notable features include removing competing malware, disabling Microsoft Defender, or configuring exclusions, and installing persistence methods.

As for its main capabilities, Steaelite RAT supports remote code execution, file management, live streaming, webcam and microphone access, process management, clipboard monitoring, password theft, installed program enumeration, location tracking, arbitrary file execution, URL opening, DDoS attacks, and VB.NET payload compilation. “The tool gives operators browser-based control over infected Windows machines, covering remote code execution, credential theft, live surveillance, file exfiltration, and ransomware deployment from a single dashboard,” security researcher Wendy McCague said . “A single threat actor can browse files, exfiltrate documents, harvest credentials, and deploy ransomware from the same dashboard. This enables complete double extortion from one tool.” In recent weeks, threat hunters have also discovered two new RAT families tracked as DesckVB RAT and KazakRAT that enable comprehensive remote control over infected hosts and even selectively deploy capabilities post-compromise.

According to Ctrl Alt Intel, KazakRAT is suspected to be the work of a suspected state-affiliated cluster targeting Kazakh and Afghan entities as part of a persistent campaign ongoing since at least August 2022. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams

Meta on Thursday said it’s taking legal action to tackle scams on its platforms by filing lawsuits against what it calls deceptive advertisers based in Brazil, China, and Vietnam. As part of the effort, the advertisers’ methods of payment have been suspended, related accounts have been disabled, and the website domain names used to pull off the scams have been blocked. Concurrently, the social media giant said it has also issued cease and desist letters to eight marketing consultants who advertised the ability to bypass its ad policy enforcement systems. This included fake “un-ban” or account restoration services and renting access to trusted accounts so as to help clients bypass its controls.

At least three advertisers, two from Brazil and one from China, were found to engage in celeb-bait scams, which often involve misusing the image of well-known figures to trick people into clicking on bogus ads that lead to scam sites. These websites are designed to harvest sensitive data or dupe unsuspecting users into sending money or investing in fake platforms. The three advertisers against whom Meta has filed lawsuits are listed below - Brazil-based Vitor Lourenço de Souza and Milena Luciani Sanchez are being sued for using altered images and voices of celebrities to promote fraudulent healthcare products. Brazil-based B&B Suplementos e Cosméticos Ltda.

(Brites Corp), Brites Academia de Treinamento Ltda., Daniel de Brites Macieira Cordeiro, and José Victor de Brites Chaves de Araújo for being part of a scam operation that leveraged synthetic imagery of a prominent physician to advertise healthcare products without regulatory approval and sold courses teaching the same tactics. China-based Shenzhen Yunzheng Technology Co., Ltd for using celeb-bait ads to target people in various countries, including the U.S. and Japan, as part of a fraud scheme designed to lure them into joining investment groups. “To fight celeb-bait scams, we developed protections for celebrities whose images are repeatedly used in these schemes,” Meta said.

“This program currently protects the images of more than 500,000 celebrities and public figures around the world.” In addition, the company noted that it sued Vietnam-based advertiser Lý Văn Lâm for using cloaking techniques to get around its review process. Cloaking refers to an adversarial technique that aims to conceal the true nature of a website linked to an ad in an attempt to fool ad review systems by serving one version of its content during the review and showing an entirely different and malicious content to real users. In this case, the advertiser is said to have used scam ads to offer discounted items from well-known brands in exchange for completing a survey. People who interacted with these ads were taken to phony websites where they were asked to enter credit card information to purchase items that were never delivered.

Their credit cards also incurred unauthorized, recurring fees, a practice known as subscription fraud. The development comes months after a Reuters investigation found that 19% of Meta’s $18 billion in ad sales in China in 2024 came from ads for scams, illegal gambling, pornography, and other banned content. The report also uncovered agencies that allow businesses to run banned advertisements, prompting the company to put its Badged Partners program under review. In an analysis of 14.5 million ads running on Meta platforms across the E.U.

and U.K. over a 23-day period, Gen Digital found that nearly one in three of those ads (about 30.99%) pointed to a scam, phishing, or malware link. “In total, scam ads generated more than 300 million impressions in less than a month,” the cybersecurity company said earlier this month. “The activity was highly concentrated, with just 10 advertisers responsible for over 56% of all observed scam ads.

Repeated campaign clusters were traced to shared payment and infrastructure linked to China and Hong Kong, indicating organized, industrial-scale operations rather than isolated bad actors.” These findings also coincide with the discovery of malicious infrastructure and underground services that have been used to peddle various kinds of scams - Scams have been found to combine malvertising and pig butchering fraud models to defraud victims, primarily those in Japan, by tricking them into clicking on investment-themed ads on social media. These ads redirect victims to websites that prompt them to engage with a supposed expert via messaging apps by scanning a QR code. Once victims are added to one-on-one and group chats with these so-called experts, who are nothing but artificial intelligence (AI)-powered chatbots in some cases, they are persuaded to invest progressively larger amounts of money, only to demand a “release fee” to unlock non-existent profits. More than 23,000 domains within this ecosystem have been discovered.

Threat actors are compromising routers to alter DNS settings to use shadow resolvers hosted in Aeza International , a bulletproof hosting company (BPH) sanctioned by the U.S. Government in July 2025. This unauthorized modification is engineered to selectively alter DNS responses associated with Okta and Shopify, allowing the operators to direct users to scam and malware content by means of an HTTP-based traffic distribution system (TDS). A malicious push notification network has been observed using a network of malicious domains to target Android Chrome users all over the world with a steady stream of unwanted push notifications (e.g., “Android infected with malware!” or “System needs a scan”) after obtaining permissions in a bid to direct to scam sites and adult content.

According to data from Infoblox, Bangladesh, India, Indonesia, and Pakistan represented 50% of all the traffic. A network of over 150 cloned, fake websites has been identified impersonating real law firms based in the U.S. and the U.K., and targeting users looking for legal advice and representation to promote a business impersonation scam. “The sites used the firm’s name, branding, and publicly available attorney identities, presenting themselves as legitimate legal and asset-recovery services, offering to help victims recover funds lost to prior fraud,” Sygnia said .

“The campaign targeted individuals who had already suffered financial fraud.” The proliferation of scams , fueled by a booming pig butchering‑as‑a‑service ( PBaaS ) economy, has not escaped law enforcement’s attention, as evidenced by the dismantling of scam compounds in Southeast Asia in recent months . Earlier this month, the Cambodian government promised to crack down and dismantle cyber scam networks operating within its borders, adding that police officials launched 48 operations in the first nine months of 2025 to combat cyber fraud, arrested 168 people, and deported 2,722 people back to their home countries. The ongoing efforts have cut scam activity in half since the start of this year, Senior Minister Chhay Sinarith, chairman of the Secretariat of the Commission for Combating Technology Crimes, was quoted as saying this week. Cambodian Prime Minister Hun Manet also acknowledged that online scam centres operating in the country are damaging its reputation and undermining its economy.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts. “Instead of relying on traditional servers or domains for command-and-control, Aeternum stores its instructions on the public Polygon blockchain,” Qrator Labs said in a report shared with The Hacker News. “This network is widely used by decentralized applications, including Polymarket, the world’s largest prediction market. This approach makes Aeternum’s C2 infrastructure effectively permanent and resistant to traditional takedown methods.” This is not the first time botnets have been found relying on blockchain for C2. In 2021, Google said it took steps to disrupt a botnet known as Glupteba that uses the Bitcoin blockchain as a backup C2 mechanism to fetch the actual C2 server address. Details of Aeternum C2 first emerged in December 2025, when Outpos…

UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027 . The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.

“Dohdoor utilizes the DNS-over-HTTPS (DoH) technique for command-and-control (C2) communications and has the ability to download and execute other payload binaries reflectively,” security researchers Alex Karkins and Chetan Raghuprasad said in a technical report shared with The Hacker News. Although the initial access vector used in the campaign is currently not known, it’s suspected to involve the use of social engineering phishing techniques, leading to the execution of a PowerShell script. The script then proceeds to download and run a Windows batch script from a remote staging server, which, for its part, facilitates the download of a malicious Windows dynamic-link library (DLL) that’s named “propsys.dll” or “batmeter.dll.” The DLL payload – i.e., Dohdoor – is launched by means of a legitimate Windows executable (e.g., “Fondue.exe,” “mblctr.exe,” and “ScreenClippingHost.exe”) using a technique referred to as DLL side-loading . The backdoored access created by the implant is used to retrieve a next-stage payload directly into the victim’s memory and execute it.

The payload is assessed to be a Cobalt Strike Beacon. “The threat actor hides the C2 servers behind the Cloudflare infrastructure, ensuring that all outbound communication from the victim machine appears as legitimate HTTPS traffic to a trusted global IP address,” Talos said. “This technique bypasses DNS-based detection systems, DNS sinkholes, and network traffic analysis tools that monitor suspicious domain lookups, ensuring that the malware’s C2 communications remain stealth by traditional network security infrastructure.” Dohdoor has also been found to unhook system calls to bypass endpoint detection and response (EDR) solutions that monitor Windows API calls through user-mode hooks in NTDLL.dll . Raghuprasad told The Hacker News that, “the attacker had infected several educational institutions, including a university that is connected to several other institutions, indicating a potential wider attack surface.

Additionally, one of the affected entities was a healthcare facility, specifically for elderly care.” Analysis of the campaign has revealed no evidence of data exfiltration to date. Although no final payloads have been observed other than what appears to be the Cobalt Strike Beacon to backdoor into the victim’s environment, it’s believed that UAT-10027’s actions are likely driven by financial gain based on the victimology pattern, the researcher added. There is currently no clarity on who is behind UAT-10027, but Cisco Talos said it found some tactical similarities between Dohdoor and LazarLoader , a downloader previously identified as used by the North Korean hacking group Lazarus in attacks aimed at South Korea. “While UAT-10027’s malware shares technical overlaps with the Lazarus Group, the campaign’s focus on the education and health care sectors deviates from Lazarus’ typical profile of cryptocurrency and defense targeting,” Talos concluded.

“However, […] North Korean APT actors have targeted the healthcare sector using Maui ransomware , and another North Korean APT group, Kimsuky , has targeted the education sector , highlighting the overlaps in the victimology of UAT-10027 with that of other North Korean APTs.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper.

Access happens faster. Control is established sooner. Cleanup becomes harder. Here is a quick look at the signals worth paying attention to.

AI-powered command execution Kali Linux Integrates Claude AI Assistant via MCP Kali Linux, an advanced penetration testing Linux distribution used for ethical hacking and network security assessments, has added an integration with Anthropic’s Claude large language model through the Model Context Protocol (MCP) to issue commands in natural language and translate them into technical commands. Belarus-linked Android spyware ResidentBat Infrastructure Analyzed ResidentBat is an Android spyware implant used by Belarusian authorities for surveillance operations against journalists and civil society. Once installed, it provides operators with access to call logs, microphone recordings, SMS, encrypted messenger traffic, screen captures, and locally stored files. The malware, although first documented in December 2025, is assessed to date back to 2021.

According to Censys, ResidentBat-associated infrastructure is concentrated in Europe and Russia: the Netherlands (5 hosts), Germany (2 hosts), Switzerland (2 hosts), and Russia (1 host) in a recent Platform view, using a narrow port range (7000-7257) for control traffic. Crypto phishing wave Phishing Campaigns Impersonate Bitpanda Phishing campaigns are impersonating cryptocurrency brokerage services like Bitpanda to harvest sensitive data under the pretext of reconfirming their information or risk having their accounts blocked. “Attempting to get multiple forms of information and identification, the attackers used tactics that would seem legitimate to the everyday user,” Cofense said . “User information such as name verification, email, and password credentials, and location were all used in this attempt to harvest information under the guise of a multi-factor authentication process.” Breakout times shrink Adversaries Get Faster in 2025 In its 2026 Global Threat Report, CrowdStrike said adversaries became faster than ever before in 2025.

“The average e-crime breakout time — the period between initial access and lateral movement onto another system — dropped to 29 minutes, a 65% increase in speed from 2024,” the company said . One such intrusion undertaken by Luna Moth (aka Chatty Spider) targeting a law firm moved from initial access to data exfiltration in four minutes. Chief among the factors fueling this dramatic acceleration was the widespread abuse of legitimate credentials, which allowed attackers to blend into normal network traffic and bypass many traditional security controls. This was coupled with threat actors of varied motivations utilizing AI technology to accelerate and optimize their existing techniques.

Some of the threat actors that have leveraged AI in their operations include Fancy Bear , Punk Spider (aka Akira), Blind Spider (aka Blind Eagle), Odyssey Spider (aka TA558), and an India-nexus hacking group called Frantic Tiger that has used Netlify and Cloudflare pages for credential-harvesting operations. The cybersecurity company said it observed an 89% increase in the number of attacks by AI-enabled adversaries compared to 2024 and a 42% year-over-year increase in zero-days exploited prior to public disclosure. In tandem, 67% of vulnerabilities exploited by China-nexus adversaries provided immediate system access, and 40% targeted edge devices that typically lack comprehensive monitoring. The vast majority of attacks, 82%, were free of malware — highlighting attackers’ enduring shift toward hands-on-keyboard operations and the abuse of legitimate tools and credentials.

4-minute lateral movement Fastest Attacker Breakout Time Drops to 4 Minutes In a similar report, ReliaQuest said the fastest intrusions reached lateral movement in just 4 minutes, an 85% acceleration from last year, with data exfiltration taking place in 6 minutes. The statistic is fueled by attackers increasingly weaving AI and automation into their tradecraft. “As attackers increasingly secure valid credentials with elevated privileges, the time to react has drastically dropped,” ReliaQuest said . “In 2025, the average breakout time (initial access to lateral movement) dropped to 34 minutes.

In 47% of incidents, they secured high privileges before ever touching the network. This allows them to skip escalation, blend into traffic, and repurpose legitimate tools.” ClickFix fuels Mac stealers Mac Users Targeted by Stealer Malware Using ClickFix Mac users searching for popular software like Homebrew, 7-Zip, Notepad++, LibreOffice, and Final Cut Pro are the target of an active malvertising campaign powered by at least 35 hijacked Google advertiser accounts originating from countries including the U.S., Canada, Italy, Poland, Brazil, India, Saudi Arabia, Japan, China, Romania, Malta, Slovenia, Germany, the U.K., and the U.A.E. More than 200 malicious advertisements impersonating legitimate macOS software have been found. The end goal of these efforts is to direct users to fake pages that contain ClickFix -like instructions to deliver MacSync stealer.

Another ClickFix campaign has been observed using fake CAPTCHA verification lures on bogus phishing pages to distribute stealer malware that can harvest data from web browsers, gaming apps like Steam, cryptocurrency wallets, and VPN apps. According to ReliaQuest data, a quarter of attacks used social engineering for initial access last year, with ClickFix responsible for delivering 59% of the top malware families. Encryption debate resurfaces Meta Executive Warned Against Encryption in Messenger and Instagram Meta went ahead with a plan to encrypt the messaging services connected to its Facebook and Instagram apps despite internal warnings that it would hinder the social media giant’s ability to flag child-exploitation cases to law enforcement, Reuters reported . The internal chat exchange dated March 2019 was filed in connection with a lawsuit brought by the U.S.

state of New Mexico, accusing it of exposing children and teens to sexual exploitation on its platforms and profiting from it. In response to the concerns raised, Meta said it worked on additional safety features before it launched encrypted messaging on Facebook and Instagram in 2023. ActiveMQ flaw aids LockBit Apache ActiveMQ Exploit Leads to LockBit Ransomware Threat actors are exploiting a now-patched security flaw in internet-facing Apache ActiveMQ servers ( CVE-2023-46604 ) to deploy LockBit ransomware. “Despite being evicted after the initial intrusion, they successfully breached the same server on a second occasion 18 days later,” The DFIR Report said .

“After compromising the server, the threat actor used Metasploit, possibly along with Meterpreter, to perform post-exploitation activities. These activities included escalating privileges, accessing LSASS process memory, and moving laterally across the network. After regaining access following their eviction, the threat actor swiftly transitioned to deploying ransomware. They leveraged credentials extracted during their previous breach to deploy LockBit ransomware via RDP.” The ransomware is suspected to be crafted using the leaked LockBit builder .

Chrome crash-to-command trick CrashFix Variants Detailed Two newly flagged Google Chrome extensions, Pixel Shield - Block Ads (ID: nlogodaofdghipmbdclajkkpheneldjd) and PageGuard - Phishing Protection (ID: mlaonedihngoginmmlaacpihnojcoocl), have been found to adopt the same playbook as CrashFix , where the browser is deliberately crashed, and the user is tricked into running a malicious command à la ClickFix. The most concerning aspect of this campaign is that the extensions actually work and offer the advertised functionality. “The original NexShield DoS created a billion chrome.runtime.connect() calls,” Annex Security’s John Tuckner said . “These variants use a different technique I’m calling the Promise Bomb because it crashes the browser by flooding Chrome’s message passing system with millions of unresolvable promises.” While the original NexShield used timer-based activation, the new variants have evolved to push notification-based command-and-control (C2), causing the denial-of-service to be triggered only when the C2 server sends a push notification containing a “newVersion” value ending in “2.” This, in turn, gives the attacker selective remote control over when the crashes happen.

WinRAR patch lag persists Widespread Exposure to CVE-2025-8088 Cybersecurity firm Stairwell said more than 80% of the IT networks it monitors run versions of WinRAR vulnerable to CVE-2025-8088 , a vulnerability that has been widely exploited by cybercrime and cyber espionage groups. “This finding underscores a persistent challenge in enterprise security when widely deployed, trusted software that quietly falls out of date and becomes a high-value target for attackers,” Alex Hegyi said . Crypto IV reuse risk Open-Source Projects Use Crypto Libraries with Insecure Defaults A new analysis from Trail of Bits has revealed that more than 723,000 open-source projects use cryptographic libraries with insecure defaults. The aes-js and pyaes libraries have been found to provide a default initialization vector (IV) in their AES-CTR API, leading to a large number of key/IV reuse bugs.

“Reusing a key/IV pair leads to serious security issues: if you encrypt two messages in CTR mode or GCM with the same key and IV, then anybody with access to the ciphertexts can recover the XOR of the plaintexts, and that’s a very bad thing,” Trail of Bits said . While neither library has been updated in years, strongSwan has released an update to address the problem in strongMan ( CVE-2026-25998 ). AI audits smart contracts OpenAI Teams Up with Paradigm for EVMbench OpenAI and Paradigm have jointly announced EVMbench, a benchmark that measures how well AI agents can detect, exploit, and patch high-severity smart contract vulnerabilities. “EVMbench draws on 120 curated vulnerabilities from 40 audits, with most sourced from open code audit competitions,” OpenAI said .

“EVMbench is intended both as a measurement tool and as a call to action. As agents improve, it becomes increasingly important for developers and security researchers to incorporate AI-assisted auditing into their workflows.” Fake FSB extortion plot Moscow Man Accused of Impersonating FSB to Extort Conti Gang A Russian national has been accused of trying to extort money from the notorious Conti ransomware group by posing as an officer of Russia’s Federal Security Service (FSB), according to local media reports. RBC reported that the suspect, Ruslan Satuchin, posed as an FSB officer and demanded a large payment from Conti. Although an investigation was formally launched in September 2025, the incident allegedly began in September 2022 when Satuchin contacted one of the members of the hacker group and extorted them to avoid criminal liability.

Once a prolific ransomware gang, Conti shut down its operations in mid-2022 after splintering into small groups. Ad cloaking service exposed 1Campaign Service Helps Malicious Google Ads Evade Detection Varonis has disclosed details of a newly identified cybercrime service known as 1Campaign that enables threat actors to run malicious Google Ads for extended periods of time while evading scrutiny. The cloaking platform “passes Google’s screening, filters out security researchers, and keeps phishing and crypto drainer pages online for as long as possible, funneling real users to attacker-controlled sites,” Varonis security researcher Daniel Kelley said . “It combines real-time visitor filtering, fraud scoring, geographic targeting, and a bot guard script generator into a single dashboard.” It’s developed and maintained by a threat actor named DuppyMeister for over three years, along with offering Telegram channels for support.

Traffic linked to 1Campaign has been distributed across the U.S., Canada, the Netherlands, China, Germany, France, Japan, Hungary, and Albania. Teams call drops macOS malware Social Engineering Using Teams Leads to macOS Malware A social engineering campaign has been observed using Microsoft Teams meetings to trick attendants into installing macOS malware. Daylight Security has assessed that the activity is consistent with an ongoing attack campaign orchestrated by North Korean threat actors under the name GhostCall . “During the call, the attacker claimed audio issues and coached the victim into running terminal commands that downloaded and executed malicious binaries,” Daylight researchers Kyle Henson and Oren Biderman said .

“Analysts observed staged downloads and execution from macOS cache and temporary paths, Keychain credential access, and outbound connections to newly created attacker-controlled domains.” RAMP fallout reshapes underground What Happened Post RAMP Shutdown? Last month, law enforcement authorities from the U.S. seized the notorious RAMP cybercrime forum . The event has had a cascading impact, destabilising trust and accelerating fragmentation across the underground cybercrime ecosystem.

There are also speculations that RAMP may have functioned as a honeypot or had been compromised long before its seizure. “Rather than consolidating around a single successor, ransomware actors are redistributing across both gated platforms like T1erOne and accessible forums such as Rehub,” Rapid7 said . “This shift reflects adaptation, not decline. Disruption fractures trust and redistributes coordination across multiple platforms.” Anonymous Fénix members detained Spain Arrests Suspected Hacktivists for DDoS Attacks Spanish authorities have announced the arrest of four members of the Anonymous Fénix group for their involvement in distributed denial-of-service (DDoS) attacks.

The suspects, whose names were not disclosed, targeted the websites of government ministries, political parties, and public institutions. Two of the group leaders were arrested in May 2025. The first attacks occurred in April 2023. The group is said to have intensified its activities beginning in September 2024, recruiting volunteers to mount DDoS attacks against targets of interest.

Judicial spear-phish drops RAT Argentina’s Judicial Sector Targeted by RAT Malware A spear-phishing campaign has been observed targeting Argentina’s judicial sector that delivers a ZIP archive containing a Windows shortcut that, when launched, displays a decoy PDF to the victims, while stealthily dropping a Rust-based remote access trojan (RAT). “The campaign leverages highly authentic judicial decoy documents to exploit trust in court communications, enabling successful delivery of a covert remote access trojan and facilitating long-term access to sensitive legal and institutional data,” Seqrite Labs said . Typosquat spreads ValleyRAT Fake Huorong Website Drops ValleyRAT A persuasive lookalike website of Huorong Security antivirus (“huoronga[.]com”) has been used to deliver a RAT malware known as ValleyRAT . The campaign is the work of a Chinese cybercrime group called Silver Fox, which has a history of distributing trojanized versions of popular Chinese software and other popular programs through typosquatted domains to distribute trojanized installers responsible for deploying ValleyRAT.

“Once it’s installed, attackers can monitor the victim, steal sensitive information, and remotely control the system,” Malwarebytes said . Repo-squatting via Google Ads GPUGate Campaign Delivers Hijack Loader Users searching for developer tools have become the target of an ongoing campaign dubbed GPUGate that uses a malicious installer to deliver Hijack Loader and Atomic Stealer . “The attacker creates a throwaway GitHub account and forks the official GitHub Desktop repository,” GMO Cybersecurity by Ierae said . “The attacker edits the download link in the README to point to their malicious installer and commits the change.

Lastly, the attacker used sponsored ads for ‘GitHub Desktop’ to promote their commit, using an anchor in README.md to skip past GitHub’s cautions.” Victims who downloaded the malicious Windows installer would execute a multi-stage loader, while Mac victims received Atomic Stealer. These stories may seem separate, but they point in the same direction. Speed is increasing. Deception is improving.

And attackers are finding new ways to blend into everyday activity. The warning signs are there for those who look closely. Small gaps, delayed patches, misplaced trust, and rushed clicks still make the biggest difference. Staying aware of these shifts is no longer optional.

The details change each week. The pressure does not. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.