All news with #data exfil via tools tag

Malicious Blender 3D Model Files Spread Infostealer

⚠️ Researchers observed threat actors distributing the StealC V2 infostealer hidden inside free .blend files on marketplaces like CGTrader. When Blender’s Auto Run Python Scripts setting is enabled, opening these models executes embedded Python that fetches a loader via Cloudflare Workers and runs a PowerShell chain to deploy payloads. The campaign exfiltrated browser and wallet data and abused a UAC bypass. Disable autorun and restrict unvetted tools.

Spiderman phishing kit targets dozens of European banks

🕷️Spiderman is a newly observed phishing kit that replicates banking and cryptocurrency login flows to capture credentials, 2FA codes, credit card details, and wallet seed phrases. Researchers at Varonis report it targets customers across five European countries and major brands including Deutsche Bank, ING, CaixaBank, PayPal, and crypto wallets such as Ledger and Metamask. The kit’s modular control panel lets operators filter victims by country or device, intercept PhotoTAN and OTP codes in real time, export harvested data with one click, and redirect non-targeted visitors.

Google Patches Zero-Click Gemini Enterprise Vulnerability

🔒 Google has patched a zero-click vulnerability in Gemini Enterprise and Vertex AI Search that could have allowed attackers to exfiltrate corporate data via hidden instructions embedded in shared Workspace content. Discovered by Noma Security in June 2025 and dubbed "GeminiJack," the flaw exploited Retrieval-Augmented Generation (RAG) retrieval to execute indirect prompt injection without any user interaction. Google updated how the systems interact, separated Vertex AI Search from Gemini Enterprise, and changed retrieval and indexing workflows to mitigate the issue.

Malicious VS Code Extensions Steal Credentials via DLL

🛡️ Researchers from Koi Security have uncovered two malicious Visual Studio Code extensions, Bitcoin Black and Codo AI, that delivered a DLL-based infostealer via a disguised Lightshot executable. The campaign used social engineering and evolving technical methods—initially complex PowerShell and passworded ZIPs, later streamlined to hidden batch scripts—to harvest screenshots, clipboard data, Wi‑Fi credentials and browser sessions. One extension posed as a theme while the other offered legitimate AI coding features, helping both evade suspicion on the VS Code Marketplace.

STAC6565 Targets Canada; Gold Blade Deploys QWCrypt

🛡️ Sophos links nearly 40 intrusions from Feb 2024 to Aug 2025 to STAC6565, a cluster assessed to overlap the criminal group Gold Blade (aka RedCurl/Red Wolf). The campaign shows an unusually narrow geographic focus — almost 80% of attacks targeted Canadian organizations — and combines targeted data theft with selective ransomware deployment using QWCrypt. Attack chains abuse recruitment platforms to deliver multi‑stage loaders such as RedLoader and tools designed to evade AV and disable recovery, often leveraging WebDAV, Cloudflare Workers and program‑compatibility execution paths.

AMOS infostealer uses ChatGPT share to spread macOS malware

🛡️Kaspersky researchers uncovered a macOS campaign in which attackers used paid search ads to point victims to a public shared chat on ChatGPT that contained a fake installation guide for an “Atlas” browser. The guide instructs users to paste a single Terminal command that downloads a script from atlas-extension.com and requests system credentials. Executing it deploys the AMOS infostealer and a persistent backdoor that exfiltrates browser data, crypto wallets and files. Users should not run unsolicited commands and must use updated anti‑malware and careful verification before following online guides.

Malicious VS Code Extensions and Supply‑Chain Packages

🔒 Security researchers uncovered malicious extensions on the Microsoft Visual Studio Code Marketplace that delivered stealer malware while posing as a dark theme and an AI assistant. Koi Security reported the extensions downloaded additional payloads, captured screenshots, and siphoned emails, Slack messages, Wi‑Fi passwords, clipboard contents and browser sessions to attacker servers. Microsoft removed the packages in early December 2025 after investigators linked them to a publisher using multiple similarly named packages.

Malicious VSCode Extensions on Marketplace Drop Infostealers

🛡️ Two malicious Visual Studio Code extensions on Microsoft's Marketplace, Bitcoin Black and Codo AI, were found delivering an information-stealing payload that can capture screenshots, harvest credentials and crypto wallets, and hijack browser sessions. Published under the developer name 'BigBlack', Codo AI remained live with under 30 downloads at the time of reporting while Bitcoin Black showed a single install. Researchers at Koi Security observed that Bitcoin Black uses a wildcard activation and executes PowerShell or a hidden batch script to download a DLL and executable that leverage DLL hijacking to run the infostealer as 'runtime.exe'.

Apache Tika XXE Flaw Expanded; Critical Patch Urged

⚠️ Apache Tika maintainers warn that an XML External Entity (XXE) vulnerability originally disclosed in August (CVE-2025-54988) is broader than first reported and is now covered by a superset CVE (CVE-2025-66516). The issue affects tika-core, tika-parsers and the standalone tika-parser-pdf-module, and could allow attackers to read sensitive data or trigger requests to internal resources. Users are advised to upgrade to the patched releases or disable XML parsing via tika-config.xml to mitigate risk.

Gartner Urges Enterprises to Block AI Browsers Now

⚠️Gartner recommends blocking AI browsers such as ChatGPT Atlas and Perplexity Comet because they transmit active web content, open tabs, and browsing context to cloud services, creating risks of irreversible data loss. Analysts cite prompt-injection, credential exposure, and autonomous agent errors as primary threats. Organizations should block installations with existing network and endpoint controls and restrict any pilots to small, low-risk groups.

JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

🔍 Securonix has detailed a campaign named JS#SMUGGLER that leverages compromised websites and an obfuscated JavaScript loader to deliver the NetSupport RAT. Attackers chain a hidden iframe and a remote HTA executed via mshta.exe to run encrypted PowerShell stagers and fetch the RAT. The loader applies device-aware branching and a visit-tracking mechanism to trigger payloads only on first visits, reducing detection risk. Temporary stagers are removed and payloads execute in-memory to minimize forensic artifacts.

MuddyWater Deploys UDPGangster Backdoor in Attacks

🔒 The Iranian-linked group MuddyWater has been observed deploying a new UDP-based backdoor called UDPGangster, using UDP channels for command-and-control, data exfiltration, and remote command execution. Fortinet FortiGuard Labs says the campaign targeted users in Turkey, Israel, and Azerbaijan via spear-phishing messages that deliver macro-enabled Word documents (e.g., "seminer.doc" inside "seminer.zip") and display a Hebrew-language decoy image. The embedded VBA macro decodes Base64 content into C:\Users\Public\ui.txt and launches it via CreateProcessA; the payload establishes registry persistence and runs multiple anti-analysis checks before communicating over UDP to 157.20.182[.]75:1269 to exfiltrate data, run commands with "cmd.exe", transfer files, and deploy additional payloads.

Researchers Find 30+ Flaws in AI IDEs, Enabling Data Theft

⚠️Researchers disclosed more than 30 vulnerabilities in AI-integrated IDEs in a report dubbed IDEsaster by Ari Marzouk (MaccariTA). The issues chain prompt-injection with auto-approved agent tooling and legitimate IDE features to achieve data exfiltration and remote code execution across products like Cursor, GitHub Copilot, Zed.dev, and others. Of the findings, 24 received CVE identifiers; exploit examples include workspace writes that cause outbound requests, settings hijacks that point executable paths to attacker binaries, and multi-root overrides that trigger execution. Researchers advise using AI agents only with trusted projects, applying least privilege to tool access, hardening prompts, and sandboxing risky operations.

Chinese Threat Actors Backdoor VMware vSphere Servers

🔒 Chinese state-sponsored actors are implanting a Go-based backdoor called BRICKSTORM on VMware vCenter and ESXi servers to maintain long-term persistence in targeted networks. CISA, NSA and the Canadian Cyber Centre analyzed multiple samples and found the malware often remained undetected for extended periods, enabling lateral movement, credential theft and exfiltration via VSOCK and SOCKS5 proxy functionality. The joint advisory includes IOCs, YARA and Sigma rules and recommends patching, hardening vSphere, restricting service account privileges, segmenting networks and blocking unauthorized DoH.

China-Linked Warp Panda Espionage Targets North America

🛡️ CrowdStrike has attributed a sophisticated cyber‑espionage campaign to a China-linked group dubbed Warp Panda, which has targeted North American legal, technology and manufacturing firms to support PRC intelligence priorities. The actor employed BRICKSTORM implants and Golang-based tools to persist on VMware vSphere infrastructures, including vCenter and ESXi hosts. CISA’s advisory corroborates long-term access and vCenter exploitation.

CISA: PRC-linked BRICKSTORM Backdoor Targets vSphere

🔒 CISA on Thursday released details of a Golang backdoor named BRICKSTORM used by PRC-linked actors to maintain long-term stealthy access to VMware vSphere and Windows systems. The implant provides interactive shell access, file management, SOCKS proxying, and multiple C2 channels including HTTPS, WebSockets, nested TLS, and DNS-over-HTTPS to conceal communications and blend with normal traffic. CISA and private-sector researchers tied deployments to clusters tracked as UNC5221 and to CrowdStrike’s Warp Panda, noting self-reinstating persistence, VSOCK support for inter-VM operations, and use in attacks against government, IT, legal, and technology targets.

Contractors Accused of Wiping 96 Government Databases

🧾 Two Virginia brothers, former federal contractors Muneeb and Sohaib Akhter, have been charged with conspiring to steal sensitive data and deleting roughly 96 government databases after being fired. Prosecutors allege the deletions occurred in February 2025 and that Muneeb also stole IRS and EEOC information for hundreds of individuals. One minute after deleting a DHS database he reportedly asked an AI tool how to clear system logs. Authorities say the pair wiped devices, destroyed evidence, and face multiple federal charges including computer fraud and aggravated identity theft.

UDPGangster Backdoor Campaigns Target Turkey, Israel

🔒FortiGuard Labs reports multiple campaigns deploying the UDPGangster UDP-based backdoor, attributed to the MuddyWater espionage group. Attackers used macro-embedded Microsoft Word documents delivered via phishing, impersonating official Turkish emails and targeting users in Turkey, Israel, and Azerbaijan. The malware implements persistence, extensive anti-analysis checks, and UDP C2 communications to exfiltrate data and execute remote commands. Fortinet detections and protections are available to mitigate these threats.

PRC State-Sponsored Actors Use BRICKSTORM Malware Campaigns

🔒 CISA warns that PRC state-sponsored actors are deploying the BRICKSTORM backdoor to maintain stealthy, long-term access on VMware vSphere and Windows hosts. The malware leverages nested TLS/WebSockets, DNS-over-HTTPS, and a SOCKS proxy for encrypted C2, lateral movement, and tunneling, and implements a self‑healing persistence mechanism. CISA urges defenders to hunt with provided YARA/Sigma rules, block unauthorized DoH, inventory edge devices, and enforce DMZ segmentation.

BRICKSTORM Backdoor Targets VMware vSphere and Windows

🛡️ CISA, NSA, and the Canadian Centre for Cyber Security report that PRC state-sponsored actors deployed the BRICKSTORM backdoor to gain long-term persistence on VMware vSphere (vCenter/ESXi) and Windows hosts. The analysis of eight samples includes YARA and Sigma detection content plus scanning guidance for vCenter filesystems and SIEMs. Organizations should apply the provided IOCs and detection signatures, hunt for modified init scripts, DoH resolver requests, and hidden API endpoints, and report any findings immediately.