ALL POSTS

Key Findings Seven malicious npm packages tracked as "Ghost campaign" designed to steal cryptocurrency wallets and credentials Packages use sophisticated social engineering tactics including fake installation logs and sudo password phishing Attack chain culminates in remote access trojan capable of harvesting sensitive data and awaiting attacker commands Activity shares overlap with GhostClaw campaign, suggesting possible connection between threat actors Packages published un

Key Findings: Sophisticated phishing campaign targeting Russian finance sector, using high-quality social engineering to bypass defenses. Malware dubbed "Phantom Stealer" deployed via malicious ISO files attached to phishing emails. Phantom Stealer equipped with aggressive data-harvesting modules targeting crypto wallets, chat apps, and browser data. Malware includes anti-analysis checks to evade security researchers. Campaign highlights shift towards ISO-based initial access

Key Findings Cybersecurity researchers have discovered a new set of three Visual Studio Code (VS Code) extensions associated with the GlassWorm malware campaign. The extensions, with thousands of downloads, are still available for download and are being used to harvest credentials, drain cryptocurrency wallets, and drop remote access tools. The malware uses invisible Unicode characters to hide malicious code, allowing it to evade detection and create a self-replicating worm-l