All news with #supply chain compromise tag

⚠️ ReversingLabs uncovered a malicious NuGet package named StripeApi.Net that impersonated the widely used Stripe.net .NET library for Stripe payments. The typosquatting listing duplicated icons, documentation and tags and used the publisher name 'StripePayments' while retaining a default avatar to appear credible. The fake package accrued an apparently inflated 180,000-plus downloads by spreading roughly 300 downloads across 506 versions. Subtle code changes captured Stripe API keys and a machine identifier and exfiltrated them to an attacker-controlled Supabase database; NuGet removed the package quickly after it was reported and investigators found only a test entry.

🔒 Security researchers at Socket uncovered four malicious NuGet packages — NCryptYo, DOMOAuth2_, IRAOAuth2.0, and SimpleWriter_ — that target ASP.NET developers to steal Identity data and manipulate authorization rules. The packages, published in August 2024 by user hamzazaheer and downloaded over 4,500 times before removal, deploy a localhost proxy and stage payloads to relay stolen data to an external C2. Separately, Tenable disclosed a malicious npm package ambar-src that used a preinstall hook to drop cross-platform malware (Windows, Linux, macOS), enabling full-system compromise and data exfiltration.

🛡️ Microsoft warns that a coordinated campaign is using job-themed repositories—often posing as Next.js projects or technical assessments—to infect developer systems with multi-stage backdoors. Attackers embed workspace automation, build scripts, or server startup hooks so simply opening or building a project can load remote JavaScript and execute in memory. Microsoft advises containing affected endpoints, tracing process trees, hunting for repeated polling to attacker infrastructure, enforcing VS Code Workspace Trust, applying attack surface reduction, enabling cloud reputation checks, and tightening developer trust boundaries.

⚠️ Microsoft Defender researchers discovered a coordinated developer-targeting campaign that used malicious repositories disguised as legitimate Next.js projects and recruiting assessments to achieve remote code execution. The malicious repositories employed multiple execution paths — editor automation, dev-server assets, and backend startup loaders — that all retrieved attacker-controlled JavaScript at runtime. The activity staged a lightweight registration bootstrap (Stage 1) before escalating to a persistent operator-controlled controller (Stage 2), enabling in-memory tasking, discovery, and staged exfiltration.

🐛 Socket researchers disclosed an active npm supply-chain campaign dubbed SANDWORM_MODE that leverages typosquatted packages to infiltrate developer machines, CI pipelines, and AI coding assistants. The malicious packages (at least 19 observed) harvest npm and GitHub tokens, environment secrets, and cloud keys, then use stolen credentials to modify repositories and amplify via weaponized GitHub Actions. The campaign also injects a malicious MCP server into AI tool configs to enable prompt-injection exfiltration, includes a dormant polymorphic engine, and implements a configurable 'dead switch' that can wipe home directories.

🔍 The CrowdStrike 2026 Global Threat Report reviews 2025 as the year of the evasive adversary, detailing how attackers shifted to subtle, trust-based techniques across endpoint, identity, SaaS, and cloud environments. Adversaries accelerated operations using AI and exploited AI systems themselves, while supply chain compromises and zero-day usage rose markedly. The report highlights rapid breakout times, a high rate of malware-free intrusions, and significant increases in state-nexus activity, offering prioritized insights for defenders.

🔒 Socket's Threat Research Team discovered a supply chain worm, tracked as SANDWORM_MODE, spreading via typosquatted npm packages and compromised GitHub accounts while also manipulating local AI coding assistants. The malware harvested developer and CI credentials, injected rogue MCP servers into tools like Claude Desktop and VS Code Continue, and exfiltrated API keys for multiple large language model providers. Affected packages were removed and infrastructure disabled; developers should rotate credentials and audit CI workflows and local AI configurations.

🔐 Socket warns of an active supply-chain worm, codenamed SANDWORM_MODE, that abused at least 19 malicious npm packages to harvest developer credentials and cryptocurrency keys. The packages — many typosquatting legitimate modules and published by aliases official334 and javaorg — contain code to steal tokens, environment secrets and LLM API keys. The campaign also includes a weaponized GitHub Action, an optional home-directory wiper, and an McpInject component that targets AI coding assistants. Users should remove affected packages, rotate tokens, and audit repositories and CI workflows.

⚠️ Researchers discovered that a compromised npm publish token allowed an attacker to push a modified release of the widely used Cline CLI that added a malicious postinstall script to fetch and run the AI agent OpenClaw. Aside from that new script, package contents and the CLI binary matched the legitimate prior release, making the change easy to miss. The malicious publish was live on the registry for about eight hours on February 17 before it was deprecated and corrected; developers who installed during that window are advised to update Cline and remove OpenClaw if it was not intentionally installed.

⚠️ On February 17, 2026, the npm package cline was maliciously published as cline@2.3.0 using a compromised publish token; the release added a postinstall hook that executed npm install -g openclaw@latest. Installations between 03:26–11:30 PT pulled OpenClaw onto developer machines. Cline has released 2.4.0, deprecated 2.3.0, revoked the token and updated publishing to support OIDC; users are advised to upgrade and remove any unexpected OpenClaw installs, though researchers say overall impact is low since OpenClaw is not inherently malicious and no Gateway daemon was started.

🔒 Texas Attorney General Ken Paxton has sued TP-Link, alleging the company deceptively marketed routers as secure while obscuring Chinese supply-chain ties and labeling devices Made in Vietnam. The complaint cites firmware vulnerabilities exploited by Chinese state-backed actors and a large credential-theft botnet built from compromised routers. Paxton seeks monetary penalties and injunctions forcing disclosure of Chinese origins and limits on data collection; TP-Link denies the allegations and says U.S. user data is stored on domestic AWS servers.

⚠️ Kaspersky researchers have uncovered Keenadu, a multifaceted Android malware family that can be embedded in device firmware and run with system-level privileges from first boot. Detected on more than 13,000 devices across multiple countries, the backdoor impersonates legitimate system components (including face-unlock and home-screen apps) and can infect other apps, install APKs, and harvest sensitive data. It may remain dormant under certain locales and lacks easy removal through standard user tools. Kaspersky recommends checking firmware updates, running security scans, disabling suspect apps, and coordinating with vendors to address supply chain integrity.

🔒 Notepad++ has released version 8.9.2 to remediate a hijacked update mechanism abused by an advanced China-linked actor to selectively deliver malware. The maintainer implemented a "double lock" design that verifies both the signed installer (added in 8.8.9+) and the signed XML returned by the update server. The WinGUp auto-updater was hardened by removing libcurl.dll, dropping insecure cURL SSL options, and restricting plugin-management execution to binaries signed with WinGUp's certificate. The update also fixes a high-severity Unsafe Search Path flaw (CVE-2026-25926); users should upgrade and download installers only from the official domain.

🔒 Kaspersky researchers have identified a firmware-embedded backdoor named Keenadu that can run in the context of every Android app and grant remote control over infected tablets. The implant was discovered in Alldocube iPlay 50 mini Pro firmware dating to August 18, 2023, and the compromised images carried valid digital signatures. Kaspersky observed delivery via signed OTA updates, preinstalled system apps, and trojanized apps distributed through third-party stores and official marketplaces.

🛡️ Keenadu is a sophisticated Android backdoor discovered embedded in device firmware and in apps distributed through Google Play and other channels. Kaspersky reports multiple distribution vectors — compromised OTA firmware, system apps, modified APKs and even Play Store apps — with the firmware-integrated variant being the most powerful. That variant can operate inside every installed app, silently install APKs with broad permissions, and exfiltrate media, messages, credentials and location data. Kaspersky has confirmed roughly 13,000 infected devices and warns that firmware-resident instances cannot be removed by standard Android tools; users should reflash clean firmware or replace affected devices.

🛡️Researchers at Straiker's AI Research (STAR) Labs disclosed a SmartLoader campaign that distributes a trojanized Oura Model Context Protocol (MCP) server to deploy the StealC infostealer. Attackers built a deceptive network of fake GitHub accounts and forks, added sham contributors, and submitted the malicious server to the MCP Market to exploit developer trust. The delivered ZIP runs an obfuscated Lua script that drops SmartLoader, which then installs StealC to exfiltrate credentials, browser passwords, and cryptocurrency wallet data. Organizations should inventory MCP servers, verify provenance before installation, and monitor for suspicious egress and persistence.

⚠️ A new variant of a fake recruiter campaign attributed to North Korean actors is targeting JavaScript and Python developers with cryptocurrency-themed coding tasks. Attackers publish seemingly legitimate job projects and embed malicious dependencies on npm and PyPI that install a remote access trojan reported as Graphalgo. The operation is modular and resilient, with 192 malicious packages identified and tactics such as delayed activation and token‑protected command channels. Affected developers are advised to rotate tokens and passwords and to reinstall compromised systems.

🔴 ReversingLabs attributes a coordinated supply-chain campaign, codenamed graphalgo, to the North Korea–linked Lazarus Group, active since May 2025. Attackers set up a fake recruiting front (Veltrix Capital), staged GitHub coding assessments in Python and JavaScript, and published dozens of malicious dependencies to npm and PyPI to infect candidates. One npm package, bigmathutils, accrued over 10,000 downloads before a malicious update; the payload delivers a token-based RAT that performs reconnaissance and file operations. Researchers also disclosed separate npm threats — duer-js (Bada Stealer) and the extortionist XPACK ATTACK — and urge auditing dependencies and verifying package provenance.

🔒 Flare and other researchers describe the AMOS macOS infostealer and its use of AI-focused distribution channels to harvest credentials and crypto data. Recent ClawHavoc activity shows attackers poisoning the popular OpenClaw skill marketplace to bundle AMOS into seemingly legitimate add-ons. Campaigns also abused search-engine SEO, fraudulent GitHub repositories, and one-line Terminal installers, enabling rapid credential and session theft at scale.

⚠️ OpenClaw is a rapidly adopted local agent orchestration tool (formerly Clawdbot/Moltbot) that integrates with chat apps, operating systems, smart-home devices, browsers and productivity platforms and can be configured to use any LLM backend. Its GitHub repo and the Moltbook social layer saw millions of visits and hundreds of thousands of agents and downloads in recent weeks. Security researchers warn the tool is insecure-by-default: exposed instances, authentication bypasses, plaintext credentials and malicious third-party skills create serious enterprise risk. Organizations are advised to block traffic, rotate credentials and restrict experimentation to isolated, managed environments.