top of page
ALL POSTS
Fileless Infostealer Attacks Target Claude Code Users Through Counterfeit Anthropic Platforms
Key Findings Active credential theft campaign targeting Claude Code users exploiting rapid AI tool adoption Attack chain begins with SEO poisoning directing victims to spoofed Anthropic installation pages Fileless infostealer uses MP3/HTA polyglot payload and in-memory execution to evade detection Command and control infrastructure routes through Russian IP infrastructure at 185.177.239.255 Anthropic's systems have not been compromised; attack targets individual users lacking
May 313 min read
Microsoft's Abandoned MSHTA Tool Becomes Weapon for Fileless Malware Campaigns
Key Findings MSHTA, a retired Windows tool originally built for Internet Explorer, remains enabled by default on modern Windows systems and is now actively exploited for fileless malware attacks Threat actors abuse MSHTA as a Living-off-the-Land binary to execute malicious code directly in memory while masking activity as legitimate administrative tasks Multiple malware families including CountLoader, Emmenhtal Loader, PurpleFox, and ClipBanker leverage MSHTA to deliver info-
May 212 min read
Quasar Linux RAT (QLNX): A Fileless Implant Targeting Supply Chain with Stealth and Persistence
Key Findings Researchers discovered QLNX, a previously undocumented Linux remote access trojan targeting developers and DevOps environments The malware operates entirely from memory using memfd_create to avoid disk detection QLNX includes embedded C source code for PAM backdoors and LD_PRELOAD rootkits that dynamically compile on target systems The implant supports 58 command handlers including keylogging, credential theft, SSH lateral movement, and eBPF-based hiding Communic
May 94 min read
bottom of page
