top of page
ALL POSTS
Atomic Arch Campaign Hijacks 400+ Linux AUR Packages to Deploy Infostealer and eBPF Rootkit
Key Findings Over 400 packages in the Arch User Repository (AUR) were hijacked this week with malicious build scripts Attackers modified PKGBUILD files to inject a credential stealer written in Rust that harvests developer secrets The malware can load an eBPF rootkit when running with root privileges to hide its presence Attack targets orphaned packages with abandoned maintainers, then spoofs commit metadata to appear legitimate Malware collects browser cookies, SSH keys, Git
Jun 124 min read
Fileless Infostealer Attacks Target Claude Code Users Through Counterfeit Anthropic Platforms
Key Findings Active credential theft campaign targeting Claude Code users exploiting rapid AI tool adoption Attack chain begins with SEO poisoning directing victims to spoofed Anthropic installation pages Fileless infostealer uses MP3/HTA polyglot payload and in-memory execution to evade detection Command and control infrastructure routes through Russian IP infrastructure at 185.177.239.255 Anthropic's systems have not been compromised; attack targets individual users lacking
May 313 min read
Critical FortiClient EMS Vulnerability Exploited in Active Campaign Delivering EKZ Infostealer
Key Findings Threat actors are actively exploiting CVE-2026-35616, a critical FortiClient EMS vulnerability with a CVSS score of 9.1, to deploy credential-stealing malware across enterprise networks Attackers abuse legitimate FortiClient management pathways to push malicious PowerShell commands, evading traditional network monitoring solutions A new infostealer payload named EKZ Infostealer masquerades as vendor software updates and extracts credentials from Chrome and Firefo
May 283 min read
Reaper Malware Exploits Spoofed Microsoft Domain in macOS Password Theft Campaign
Key Findings SentinelLABS discovered a new macOS infostealer variant called Reaper that bypasses Apple's recent security patches in macOS Tahoe 26.4 Attack chain begins with fake download pages for WeChat or Miro using typo-squatted domain mlcrosoft.co.com Malware uses Script Editor with hidden commands disguised as ASCII art to trick users into executing malicious code Reaper steals passwords, browser data, cryptocurrency wallets, and financial documents before establishing
May 193 min read
Fake OpenAI Repository on Hugging Face Distributes Infostealer Malware, Reaches Top Downloads
Key Findings Malicious repository impersonating OpenAI's Privacy Filter reached #1 trending on Hugging Face with 244,000 downloads in 18 hours before removal Typosquatting attack used copied model descriptions and fake AI code to distribute Rust-based information stealer malware Multi-stage attack chain included privilege escalation, Windows Defender evasion, and credential theft targeting browsers, wallets, and Discord At least six additional malicious repositories using sim
May 113 min read
New ClickFix Attack Targets Crypto Wallets and 25+ Browsers with Remote Access Trojan
Key Findings: A new scam is targeting users by mimicking CAPTCHA verification systems The attack is an evolved version of the ClickFix attacks from early 2025 targeting restaurant bookings The multi-stage infection starts with a fake CAPTCHA, then triggers a PowerShell script to download malware The malware, known as an infostealer, targets cryptocurrency wallets, browser login data, and other sensitive information Background This research, shared with Hackread.com, indicates
Feb 222 min read
Infostealer Malware Steals OpenClaw AI Agent Configuration Files and Gateway Tokens
Key Findings Cybersecurity researchers have uncovered a new information stealer that exfiltrated a victim's OpenClaw configuration environment. The incident marks a significant evolution in infostealer behavior, transitioning from stealing browser credentials to targeting the identities, settings, and "digital souls" of personal AI agents. The stolen files included openclaw.json with gateway tokens, device.json containing private cryptographic keys, and "soul" and memory file
Feb 172 min read
Microsoft Warns: Python Infostealers Expand from Windows to macOS
Key Findings: Microsoft warns that info-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments. Attackers are leveraging cross-platform languages like Python and abusing trusted platforms to distribute infostealer malware at scale. Background Since late 2025, Microsoft has observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix-style prompts and malicious DMG installers. These campaigns deploy macO
Feb 42 min read
bottom of page
