2026-06-17 AI创业新闻
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-48907 (CVSS score: 10.0), is a case of improper access control that could facilitate arbitrary code execution. “Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users,” CISA said .
According to a description of the vulnerability published on CVE.org, the issue resides in the JCE editor extension for Joomla, allowing a bad actor to create new editor profiles for unauthenticated users, effectively paving the way for PHP code upload and execution. The issue impacts JCE versions from 1.0.0 through 2.9.99.4. It has been patched in version 2.9.99.5, released on June 3, 2026. In its release notes, Widget Factory said “insufficient access controls permitted unauthenticated users to upload editor profiles.” There is currently no information on how the vulnerability is being exploited in the wild.
Federal Civilian Executive Branch (FCEB) agencies have been ordered to apply the fixes by June 19, 2026. Multiple Campaigns Target WordPress Sites The disclosure comes as Sansec detailed a new supply chain attack campaign that targeted over 1 million sites using OptinMonster, TrustPulse, and PushEngage WordPress plugins, with the threat actors injecting malicious JavaScript that “waits for a logged-in administrator, creates a backdoor admin account, and installs a self-hiding backdoor plugin.” In another campaign, unknown attackers have been found to compromise a WordPress site to embed a fake WordPress plugin named “Beloved PBN Entegrasyonu” that stealthily beaconed the site’s URL to an external API upon every page load and injected arbitrary HTML or JavaScript returned by the server into the web page’s footer. Exactly how the attackers breached the website is unclear, but the access is said to have enabled them to stage two PHP web shells as raw executable code with the “wp_posts” database records and granted them the ability to interact with the scripts over HTTP. This, in turn, facilitated unrestricted read/write access to the entire server file system without requiring any authentication.
Specifically, the database-resident payloads allow the threat actor to perform file actions, such as read, write, edit, or delete any file on the server, browse directories across the entire server, change file permissions, rename files, create new files and folders, and upload files from their own computer. “Every visitor to the compromised site received injected PBN outbound links in their page source on every page load, directly damaging the site’s search rankings and risking a manual penalty in Google Search Console,” Sucuri researcher Puja Srivastava said . “The campaign is operated by a Turkish-speaking threat actor and is built around a classic SEO monetization scheme: hidden backlink injection for a Private Blog Network (PBN), most likely tied to the gambling and adult affiliate niche.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim’s project hijack the victim’s machine learning model upload and run code inside Google’s serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google’s bug bounty program, calls the technique “ Pickle in the Middle “ and said it saw no exploitation in the wild. Google has patched it; if you use the SDK, update to version 1.148.0 or later. The attacker needed only a Google Cloud project of their own and the victim’s project ID, which is often public.
No credentials, no phishing, no foothold in the target. The flaw was in how the SDK chose a temporary Cloud Storage bucket for model uploads. If a user did not set a bucket, the SDK generated a predictable name from the project ID and region, such as project-vertex-staging-region . It checked whether that bucket existed, but not whether the victim owned it.
Because bucket names are globally unique, an attacker could create the expected bucket first in their own project. The victim’s SDK would then upload the model files to the attacker’s bucket. The attacker could then replace the uploaded model with a malicious one. Many Python ML models are saved with pickle or joblib , which can run code when a file is loaded.
When Vertex AI later loaded the swapped model, the attacker’s code executed inside the serving container. The attack depended on speed. Unit 42 measured about 2.5 seconds between the victim’s upload and Vertex AI reading the file. In its proof of concept, the attacker used a Cloud Function that triggered after upload and replaced the model in 1.4 seconds, before Vertex AI read it.
The payload then stole an OAuth token from the serving container’s metadata server and sent it to the attacker. In Unit 42’s test environment, that token was not limited to the compromised deployment. It could access other model artifacts in the same Google-managed tenant project, including a full TensorFlow model with trained weights, as well as BigQuery metadata, access lists, tenant logs, GKE cluster names, and internal container image paths. The attack worked only under specific conditions: the victim’s default staging bucket did not already exist in that region, and the victim left the staging_bucket parameter unset.
The first is common for a new project in Vertex AI in a region. The second depends on the developer relying on the SDK’s default rather than naming their own bucket. Unit 42 reported the flaw through Google’s Vulnerability Reward Program on March 5, 2026. It tested versions 1.139.0 and 1.140.0, the latest available at the time, and found both vulnerable.
Google shipped an initial fix in v1.144.0 on March 31, adding a random uuid4 to the bucket name. It completed the fix in v1.148.0 on April 15, adding bucket ownership verification to block bucket squatting in Model.upload(). As of publication, neither Unit 42 nor Google’s Vertex AI security bulletins list a CVE for the issue. Update to 1.148.0 or later so the ownership check is active.
Also, set an explicit staging_bucket to a Cloud Storage location you control when uploading models. Because the flawed logic lives in the client SDK, check the google-cloud-aiplatform version wherever it runs, including notebooks, CI jobs, and training pipelines, not only production services. It is the second predictable-bucket-name flaw to surface in Vertex AI this year. Google patched CVE-2026-2473 in February, a separate bucket-squatting bug in Vertex AI Experiments that also allowed cross-tenant code execution, model theft, and poisoning.
Unit 42’s earlier work on Vertex AI’s default service-agent permissions traced a related path from a deployed AI agent into customer and tenant data. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader , Lorem Ipsum Loader , and Potemkin , per independent reports from Morphisec , BlueVoyant , and Huntress , respectively. Attacks involving BabaDeda Loader, observed in April 2026, have targeted education and financial organizations. “Earlier BabaDeda activity was known for concealing malicious payloads inside legitimate looking installer packages,” Morphisec researcher Shmuel Uzan said. “This new framework keeps that same code genome but expands it into a far more capable loader built for stealth, evasion, and payload flexibility.” The starting point of the attacks is a ClickFix social engineering attack that deceives users into running attacker-supplied PowerShell commands to deliver the loader, which is then used to drop information stealers and remote access trojans (RATs) by combining well-known techniques like hidden PowerShell, in-memory shellcode, DLL side-loading, and external payload storage.
The activity has been attributed to BabaDeda , a crypter service that was first documented by Morphisec in November 2021 in connection with a campaign targeting the cryptocurrency and Web3 sectors to distribute information stealers, RATs, and LockBit ransomware. The loader is designed to profile the host, avoid running on Russian or Belarusian systems, and perform security product-related checks before retrieving the main payload and injecting it into a trusted Windows process such as “svchost.exe.” One of the malware families delivered via BabaDeda Loader is a .NET backdoor and information stealer that can harvest sensitive data and establish an encrypted channel to a command-and-control (C2) server. The malware supports a wide range of functions, including - Collecting detailed system information Discovering installed browser profiles Extracting browser artifacts such as cookies, browsing history, saved credentials, preferences, and local-state encryption keys Traversing directories and selecting files based on configurable rules Reading and exfiltrating file contents Capturing screenshots and displaying information Executing shell commands or external processes and collecting output Transferring data back to the C2 server Using native Windows APIs for process interaction, memory operations, DPAPI access, Restart Manager behavior, and advanced file access A second attack chain drops a ZIP archive that employs DLL side-loading to launch DanaBot and SectopRAT (aka ArechClient). What’s notable about these attacks is the use of a staged loader component dubbed Storage Crypter that reads the payload material from external storage-like files such as “List.Control.dat.” “The visible application package appears legitimate, while malicious payloads remain hidden inside externally stored containers and are decoded only moments before execution,” Morphisec said.
“This design minimizes forensic visibility, complicates automated analysis, and reduces opportunities for traditional security tools to identify malicious activity before execution occurs.” The findings represent an evolution of the modern loader frameworks, which have become increasingly modular and separate delivery, storage, execution, and payload deployment into distinct components rather than relying on a single monolithic entity. ClickFix Chain Drops Lorem Ipsum Loader The Click Fix technique has also been observed in an active campaign that uses at least five compromised WordPress sites as a starting point to deliver a nascent loader, and backdoor codenamed Lorem Ipsum Loader. The hacked websites span multiple sectors, including architecture, legal services, and construction technology. The attacks mark a departure from prior opportunistic campaigns that employed trojanized Microsoft Teams installers through fake download portals promoted via SEO poisoning and malvertising.
The loader is believed to be active in the wild since February 2026. “The pivot to ClickFix lures hosted on compromised WordPress (WP) sites significantly broadens the potential victim pool and demonstrates the operators’ willingness to rapidly adapt their initial access techniques,” BlueVoyant researchers Thomas Elkins and Joshua Green said. The change in delivery mechanism has been attributed to Microsoft’s recent disruption of Fox Tempest (aka Forging Marauder), a threat actor that advertised a malware-signing-as-a-service (MSaaS) operation to help deliver malware without raising any red flags using fraudulently signed Microsoft Trusted Signing certificates. “The loss of certificate supply rendered the previously signed-installer delivery model unviable, forcing the operators to adopt a delivery mechanism that eliminates code signing entirely,” the researchers added.
The threat activity cluster is the latest instance of how bad actors can easily bounce back and adapt to alternative delivery models despite continued efforts by defenders and law enforcement to dismantle their operations. The Lorem Ipsum ecosystem has been attributed with high confidence to a financially motivated threat actor known as Vanilla Tempest (aka Rapid Brigantine, Vice Society, and Vice Spider) that’s known for deploying ransomware families like Rhysida, BlackCat, Zeppelin, and Quantum Locker. Attack sequences distributing Lorem Ipsum Loader make use of ClickFix-style Edge web browser security update lures to run a malicious command that downloads a ZIP file and an outdated version of Node.js released in 2017 (version 7.10.1) to execute JavaScript-based payloads present within the archive while minimizing chances of detection. The JavaScript payload functions as a dropper for deploying and executing additional malware components on the infected system, including a batch script that sets up persistence by launching a DLL side-loading chain to execute a malicious DLL (“mscoree.dll” or “msvcp140.dll”), which, in turn, decodes the embedded Lorem Ipsum Loader payload.
“The Lorem Ipsum Loader is designed to retrieve the next-stage Lorem Ipsum Backdoor from C2 infrastructure obtained from attacker-controlled profiles hosted on social networking platforms,” BlueVoyant said, adding the backdoor contains functionality to run next-stage payloads received from the C2 server. “The Lorem Ipsum chain culminates in handoff to Rapid Brigantine’s established post-exploitation tooling and ultimately to their documented ransomware deployments, primarily Rhysida.” Potemkin, RMMProject, and EtherRAT Delivered via ClickFix The third campaign to rely on ClickFix is a sophisticated attack chain that installs an MSI package, which then drops a previously undocumented loader codenamed Potemkin via an HTML Application (HTA) payload. The loader serves as a conduit for EtherRAT and RMMProject, a Lua-scriptable DLL with modules to enable remote screen control and browser credential theft by getting around Chromium’s App-Bound Encryption ( ABE ) protections. RMMProject also implements a task dispatcher mechanism to run a file or process, take screenshots, siphon browser autofill data, execute arbitrary Lua scripts, terminate browser processes, and download and run an additional module from a URL at runtime.
Potemkin loader is a “custom x64 loader that uses a domain generation algorithm to find its C2 and reflectively loads follow-on modules in memory,” Huntress researchers Anna Pham and Zach Rogers said. The activity was detected by the security vendor last month. The loader supports various functionally distinct components to handle the overall lifecycle, DGA-driven C2 discovery using a built-in 1,000-word dictionary, victim identification by means of a unique UUID value written to “%LOCALAPPDATA%\hyper-v.ver,” task polling, DLL retrieval and execution, and a custom byte cipher to protect the C2 communication and the DGA dictionary. With the access established, the unknown threat actor is said to have engaged in hands-on keyboard activity to configure Microsoft Defender exclusions, deploy Chisel reverse SOCKS tunnels, conduct additional reconnaissance, set up a Cloudflare tunnel for persistent access, and spread laterally via WMIExec and SMBExec to reach the domain controller and propagate EtherRAT across over 11 hosts.
ClickFix Remains an Enduring Technique The discoveries come as ClickFix continues to be an effective method to target Windows and macOS users with fraudulent bot verification screens to deliver malicious payloads like Phexia Stealer , a macOS infostealer, and HellsUchecker , a backdoor delivered via EtherHiding that’s capable of executing files retrieved from C2 and reporting the results back. ClickFix campaigns have also capitalized on the growing interest surrounding artificial intelligence (AI) tools to distribute fake MSI installers for Claude to run PowerShell payloads. “ClickFix remains effective for a simple reason: it exploits human nature. People naturally follow directions when presented with a clear, authoritative-looking instruction (‘press Win+R, paste this, hit Enter’),” Huntress researchers said.
“The social engineering doesn’t need to be sophisticated; it just needs to look like a legitimate troubleshooting step, and more often than not, that’s enough.” The risk posed by pasting commands into the Terminal app from websites (or chat agents, or messaging or email apps) has prompted Apple to introduce a new security pop-up in macOS Tahoe 26.4 that warns Mac users attempting to do so. “Scammers use these channels to instruct people to paste malicious commands into Terminal to harm your Mac or compromise your privacy,” Apple notes in a support document published this week. “This alert helps make sure that you aren’t tricked into running a command that you didn’t expect.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
Security researchers at Zimperium’s zLabs have documented a new Android banking trojan, Rokarolla , that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends SMS, rewrites the clipboard to redirect crypto payments, and switches off Google Play Protect. Rokarolla , named after its command-and-control servers, spreads through malicious websites posing as well-known apps such as TikTok and Chrome. The first thing a victim installs is a dropper that pretends to be Google Play Protect.
It uses that disguise to get the payload installed and grab Accessibility access. Once the malware is running, one of its commands turns Play Protect off. The theft runs through overlays. Rokarolla pulls a target list from its server, and for each app flagged active, it downloads a fake HTML login page and stores it in a local database.
When the victim opens the real banking or wallet app, the malware drops the fake page on top and captures everything typed into it, card details included. The report shows one such fake page mimicking the banking app ‘imagin.’ A separate overlay mimics the Android lock screen to capture the PIN, pattern, or password, which lets the operator control the phone even while it is locked. It reads every SMS on the device and can send messages itself, which is enough to grab the SMS one-time codes banks use to approve logins and transactions. By making itself the phone’s default app for texts and calls, it can also block incoming calls, so a warning call from the bank never gets through.
A keylogger and screen logger record what the user types and sees, and the trojan scrapes contacts and reads notifications. The clipboard gets rewritten silently, swapping in attacker wallet addresses so a copied crypto payment lands in the wrong account. For surveillance, Rokarolla skips the usual MediaProjection screen casting, which throws a visible recording prompt, and instead takes screenshots through Accessibility, compresses them to PNG, and ships them out one frame at a time. That snapshot approach is simpler and quieter than the live hidden VNC seen in families like Klopatra .
- The malware carries multiple fallback C2 domains and can be handed new ones on the fly, so pulling a single server does little. It’s 137 commands outnumber the 107 Zimperium counted in the
- HOOK trojan
- , and the playbook is the same one running through a
- wave of 2026 Android bankers
- fake-app droppers, Accessibility abuse, and HTML overlays. There is no patch to apply here. This is malware, not a product flaw, so the defenses are the standard ones for Android bankers.
Install apps only from Google Play, leave Play Protect on, and treat any unexpected Accessibility request as a red flag, since that one permission drives the whole attack chain. Zimperium says its own products detect the family, and the indicators of compromise are in its GitHub repository . Zimperium did not tie Rokarolla to a named group. What the build shows is intent: a banker put together to beat the exact protections users are told to rely on, from Play Protect down to the lock screen.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms. Yet despite this abundance of information, many organizations continue to face a fundamental challenge: sifting through the noise to understand who is behind an IP and what action should follow . Case in point: a recent industry study of more than 200 security practitioners conducted by Spur Intelligence found that anonymizing infrastructure - including VPNs and residential proxy networks - now appears in nearly every security incident.
At the same time, the study showed that many organizations admit they lack the visibility, context, and operational workflows needed to make effective decisions based on that IP data. The findings support a broader industry trend: a reactive approach to managing IP-based risks. The Rise of Anonymized Infrastructure The widespread availability of VPN services, residential proxy networks, and other anonymization tools has fundamentally changed how cybercriminals operate. Residential proxies route traffic through consumer internet connections, making malicious activity blend in with normal user behavior.
VPN services provide additional layers of anonymity while allowing rapid switching between locations and network identities. As a result, traditional approaches based solely on reputation or static blocklists are becoming less effective. Security teams are increasingly encountering attacks where the IP address itself provides little immediate insight into intent. The Spur study showed that nearly half of companies reported significant operational or financial impact from account takeover attempts and credential abuse via VPNs and residential proxies.
In these incidents, an address may appear residential, belong to a legitimate ISP, and exhibit no prior malicious reputation while still being part of an active attack campaign. The Context Deficit One of the most significant obstacles facing security operations today is a lack of contextual information to help determine who is actually behind a connection. The Spur study reinforces this observation, with nearly half of respondents saying a lack of context is the biggest challenge for their security teams analyzing IP activity. Basic IP attributes, such as geolocation and network ownership, remain useful, but they often fail to explain the intent behind activity.
Security teams increasingly need additional layers of context, including infrastructure classification, VPN and proxy attribution , behavioral indicators, historical usage patterns, device and session correlations, and automation and bot signals. Without this context, analysts are forced to make decisions based on incomplete information. With context, they can understand not only where traffic is coming from, but also why it may represent elevated risk. Reactive Security Remains the Norm Although organizations recognize the value of IP intelligence, many still use it primarily during investigations.
IP enrichment is commonly applied after alerts have already been generated, helping analysts review historical events and investigate incidents. While this approach provides value, it limits the strategic impact of IP intelligence. A growing number of security teams are exploring ways to move IP intelligence earlier into the decision-making process. Rather than using IP data solely to investigate incidents, they want it to influence security outcomes in real time.
The Spur study examines this dichotomy, with the majority of respondents indicating that they leverage IP intelligence for basic use cases but want workflows to be more predictive and intelligence-led. Examples include applying IP intelligence for adaptive authentication, risk-based access controls, fraud prevention workflows, automated policy enforcement, and session risk scoring. The goal of proactively applying IP intelligence is to make better decisions before incidents escalate. The Overlooked Internal Risk of Anonymization External threats receive most of the attention in discussions about anonymized infrastructure, but many organizations face a second challenge much closer to home.
Bring-your-own-device policies, consumer applications, and personal VPN usage have expanded the number of pathways through which anonymizing traffic can enter enterprise environments. Nation-state actors posing as legitimate employees in high-concentration remote work environments is another. In many cases, organizations have limited visibility into whether employees are using proxy services, residential networks, or VPN tools while accessing corporate resources. This creates blind spots that traditional perimeter-focused security strategies may not address.
The Spur study validates this concern, with a surprisingly high 61% of respondents reporting being moderately, slightly, or not at all concerned about the potential exposure of their internal network via residential proxies on employee devices or consumer apps. As zero-trust architectures continue to mature, security teams must treat internal proxy activity as a potential risk signal rather than assuming trusted users and trusted devices automatically imply trusted network behavior. Quantifying the Effectiveness of IP Intelligence Many organizations invest in IP intelligence technologies but struggle to quantify their effectiveness. Historically, success has often been measured using indicators such as blocked threats or enrichment coverage.
However, these metrics may not fully capture operational value. The Spur study shows that organizations are less mature in how they measure their IP intelligence efforts, and a full third of companies aren’t measuring it at all. Increasingly, security leaders are focusing on outcomes such as investigation time, false positives, and costs. These metrics align more closely with business impact and help justify investment in security intelligence capabilities.
As budgets remain constrained, demonstrating measurable operational improvements will become increasingly important. The Future of IP Intelligence The next phase of IP intelligence will likely be defined by three trends. First, organizations will demand richer context rather than larger volumes of raw data. Analysts need attribution, behavioral insight, and infrastructure intelligence, not just additional indicators.
Second, automation will become a priority. Security teams increasingly want IP intelligence integrated directly into detection, prevention, and access-control workflows rather than isolated in investigative tools. Third, IP intelligence will become more closely tied to decision-making. Instead of acting solely as an enrichment layer, it will increasingly serve as a foundation for risk-based security controls.
The organizations that succeed will be those that move beyond simply identifying suspicious IPs and focus on gaining an understanding of the infrastructure, behavior, and intent behind them. In an environment where anonymized infrastructure has become a routine component of cybercrime, the ability to make the leap from detection to decision will ultimately determine how effectively security teams can respond to modern threats. Found this article interesting? This article is a contributed piece from one of our valued partners.
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808 , and CVE-2026-25089 over the past 24 hours. CVE-2026-39813 (CVSS score: 9.1) refers to a path traversal vulnerability in FortiSandbox JRPC API that could allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests. The second flaw, CVE-2026-39808 (CVSS score: 9.1), is a case of operating system command injection that could allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests.
Both vulnerabilities were patched by Fortinet in April 2026. CVE-2026-25089 (CVSS score: 9.1), on the other hand, was fixed last week, with Fortinet describing it as an operating system command injection impacting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI that could allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests. Defused Cyber noted that the exploit for CVE-2026-25089 not only shows signs of being developed using an artificial intelligence (AI) model, but is also faulty. A working exploit for the vulnerability has not been publicly disclosed.
Vulnerabilities in Fortinet appliances have become a lightning rod for attackers in recent years. In April 2026, Fortinet released out-of-band patches for a critical security flaw impacting FortiClient EMS ( CVE-2026-35616 , CVSS score: 9.1) that it said has been exploited in the wild. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS . “The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS,” ESET said in a report shared with The Hacker News. “Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP, and WebSocket protocols.” Like its Linux counterpart, the Windows versions support more than 30 commands to facilitate system information collection, process enumeration, service management, and file system operations. WIN_DRV has also been found to utilize kernel drivers to conceal the malware’s network connections, processes, files, and registry keys.
In addition, the variant enables TCP traffic diversion that allows the malware operators to send commands to the backdoor through a random TCP port on the victim’s device without exposing the backdoor’s actual listening port in the network traffic. SprySOCKS was first publicly documented by Trend Micro in September 2023, attributing its use to a China-nexus state-sponsored threat actor known as Earth Lusca, which is also tracked by the cybersecurity community under the monikers Aquatic Panda, Bronze University, Charcoal Typhoon, and RedHotel. The adversary is assessed to be active since at least 2021 and operated by a Chinese contractor named i-Soon . The Slovakian cybersecurity vendor, which has assigned the name FishMonger to the threat cluster, has described it as a cyber espionage group that falls under the broader Winnti umbrella.
In a report published in March 2025, the company linked the hacking group to a global campaign dubbed Operation FishMedley targeting seven organizations in Taiwan, Hungary, Turkey, Thailand, France, and the U.S. between January and October 2022. SprySOCKS is based on a Windows remote access trojan called Trochilus, and shares several common traits with RedLeaves , a backdoor that also exhibits extensive source code overlaps with Trochilus. What’s more, the use of Trochilus is linked to another Chinese threat actor known as Webworm , which, in turn, has tradecraft commonalities with both FishMonger and SixLittleMonkeys.
WIN_DRV Execution Chain The Windows variants are part of version 1.8 of SprySOCKS, with the WIN_DRV sample using a kernel driver referred to as RawWNPF (“KW1B5206BDC1743FP.dat”) for advanced stealth, while retaining the functionality present in the Linux variant. The driver is loaded using another encrypted kernel driver named DriverLoader (“KX1B5206BDC1743DD.dat”). The attack chain makes use of an as-yet-undetermined initial access pathway to drop a batch script, which then creates and executes a scheduled task responsible for triggering a DLL side-loading chain that drops the SprySOCKS backdoor and the driver components. However, it’s worth noting that the group has previously exploited N-day security flaws in public-facing Fortinet, GitLab, Microsoft Exchange Server, Progress Telerik UI, and Zimbra instances to obtain a foothold.
“The Windows version retains most of the core architecture of its Linux predecessor — including the C&C protocol, encryption used, and overall command handling logic — while substituting Windows-native mechanisms where required and improving the stealthiness of the backdoor by bringing the kernel drivers to the game,” ESET researcher Martin Smolár said. WIN_PLUS Execution Chain “The most notable differences can be spotted in the way the final backdoor is loaded, in the improved stealthiness, and in the component names and paths used. The WIN_PLUS execution scheme, in contrast, adopts a different approach. It leverages the Windows Print Spooler service (“spoolsv.exe”) as a starting point to execute a first-stage loader that runs as a print processor .
It’s designed to inject and run a SprySOCKS loader into a newly created “svchost.exe” process to launch the backdoor. Both WIN_DRV and WIN_PLUS variants of SprySOCKS are DLLs that support three channels for C2 communications over TCP, UDP, and WebSocket and run commands issued by the operator on the compromised host. This includes collecting system information, launching an interactive console, enumerating processes, getting C2 communication details, listing all services, initialising a SOCKS proxySOCKS proxy, uploading/downloading files, and running existing files. Evidence indicates that the artifacts may have been deployed between 2023 and 2024 in attacks targeting government organizations in Honduras, Taiwan, Thailand, and Pakistan.
The WIN_PLUS version was first detected in July 2024 on a victim device geolocated to Pakistan. What’s more, there are “limited indications” suggesting the involvement of a UEFI bootkit, likely exploiting CVE-2023-24932 (CVSS score: 6.7), a security feature bypass vulnerability in the Windows Boot Manager that’s famously associated with the BlackLotus UEFI bootkit. The security flaw was addressed by Microsoft in May 2023. “The discovery of a Windows variant of SprySOCKS, previously known as Linux-only backdoor, represents a meaningful expansion of FishMonger’s cross-platform capabilities,” ESET said.
“The Windows port retains most of the core architecture of its Linux predecessor – including the C&C protocol, encryption used, and overall command handling logic – while substituting Windows-native mechanisms where required and improving the stealthiness of the backdoor by bringing the kernel drivers to the game.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT . “The attack email contained a message impersonating an MS account security alert,” the Genians Security Center (GSC) said . “It was designed to create concern over possible account compromise and OTP abuse, thereby inducing the recipient to execute the attachment.” “The email body instructed the recipient to refer to the attached advisory. However, the actual attachment was not an HWP [Hangul Word Processor] document, but a ZIP archive that contained a malicious LNK file.” The email message claims “abnormal activity” related to repeated generation of one-time passwords, passing it off as a phishing attempt aimed at the target’s Microsoft Account by a third-party, and urging them to change their password.
The end goal of the phishing message is to induce a false sense of urgency and deceive the victim into interpreting the email as a legitimate security alert. The LNK file, once launched, initiates a multi-stage infection chain that employs intermediary batch scripts to download and install NarwhalRAT, along with retrieving the legitimate Python executable from the official website and a Windows security catalog (CAT) file. Persistence is achieved via a scheduled task, which is configured to launch the CAT file responsible for fetching and running the main payload in memory without leaving any artifacts on disk. The Python-based malware is equipped to log keystrokes, capture screenshots (with support for high-resolution images), record ambient audio, upload directory contents, collect active window details, gather data from USB media, execute instructions issued by a command-and-control (C2) server, and switch C2 servers.
The moniker NarwhalRAT is a reference to the malware’s use of a hidden directory called “%APPDATA%\naverwhale” to stage the harvested information on the compromised host. The directory name is an attempt to evade detection by masquerading as Naver Whale, a web browser developed by South Korean tech company Naver Corporation. APT37’s deployment of NarwhalRAT is noteworthy as it marks a departure from RokRAT, a malware family exclusively attributed to the hacking group. “From a C2 infrastructure perspective, the malware uses Korean websites, including ‘daehoat[.]com’ and ‘novel21[.]co.kr,’ as primary communication relays, while also implementing communication functionality based on the pCloud cloud storage API,” the South Korean cybersecurity company said.
“In particular, pCloud-specific routines that process the ‘folderid’ and ‘auth’ parameters were identified within the code. This indicates that the malware was designed to use a legitimate cloud service as a secondary C2 channel in the form of a dead drop resolver .” Genians said the activity shares “multiple similarities” with prior Python-based attacks orchestrated by ScarCruft, including a spear-phishing campaign that has used ticket confirmation and event invites lures to trick potential targets into opening ZIP archives containing LNK files. The attack chain plays out in a similar fashion in that the LNK file acts as a conduit for an obfuscated batch script downloaded from a remote C2 server, which then downloads the Python binary and a CAT file, ultimately resulting in the deployment of a compiled Python script capable of remote command execution and sending the results back to the C2 server. Interestingly, the scheduled task names used to set up persistence follow a similar naming convention.
While the NarwhalRAT infection creates a scheduled task called “MicrosoftUserInterfacePicturesUpdateTackMachine,” the second chain uses the name “MicrosoftMusicLibrariesPackageTaskMachine.” “Overall, NarwhalRAT is assessed to be an advanced RAT malware that integrates a Python-based multi-stage loader, an in-memory execution structure, a multi-C2 operational framework, and selective information collection functions,” Genians said. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262 , carries a CVSS score of 6.5 out of 10.0. “A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system,” Cisco said in an advisory. The issue, the networking equipment company added, stems from inadequate validation of user-supplied input during a file upload process.
An attacker could exploit this behavior to create or overwrite any file on the underlying operating system by sending crafted HTTP requests to an affected API endpoint. This, in turn, could be weaponized to elevate to the root. However, successful exploitation hinges on the attacker already having valid credentials with at least write access. The vulnerability impacts the following products regardless of the deployment type - Cisco Catalyst SD-WAN Manager On-Prem Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP) Patches have been released to address the issue - Cisco Catalyst SD-WAN Release 20.9.9.1 and earlier - Fixed in 20.9.9.2 Cisco Catalyst SD-WAN Release 20.12.7.1 and earlier - Fixed in 20.12.7.2 Cisco Catalyst SD-WAN Release 20.15.4.4 and earlier - Fixed in 20.15.4.5 Cisco Catalyst SD-WAN Release 20.15.5.2 and earlier - Fixed in 20.15.5.3 Cisco Catalyst SD-WAN Release 20.18.3 - Fixed in 20.18.3.1 Cisco Catalyst SD-WAN Release 26.1.1.1 and earlier - Fixed in 26.1.1.2 Cisco said it “became aware of limited exploitation of this vulnerability” in June 2026, adding it was discovered during internal security testing.
The company has also shared indicators of compromise associated with the malicious activity, urging customers to audit “/var/log/nms/vmanage-server.log” for suspicious WAR file uploads as below - 11-June-2026 03:53:37,310 EDT INFO [a66cdc5f-807d-4c23-944e-5c809a2ece6b] [server] [SdraAnyConnectFileUploadHandler] (default task-40704) |default| uploaded Remote Access Anyconnect profile file: ../../../../var/lib/wildfly/standalone/deployments/suspicious.war to vManage. Other indicators include attempts to deploy malicious code and interact with it, although Cisco has warned that they may not “consistently appear” in every incident log. The follow-on activities related to this vulnerability are - /var/log/nms/vmanage-appserver.log: 11-June-2026 07:52:55,275 UTC INFO [server] (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed “suspicious.war” (runtime-name : “suspicious.war”) /var/log/nms/containers/service-proxy/serviceproxy-access.log: [2026-06-11T07:57:33.635Z] “POST /suspicious/index.jsp HTTP/1.1” 200 - 267 76 17 - “1.1.1.54” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0” “d7336b83-422b-4000-93e1-0296f102bbed” “1.1.1.4:8443” “127.0.0.1:8080” CVE-2026-20262 is the eighth security flaw impacting Cisco SD-WAN to be flagged as actively exploited this year alone after CVE-2026-20245, CVE-2026-20182, CVE-2026-20127, CVE-2026-20122, CVE-2026-20128, CVE-2026-20133, and CVE-2022-20775. The exploitation of some of these flaws has been attributed to an advanced persistent threat (APT) actor named UAT-8616.
The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add the flaw to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 29, 2026. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026. The vulnerability in question is CVE-2026-54420 (CVSS score: 8.5), which has been described as a case of privilege escalation. It allows a user with FTP or web shell access to escalate privileges to root on shared hosting servers running CloudLinux or CageFS.
“LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS,” according to a description of the vulnerability in CVE.org. It’s currently not known how the vulnerability is being exploited in the wild and if any of those attacks have been successful, but LiteSpeed has urged users to run the command below to check if their servers are affected - grep -rE ‘cpanel_jsonapi_func=(generateEcCert|packageUserSize)|cert_action_entry .*geneccert’ /usr/local/cpanel/logs/ /var/cpanel/logs/ 2>/dev/null If the grep command does not show any output, it indicates the server has not been impacted by the issue. If there is any output, LiteSpeed has shared additional indicators to rule out any false positives - generateEcCert immediately followed by packageUserSize for the same user (legitimate UI flows don’t chain these) 7-10 concurrent calls per attempt (legitimate UI does one at a time) Namecheap has been credited with bringing the issue to its attention on May 31, 2026. Users are advised to upgrade to LiteSpeed WHM Plugin v5.3.2.1 (bundled w/ cPanel plugin v2.4.8) or higher to patch the vulnerability.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the unusual part: the attackers rewired the victims’ own Google Workspace rules to copy any message matching their keywords to an inbox they controlled. Google’s Threat Intelligence Group (GTIG) laid out the campaign in a report published this week and attributes it with high confidence to a cluster it tracks as UNC6508.
The actor and its REDCap backdoor are not new names; Google first surfaced both in February , in a wider report on state-backed attacks against the defense sector. It did not name the victims, describing them only as multiple organizations across the US and Canada: clinical providers, academic centers, military health institutions, advocacy groups, and health regulators. Google says it notified them and disrupted the group’s infrastructure. How they got in The entry point was REDCap (Research Electronic Data Capture), a web platform that hospitals and universities use to build and manage study databases.
UNC6508 compromised externally facing REDCap servers. Google has not pinned down the initial access vector, named a specific CVE, or listed the affected versions, though it saw the group probing older, vulnerable ones. Around three months after getting in, the group deployed custom malware GTIG calls INFINITERED , which trojanizes REDCap’s own system files and does three things. First, it hijacks the upgrade process so each new REDCap version reinjects the code instead of clearing it.
Second, it harvests usernames and passwords from the login page and stores them, encrypted, in local database tables. Third, it acts as a backdoor, taking commands through HTTP cookies and running on every page load. The earliest known compromise dates to September 2023, with activity continuing through November 2025. Once on the server, UNC6508 ran internal reconnaissance and credential discovery, pulling database and service account credentials, then used those logins to move into the internal network and on to a domain administrator account.
Google does not spell out the exact path to that admin account. With admin rights, the group set up the exfiltration. How they stole the email The exfiltration rode a feature that was already there. UNC6508 abused content compliance rules, a legitimate Google Workspace admin feature that scans mail for keywords and can copy or forward matching messages.
Similar features exist in other cloud mail suites. The group created a rule, misspelled “Patroit,” that watched for nearly 150 keywords, search terms, and email addresses. When a message matched, Workspace silently BCC’d it to an attacker-controlled Gmail address, which Google has since disabled. No malware on the mail server, no separate exfiltration tool, no unusual network traffic.
Just a built-in mail feature, turned to copy the organization’s secrets to an inbox the attackers owned. MITRE already catalogs email-forwarding-rule abuse as a known technique. What GTIG flags as new here is the use of domain content compliance rules to do it, a method it says it had not seen from a China-linked actor before. The rule’s keywords mapped to UNC6508’s collection priorities: geo-strategic policy, military strategy and equipment, advanced technology including AI and uncrewed vehicles, offensive cyber programs, and medical research.
One term stood out for its specificity, chikungunya , the mosquito-borne virus behind a 2025 outbreak in China’s Guangdong province. What to do Start with REDCap. Patch externally facing servers and remove old versions outright, not just alongside the current build. REDCap lets legacy versions run side-by-side, and that is what enables downgrade attacks, where an attacker forces software back to a known-vulnerable release.
Then check the mail side. Review Workspace, or equivalent, content compliance and mail-forwarding rules for anything that BCCs or reroutes mail to outside addresses. Check admin audit logs for when rules changed, not just what they say now. Pull GTIG’s published indicators and hunt for INFINITERED.
And put phishing-resistant MFA on administrator accounts, since the whole mail-theft step hinged on admin access. Google still does not know how UNC6508 first reached the REDCap servers. The part worth watching is the mail rule. Once attackers hold admin access, a built-in cloud feature can quietly become an exfiltration path, and that is what defenders need to audit, not just the REDCap backdoor.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi). According to a report published by Proofpoint, the threat actor has been found orchestrating phishing campaigns using developer role recruitment or code review themes to target nearly 100 organizations in finance, cryptocurrency, education, technology, and several other sectors. The activity has been codenamed UNK_DeadDrop . “The infection chain begins with emails containing links to actor-controlled GitHub repositories hosting malicious scripts that result in the execution of cross-platform malware for macOS, Linux, and Windows, including an open-source Go framework named Overlord ,” Proofpoint researchers Saher Naumaan and Carlos Rubio said .
A crucial aspect connecting the campaign to Pyongyang is the use of Microsoft Visual Studio Code (VS Code) projects that employ the “runOn: folderOpen” technique to trigger the execution of malicious code every time the code editor is opened without requiring any user interaction. This approach has been adopted by the Contagious Interview actors since December 2025. The activity documented by the enterprise security company involved more than 250 emails that were sent during a six-week period to individuals in almost 100 organizations. Over 75% of the targeted entities are located in the U.S., followed by the U.K., Australia, France, Brazil, Germany, India, Israel, Japan, and the Netherlands.
The emails contain links to GitHub repositories masquerading as technical assignments or cryptocurrency-related projects, instructing recipients to clone the repository and open it in VS Code or Cursor, resulting in the execution of operating system-specific malware loaders for Linux, macOS, and Windows. Subsequent lures observed in May 2026 have pivoted their approach by requesting targets to review their open-source projects. The loader - a shell script for macOS and Linux and a VBScript for Windows systems - is designed to install a malicious VS Code extension (VSIX) that masquerades as a legitimate Google service, while communicating with an external server to facilitate remote command execution, system reconnaissance, and data exfiltration from browser wallet extensions, credentials, and desktop wallet apps. The Linux and macOS infection chains lead to a custom version of the open-source Overlord framework with capabilities to enable data theft.
It also prompts users to enter their system password using a fake security pop-up. The Windows attack chain, on the other hand, relies on the VBScript payload to run a CMD file, which then installs the extension. The end goal remains the same: to steal credentials and data from wallet browser extensions and applications, and exfiltrate the results to the server (“23.137.105[.]75:5173”) via an HTTP POST request. “Unlike the Linux/macOS agent, the Windows pipeline does not maintain a persistent connection; it uploads the ZIP files, performs cleanup, and terminates,” Proofpoint said.
Further analysis has uncovered that the threat actor previously distributed a Windows Go binary of Overlord, but has since shifted to the new method, likely in an attempt to avoid detection. Proofpoint said it’s tracking UNK_DeadDrop as distinct from Contagious Interview due to differences in initial access methods (LinkedIn vs. email) and the use of the Overlord framework, which is different from the custom malware families the North Korean hacking group has traditionally deployed, including BeaverTail, InvisibleFerret, and OtterCookie. “UNK_DeadDrop activity suggests North Korea-aligned operations targeting developers for financial gain are maturing and evolving,” the company said.
“The shift from active social engineering over social media platforms to conduct fake interviews to large campaigns of recruitment-themed phishing emails distributing links to malicious repositories could indicate an actor industrializing and scaling operations.” The disclosure comes as Yeeth Security said it discovered three malicious VS Code extensions named “ByteBinTools.jupyter-powerdev-2026.6.8.vsix,” ToolCraft.jupyter-powertools-3.21.0.vsix,” and “OLDev.markdown-mode-devtools-2.1.0.vsix” on the official marketplace that are dressed up as seemingly harmless Jupyter Notebook productivity tools, but are, in fact, a “sophisticated, multi-stage backdoor” engineered to bypass endpoint defenses. The malware supports the following functions - A SharePoint site functioning as a command queue, victim registry, and exfiltration channel A JavaScript layer that handles all command-and-control (C2) communication via Microsoft Graph API and SharePoint to Components enabling arbitrary file read, write, and exfiltration, as well as code execution using a Windows executable and a Python script for Linux and macOS The C2 channel, besides running commands or scripts, can issue a third command type called “host_action,” which facilitates file system operations like pwd, ls, cd, and cat, along with file upload and downloads. Although there exists no direct overlap with any publicly documented North Korean campaign, Yeeth Security said the developer tooling split between JavaScript and Python has its echoes in Contagious Interview, and that the malicious artifacts’ Microsoft Graph API authentication mechanism shares some similarities with the Lazarus Group’s Dream Job attacks detailed by S2 Grupo LAB52 in October 2025. The findings dovetail with the discovery of multiple campaigns linked to the North Korean threat actors in recent months - A follow-up to the Axios supply chain attack using three malicious npm packages (redeem-onchain-sdk@1.0.7, nicegui@0.1.4, and period-newline@0.1.0) that deliver an information stealer that exfiltrates harvested data to a different C2 infrastructure.
The packages are listed as dependencies on GitHub projects disguised as cryptocurrency trading bots. “Less than 18 hours after the Axios malicious packages were removed from NPM, the first secondary payload was already live on the registry,” OpenSourceMalware said . “This suggests the threat actor had prepared backup infrastructure and was ready to immediately deploy alternative delivery mechanisms.” An attack campaign codenamed TaskJacker has been observed dropping malicious VS Code task files into unsuspecting GitHub users’ existing repositories, spreading in a worm-like fashion. “By weaponizing VS Code’s tasks.json auto-execution feature, attackers have created a scenario where simply opening a cloned repository in your IDE can compromise your system,” the OpenSourceMalware team said.
“No user interaction required beyond a git clone and opening the folder.” Contagious Interview’s use of Git hooks (“.githooks/pre-commit”) to fire the execution of malicious code when a target clones a “coding assessment” repository, marking a shift from hiding the malicious code within .vscode/tasks.json or package.json files. Contagious Interview’s use of a compromised Packagist package (“roberts/leads”) to target PHP developers with a JavaScript malware loader that reaches out to blockchain and public RPC infrastructure in order to fetch, decrypt, and execute a next-stage JavaScript payload. The adversary has also leveraged its access to compromised developer systems to tamper with commits and inject multi-stage obfuscated JavaScript code to the source code files in their repositories. The final payload is a variant of the DEV#POPPER RAT .
“Void Dokkaebi’s operations do not end with a single infected developer,” Trend Micro said . “The compromised machine becomes a launchpad, with the threat actor weaponizing the victim’s own repositories and turning their code contributions into infection vectors for downstream developers. The result is a self-sustaining propagation chain resembling a worm’s behavior rather than a traditional targeted attack.” Contagious Interview’s migration of InvisibleFerret from readable Python scripts to Cython-compiled binaries, distributing the malware as .pyd files on Windows and .so files on macOS. “The update gives the intrusion set an additional layer of evasion while preserving InvisibleFerret’s core capabilities, including backdoor access, browser credential theft, clipboard monitoring, keylogging, and cryptocurrency wallet targeting,” Trend Micro said.
“BeaverTail has also expanded beyond its original downloader and stealer role into a broader malware with overlapping functions, including credential harvesting and wallet trojanization.” A malicious npm package named “ terminal-logger-utils “ has been found to target Telegram data, SSH keys, crypto wallets, cloud configurations, and environment variables. The package was published by “jpeek895,” an account flagged for publishing a similar package called “terminal-logger-pack” in late April 2026. Another npm package named “ js-logger-pack “ has been found to deliver an ELF binary with infostealer and remote access trojan (RAT) capabilities. BlueNoroff’s (aka Sapphire Sleet and UNC1069) targeting of macOS environments within high-value financial sectors to deliver infostealer malware as part of a targeted social engineering against individuals in the cryptocurrency, investment, and Web3 space.
Some of these efforts also make use of fake Zoom and Microsoft Teams meeting-themed lures and ClickFix-style prompts and instructions to install supposed “missing” meeting SDKs and deliver malicious payloads. The attacks led to the deployment of updated variants of Cabbage RAT (aka CageyChameleon), PowerShell implants capable of credential and data theft, or a newly identified data-stealing macOS toolkit known as Mach-O Man . “By persuading users to manually execute AppleScript or Terminal-based commands, Sapphire Sleet shifts execution into a user-initiated context, allowing the activity to proceed outside of macOS protections such as Transparency, Consent, and Control (TCC), Gatekeeper, quarantine enforcement, and notarization checks,” Microsoft said. Contagious Trader ‘s use of over 50 malicious packages embedded across more than 100 GitHub repositories targeting developers in the cryptocurrency space to deliver three malware families: PromptMink, OtterCookie , and a new Windows clipboard stealer called ClipViper.
“The malicious repositories are promoted through verified accounts on X and Reddit, use spoofed developer identities and bot-inflated star counts to appear legitimate, and are distributed across 40+ GitHub users and organizations as redundant delivery fronts,” Panther said . A cluster of obfuscated malicious npm packages published by multiple throwaway accounts has been found to deliver variants of the OtterCookie infostealer by means of a postinstall hook. Another malicious npm package named “ node-env-resolve “ has been identified as making use of six runtime dependencies that match the OtterCookie toolkit. Contagious Interview’s use of generative artificial intelligence to assist with the development of loaders responsible for launching BeaverTail and OtterCookie, and to set up front companies used for listing job openings and social engineering outreach via fake LinkedIn accounts.
According to data shared by Expel, these campaigns are likely carried out by multiple teams, each comprising several members. The attacks have resulted in the theft of $12 million in cryptocurrency in the first three months of 2026. “The threat actor’s campaigns exfiltrated a total of 26,584 cryptocurrency wallets from 2,726 infected developers’ systems,” Expel’s Marcus Hutchins said . A supply chain attack campaign codenamed jsonspack has used 27 malicious npm packages to deliver a JavaScript RAT and infostealer, or drop a loader that fetches an unspecified payload.
Another malicious npm package named “ sleek-pretty “ has been found to target developers running Polymarket trading bots to carry out system fingerprinting, SSH backdoor installation, filesystem exfiltration, and targeted theft of Polymarket CLOB API credentials. A sustained npm malware campaign spanning 108 malicious packages and 261 package versions targeted developers between March 20 and April 20, 2026, with an aim to steal credentials, Telegram Desktop sessions, and wallet keys, and establish persistent access using malware families like BeaverTail and OtterCookie. “Whilst financially motivated cybercrime is highly unappealing to almost every nation-state, since the monetary loss from the resulting sanctions would far outweigh any financial gain, this is not the case for North Korea,” Expel said. “The heavy sanctions already levied against the country mean there is little more that can be done to deter them, but a lot to be gained for a nation whose economic activity is severely constrained.” Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.