All news with #data exfil via tools tag

Shai-Hulud v2 Supply-Chain Campaign Hits Maven Central

⚠️ The second wave of the Shai-Hulud supply-chain attack has moved from npm into the Maven ecosystem after researchers found org.mvnpm:posthog-node:4.18.1 embedding the same setup_bun.js loader and bun_environment.js payload. The artifact was rebundled via an automated mvnpm process and was not published by PostHog; mirrored copies were purged from Maven Central on Nov 25, 2025. The campaign steals API keys, cloud credentials and npm/GitHub tokens by backdooring developer environments and injecting malicious GitHub workflows, affecting thousands of repositories.

ToddyCat APT Targets Outlook Archives and M365 Tokens

🔒 Kaspersky Labs reports that the ToddyCat APT refined its toolkit in late 2024 and early 2025 to harvest Outlook offline archives and Microsoft 365 OAuth tokens in addition to browser credentials. New PowerShell and C++ components — notably TomBerBill and TCSectorCopy — copy browser artifacts and sector‑level OST files while attackers also attempt in‑memory token grabs from Outlook processes to maintain persistent access.

HashJack: Indirect Prompt Injection Targets AI Browsers

⚠️Security researchers at Cato Networks disclosed HashJack, a novel indirect prompt-injection vulnerability that abuses URL fragments (the text after '#') to deliver hidden instructions to AI browsers. Because fragments never leave the client, servers and network defenses cannot see them, allowing attackers to weaponize legitimate websites without altering visible content. Affected agents included Comet, Copilot for Edge and Gemini for Chrome, with some vendors already rolling fixes.

FlexibleFerret macOS Campaign Uses Go-Based Backdoor

🦊 Jamf Threat Labs reports a macOS malware chain, named FlexibleFerret, that employs staged scripts, credential‑harvesting decoys and a persistent Go-based backdoor to maintain long-term access. The campaign uses a second-stage shell script that reconstructs download paths and fetches different payloads for arm64 and Intel systems, then unpacks and runs a loader while writing a LaunchAgent for persistence. A decoy app mimics Chrome permission prompts and a Chrome-style password window to steal credentials, which are exfiltrated via the legitimate Dropbox API. The final stage invokes a Golang backdoor, CDrivers, that provides remote command-and-control and extensive data-theft capabilities.

The Dilemma of AI: Malicious LLMs and Security Risks

🛡️ Unit 42 examines the growing threat of malicious large language models that have been intentionally stripped of safety controls and repackaged for criminal use. These tools — exemplified by WormGPT and KawaiiGPT — generate persuasive phishing, credential-harvesting lures, polymorphic malware scaffolding, and end-to-end extortion workflows. Their distribution ranges from paid subscriptions and source-code sales to free GitHub deployments and Telegram promotion. The report urges stronger alignment, regulation, and defensive resilience and offers Unit 42 incident response and AI assessment services.

Shai-Hulud Worm Resurfaces, Infects Hundreds of npm Packages

🐛 Security teams have warned of a rapidly spreading secret-stealing worm, Shai-Hulud, that has resurfaced in the npm ecosystem and already infected hundreds of packages with tens of millions of downloads. First seen in September, attackers hijack developer accounts to publish trojanized packages that exfiltrate AWS keys and GitHub tokens to attacker-controlled repositories. Vendors including Wiz Security and Mondoo report explosive scaling—hundreds of new repos discovered every 30 minutes—and urge urgent dependency audits. Recommended mitigations include rotating credentials, disabling npm postinstall scripts in CI, enforcing MFA, pinning versions, and using tools like Safe-Chain to block malicious packages.

Shai-Hulud 2.0 Worm Spreads Through npm and GitHub

⚠️ Researchers at Wiz, JFrog and others are tracking a renewed campaign of the Shai‑Hulud credentials‑stealing worm spreading through the npm registry and GitHub. The new Shai‑Hulud 2.0 executes during the preinstall phase, exfiltrates developer and CI/CD secrets to randomized repositories, and injects malicious payloads into other packages. Widely used modules, including @asyncapi/specs, Zapier, Postman and others, have been compromised, prompting immediate remediation steps for affected developers and organizations.

Blender model files used to deliver StealC infostealer

⚠️ Researchers at Morphisec observed a Russian-linked campaign using malicious Blender .blend files uploaded to 3D model marketplaces to deliver the StealC V2 infostealer. The embedded Python in the .blend fetches a loader from a Cloudflare Workers domain, which runs a PowerShell script to download two ZIP archives, unpack them into %TEMP%, drop LNK shortcuts into the Startup folder for persistence, and deploy both the StealC payload and an auxiliary Python stealer. Users are advised to disable Blender's Auto Run for Python scripts and treat downloaded 3D assets like executables, testing unknown files in sandboxed environments.

StealC V2 Spread Through Malicious Blender .blend Files

🛠️ Morphisec researchers have uncovered a six-month campaign embedding StealC V2 inside weaponized Blender .blend files distributed via marketplaces such as CGTrader. When opened with Blender's Auto Run enabled, concealed Python scripts fetch loaders from workers.dev domains and initiate a multistage infection that deploys PowerShell components and Python-based stealers. The malware establishes persistence with LNK files and communicates with Pyramid-linked C2 servers to retrieve encrypted payloads. Morphisec says its deception-based protection thwarts credential theft by injecting decoy credentials and terminating processes before exfiltration.

Ransomware Targets AWS S3 via Cloud Key Abuse Tactics

🔐 A Trend Micro report warns that ransomware groups are shifting from on-premises targets to cloud object storage, particularly AWS S3, by abusing integrated encryption and key management. Attackers probe configurations from AWS-managed KMS keys to customer-provided and external key stores to encrypt or irreversibly lock data. The report urges hardening S3 settings, enforcing least privilege, enabling versioning and Object Lock, and isolating backups.

Second Sha1-Hulud npm Wave Hits 25,000+ Repositories

⚠ Multiple security vendors report a second Sha1-Hulud campaign that has trojanized hundreds of npm packages and affected over 25,000 repositories. The attack leverages a preinstall script ("setup_bun.js") to install or locate the Bun runtime and execute a bundled payload ("bun_environment.js") that harvests credentials. The malware registers hosts as self-hosted GitHub runners named "SHA1HULUD", drops a vulnerable workflow (.github/workflows/discussion.yaml) to run arbitrary commands via repository discussions, exfiltrates secrets as artifacts, and then removes traces; when exfiltration fails it can attempt destructive wiping of the user home directory.

China-linked APT31 Targets Russian IT with Stealth

🛡️ Positive Technologies links a prolonged 2024–2025 intrusion campaign in the Russian IT sector to China-linked APT31, reporting extended dwell times and stealthy command-and-control. The group relied on legitimate cloud platforms — notably Yandex Cloud and Microsoft OneDrive — and concealed encrypted payloads in social media profiles to blend with normal traffic. Observed techniques include spear-phishing RAR attachments containing LNK loaders that deploy the Cobalt Strike-based CloudyLoader, DLL side-loading, scheduled tasks that mimic legitimate apps, and a broad mix of public and custom tools to harvest credentials and exfiltrate data.

AI-generated fake sites deliver malicious Syncro builds

⚠️ Kaspersky describes a campaign in which attackers used the AI-powered web builder Lovable to mass-generate convincing fake vendor pages that host malicious installers. Those pages distribute a custom, attacker-signed build of the legitimate remote administration tool Syncro, which installs silently and grants full remote access. Because the payload is a legitimate admin tool altered for abuse, detection is difficult and victims risk data theft and loss of cryptocurrency funds.

Browser Push Notifications Exploited by Matrix Push C2

🔔 BlackFrog has identified a new command-and-control platform, Matrix Push C2, that abuses browser push notifications to deliver phishing and malware. The campaign social-engineers users into allowing notifications and then issues realistic system-style alerts that redirect victims to malicious sites. Described as fileless, the technique leverages the browser notification channel rather than an initial executable. The platform includes a web dashboard with real-time client visibility, analytics and templates impersonating services like MetaMask, Netflix and PayPal.

Turning Threat Intelligence into Real Security Wins

🛡️ Modern SOCs drown in threat feeds; the problem is not data but converting it into repeatable decisions. The article lays out an operating model that makes CTI a business capability by centring work on Priority Intelligence Requirements (PIRs), engineering a single pipeline for collection, normalization and automated enrichment, and prioritizing behaviour‑first detections mapped to MITRE ATT&CK. It prescribes SOAR orchestration with human checkpoints, de‑duplication and scoring by relevance and visibility, and integration of intel into incident response and threat hunting. The result: measurable loss avoidance, reclaimed analyst capacity and executive reporting that drives concrete decisions.

Ransomware Shifts Focus to AWS S3 Buckets and Keys

🔐 A Trend Micro analysis warns ransomware actors are increasingly targeting cloud storage by abusing AWS-native encryption and key management to render S3 data unrecoverable. Attackers probe buckets with disabled versioning or Object Lock, exploit wide write permissions, and weaponize SSE-KMS, SSE-C, BYOK and XKS to seize control of keys. Researchers recommend least-privilege IAM, enable versioning/Object Lock, isolate backups, and continuously monitor audit logs. An "assume breach" posture and short-lived credentials are urged to limit impact.

APT24 Deploys BADAUDIO in Multi-Year Espionage Campaign

🛡️ APT24 has deployed a previously undocumented downloader called BADAUDIO to maintain persistent remote access in a nearly three-year campaign beginning November 2022. The highly obfuscated C++ downloader uses control-flow flattening and DLL search-order hijacking to fetch AES-encrypted payloads from hard-coded C2s; analysts observed Cobalt Strike delivered in at least one case. Operators distributed BADAUDIO via watering holes, supply-chain compromises, typosquatted CDNs and targeted phishing, employing FingerprintJS and encrypted cloud-hosted archives to selectively target victims and evade detection.

ThreatsDay: 0-Days, LinkedIn Spying, IoT Flaws, Crypto

🛡️ This week's ThreatsDay Bulletin highlights a surge in espionage, zero-day exploits, and organized crypto laundering across multiple countries. MI5 warned that Chinese operatives are using LinkedIn profiles and fake recruiters to target lawmakers and staff, while researchers disclosed critical flaws like a pre-auth RCE in Oracle Identity Manager and a resource-exhaustion bug in the Shelly Pro 4PM relay. The bulletin also details malicious browser extensions, new macOS stealer NovaStealer, high-profile arrests and sanctions, and continued pressure on crypto-mixing services. Patch, update, and verify identities to reduce exposure.

PlushDaemon uses EdgeStepper to hijack DNS and updates

🔒 PlushDaemon, a China-linked APT, has deployed a network implant called EdgeStepper to hijack DNS on compromised routers and redirect update traffic to attacker-controlled servers, according to ESET. The MIPS32 Go-built implant modifies iptables to forward UDP port 53 to a local proxy that substitutes legitimate update IPs with malicious ones. Using the hijacked channel, a downloader chain (LittleDaemon, DaemonicLogistics) delivers the espionage backdoor SlowStepper, enabling credential theft, document exfiltration and audio/video capture.

TamperedChef Malware Uses Fake Installers in Global Campaign

⚠️ Acronis Threat Research Unit (TRU) reports an ongoing global malvertising campaign, dubbed TamperedChef, that employs counterfeit installers masquerading as popular utilities and product manuals to deploy an information-stealer and obfuscated JavaScript backdoors. Operators use SEO poisoning, malicious ads, and abused code-signing certificates from shell companies in the U.S., Panama, and Malaysia to increase trust and evade detection. Installers drop an XML file to create a scheduled task that launches the JavaScript backdoor, which exfiltrates encrypted, Base64-encoded JSON over HTTPS. Infections concentrate in the U.S. and have also been observed in Israel, Spain, Germany, India, and Ireland, with healthcare, construction, and manufacturing among the most affected sectors.