All news with #data exfil via tools tag

Scattered Spider, LAPSUS$, and ShinyHunters: SLH Collective

🕸 The nascent Scattered LAPSUS$ Hunters (SLH) collective — a merging of Scattered Spider, LAPSUS$, and ShinyHunters — has repeatedly recreated its Telegram presence, cycling channels at least 16 times since August 8, 2025. The group markets an extortion-as-a-service offering to affiliates, targets organizations including those using Salesforce, and has teased a custom ransomware family called Sh1nySp1d3r. Trustwave SpiderLabs assesses SLH as blending financially motivated crime with attention-seeking hacktivism and sophisticated brand management.

OpenAI Assistants API Abused by 'SesameOp' Backdoor

🔐 Microsoft Incident Response (DART) uncovered a covert backdoor named 'SesameOp' in July 2025 that leverages the OpenAI Assistants API as a command-and-control channel. The malware uses an obfuscated DLL loader, Netapi64.dll, and a .NET component, OpenAIAgent.Netapi64, to fetch compressed, encrypted commands and return results via the API. Microsoft recommends firewall audits, EDR in block mode, tamper protection and cloud-delivered Defender protections to mitigate the threat.

Cybersecurity Experts Charged Over BlackCat Ransomware

🔒 Three cybersecurity professionals have been indicted for allegedly operating an ALPHV/BlackCat ransomware affiliate network that attacked at least five U.S. companies between May and November 2023. Prosecutors named former Sygnia incident response manager Ryan Clifford Goldberg and negotiator Kevin Tyler Martin of DigitalMint, accusing them of exfiltrating data, encrypting systems, and demanding cryptocurrency extortion payments. An FBI affidavit describes encrypted dark‑web negotiations, multi‑hop transfers using privacy coins such as Monero, and meticulous spreadsheets that tracked ransoms, receipts, and wallet addresses. Charges include conspiracy to extort and intentional damage to protected computers, with potential forfeiture of crypto assets.

Operation SkyCloak: Tor-Enabled Backdoor Targets Defense

🔒 Attackers are deploying a persistent backdoor using OpenSSH and a customized Tor hidden service to target defense-related organizations in Russia and Belarus. The Operation SkyCloak campaign uses weaponized ZIP attachments and LNK-triggered PowerShell stagers that perform sandbox evasion and write an .onion hostname into the user's roaming profile. Persistence is established via scheduled tasks that run a renamed sshd.exe and a bespoke Tor binary using obfs4, enabling SSH, SFTP, RDP and SMB access over Tor.

Microsoft Detects SesameOp Backdoor Using OpenAI API

🔒 Microsoft’s Detection and Response Team (DART) detailed a novel .NET backdoor called SesameOp that leverages the OpenAI Assistants API as a covert command-and-control channel. Discovered in July 2025 during a prolonged intrusion, the implant uses a loader (Netapi64.dll) and an OpenAIAgent.Netapi64 component to fetch encrypted commands and return execution results via the API. The DLL is heavily obfuscated with Eazfuscator.NET and is injected at runtime using .NET AppDomainManager injection for stealth and persistence.

Malicious VSX Extension 'SleepyDuck' Uses Ethereum

🦆 Researchers at Secure Annex warned of a malicious Open VSX extension, juan-bianco.solidity-vlang, that delivers a remote access trojan dubbed SleepyDuck. Originally published as a benign library on October 31, 2025, it was updated to a malicious release after reaching about 14,000 downloads. The extension triggers on opening a code editor window or selecting a .sol file, harvesting host details and polling an Ethereum-based contract to obtain and update its command server. It also contains fallback logic using multiple Ethereum RPC providers to recover C2 information if the domain is taken down; users should only install extensions from trusted publishers and follow vendor guidance.

SesameOp backdoor abuses OpenAI Assistants API for C2

🛡️ Microsoft DART researchers uncovered SesameOp, a novel .NET backdoor that leverages the OpenAI Assistants API as a covert command-and-control (C2) channel instead of traditional infrastructure. The implant includes a heavily obfuscated loader (Netapi64.dll) and a backdoor (OpenAIAgent.Netapi64) that persist via .NET AppDomainManager injection, using layered RSA/AES encryption and GZIP compression to fetch, execute, and exfiltrate commands. Microsoft and OpenAI investigated jointly and disabled the suspected API key; detections and mitigation guidance are provided for defenders.

Generative AI Speeds XLoader Malware Analysis and Detection

🔍 Check Point Research applied generative AI to accelerate reverse engineering of XLoader 8.0, reducing days of manual work to hours. The models autonomously identified multi-layer encryption routines, decrypted obfuscated functions, and uncovered hidden command-and-control domains and fake infrastructure. Analysts were able to extract IoCs far more quickly and integrate them into defenses. The AI-assisted workflow delivered timelier, higher-fidelity threat intelligence and improved protection for users worldwide.

Anthropic Claude vulnerability exposes enterprise data

🔒 Security researcher Johann Rehberger demonstrated an indirect prompt‑injection technique that abuses Claude's Code Interpreter to exfiltrate corporate data. He showed that Claude can write sensitive chat histories and uploaded documents to the sandbox and then upload them via the Files API using an attacker's API key. The root cause is the default network egress setting Package managers only, which still allows access to api.anthropic.com. Available mitigations — disabling network access or strict whitelisting — significantly reduce functionality.

Ground Zero: Five Critical Steps After a Cyberattack

🛡️ Rapid, methodical incident response is essential when you suspect unauthorized access. Activating a rehearsed IR plan and notifying a cross-functional incident team (including HR, PR, legal and executives) helps you quickly establish scope, preserve evidence and maintain chain of custody. Contain affected systems without destroying forensic data, protect offline backups, notify regulators, insurers and law enforcement, then proceed to eradication, recovery and hardening.

Nation-State Airstalk Malware Uses AirWatch via API

🛡️ Palo Alto Networks Unit 42 linked a suspected nation-state cluster (CL-STA-1009) to a new backdoor named Airstalk that abuses the AirWatch API (now Workspace ONE Unified Endpoint Management) as a covert command-and-control channel. The malware appears in PowerShell and more capable .NET variants and can capture screenshots, harvest browser cookies, history and bookmarks, and enumerate user files. Airstalk misuses MDM custom attributes as a dead-drop resolver and leverages the API blobs feature to exfiltrate large artifacts; some .NET samples were signed with a likely stolen certificate.

Russian Police Arrest Suspected Meduza Stealer Operators

🔒 Russian authorities have arrested three individuals in Moscow accused of creating and operating the Meduza information‑stealing malware. Announced on Telegram by police general Irina Volk, investigators say the group developed and distributed Meduza via hacker forums around two years ago and offered it as a subscription-based service. The tool steals browser-stored credentials and cryptocurrency data and, since December 2023, can resurrect expired Chrome authentication cookies to facilitate account takeover. Authorities opened a criminal case after operators targeted an Astrakhan institution and seized confidential server data.

China-linked Tick exploits Lanscope flaw to deploy backdoor

⚠️ Sophos and JPCERT/CC have linked active exploitation of a critical Motex Lanscope Endpoint Manager vulnerability (CVE-2025-61932, CVSS 9.3) to the China-aligned Tick group. Attackers leveraged the flaw to execute SYSTEM-level commands and drop a Gokcpdoor backdoor, observed in both server and client variants that create covert C2 channels. The campaign used DLL side-loading to run an OAED Loader, deployed the Havoc post-exploitation framework on select hosts, and used tools like goddi and tunneled Remote Desktop for lateral movement. Organizations are advised to upgrade or isolate internet-facing LANSCOPE servers and review deployments of the MR and DA agents.

Claude code interpreter flaw allows stealthy data theft

🔒 A newly disclosed vulnerability in Anthropic’s Claude AI lets attackers manipulate the model’s code interpreter to silently exfiltrate enterprise data. Researcher Johann Rehberger demonstrated an indirect prompt-injection chain that writes sensitive context to the interpreter sandbox and then uploads files using the attacker’s API key to Anthropic’s Files API. The exploit exploits the default “Package managers only” network setting by leveraging access to api.anthropic.com, so exfiltration blends with legitimate API traffic. Mitigations are limited and may significantly reduce functionality.

Agent Session Smuggling Threatens Stateful A2A Systems

🔒 Unit42 researchers Jay Chen and Royce Lu describe agent session smuggling, a technique where a malicious AI agent exploits stateful A2A sessions to inject hidden, multi‑turn instructions into a victim agent. By hiding intermediate interactions in session history, an attacker can perform context poisoning, exfiltrate sensitive data, or trigger unauthorized tool actions while presenting only the expected final response to users. The authors present two PoCs (using Google's ADK) showing sensitive information leakage and unauthorized trades, and recommend layered defenses including human‑in‑the‑loop approvals, cryptographic AgentCards, and context‑grounding checks.

October 2025: Key Cybersecurity Stories and Guidance

🔒 As October 2025 concludes, ESET Chief Security Evangelist Tony Anscombe reviews the month’s most significant cybersecurity developments and what they mean for defenders. He highlights that Windows 10 reached end of support on October 14 and outlines practical options for affected users and organizations. He also warns about info‑stealing malware spread through TikTok videos posing as free activation guides and summarizes Microsoft’s report that Russia, China, Iran and North Korea are increasingly using AI in cyberattacks — alongside China’s accusation of an NSA operation targeting its National Time Service Center.

Surge in NFC Relay Malware Targeting European Cards

📱Zimperium reports a sharp rise in Android apps abusing Host Card Emulation (HCE) to steal contactless payment card data across Eastern Europe. Researchers observed over 760 malicious APKs and 70+ command-and-control servers that capture EMV fields, respond to POS APDU commands, or forward requests to remote servers. Variants include data exfiltration to Telegram, relay toolkits, 'ghost-tap' real-time HCE manipulation, and fake payment apps impersonating Google Pay and regional banks. Users are advised to avoid sideloading APKs, restrict NFC permissions, run Play Protect, and disable NFC when not in use.

Typosquatted npm Packages Deliver Cross-Platform Stealer

🚨 A multi-stage supply-chain campaign published ten typosquatted npm packages on July 4 that collectively reached nearly 10,000 downloads before removal, according to Socket. Each package abused npm’s postinstall lifecycle to open a new terminal, present a fake CAPTCHA prompt, and retrieve a PyInstaller-packed binary that harvests credentials from browsers, OS keyrings, SSH keys, tokens and cloud configuration files. The JavaScript installers combined four layers of obfuscation with social engineering to evade detection and delay scrutiny while exfiltrating collected secrets to the attacker’s host.

PhantomRaven: Malware in 126 npm Packages Steals Tokens

⚠️ Koi Security has identified a supply-chain campaign dubbed PhantomRaven that inserted malicious code into 126 npm packages, collectively installed more than 86,000 times, by pointing dependencies to an attacker-controlled host (packages.storeartifact[.]com). The packages include preinstall lifecycle hooks that fetch and execute remote dynamic dependencies, enabling immediate execution on developers' machines. The payloads are designed to harvest GitHub tokens, CI/CD secrets, developer emails and system fingerprints, and exfiltrate the results, while typical scanners and dependency analyzers miss the remote dependencies because npmjs.com does not follow those external URLs.

Typosquatted npm Packages Deploy Cross-Platform Infostealer

🚨 Ten typosquatted packages on npm were found delivering a 24 MB PyInstaller infostealer that targets Windows, Linux, and macOS. Uploaded on July 4 and downloaded nearly 10,000 times, the packages used heavy obfuscation and a fake CAPTCHA to evade detection. Researchers at Socket say the malware harvests keyrings, browser credentials, SSH keys and API tokens, then exfiltrates data to a remote server. Developers who installed these packages should remove them, perform remediation, and rotate all secrets.