Key Findings SmartLoader hackers cloned a legitimate Oura MCP (Model Context Protocol) server and built a deceptive infrastructure of fake forks and contributors to make the project appear credible. The trojanized version of the Oura MCP server delivers the StealC information stealer, targeting developer credentials, browser passwords, and cryptocurrency wallets. This campaign signals a significant shift in the threat landscape, with traditional supply chain attackers now piv
