#threatreport #MediumCompleteness Solana FakeFix: 25 Malicious npm and PyPI Packages Lure Developers With Fake Stable Builds | 11-06-2026 Source: research.jfrog.com/post/sola… Key details below ↓ 🧑‍💻Actors/Campaigns: Solana_fakefix 💀Threats: Typosquatting_technique, Deno_loader, 🎯Victims: Solana developers, Developers, Ci pipelines, Software development, Cryptocurrency 🏭Industry: Financial, Healthcare 📚TTPs: ⚔️Tactics: 2 🛠️Technics: 0 🤖LLM extracted TTPs:` T1005, T1033, T1036, T1053.003, T1053.005, T1059.001, T1059.006, T1059.007, T1070.004, T1071.001, ... 🧨IOCs: - File: 24 - Url: 17 - IP: 1 - Path: 3 💽Software: Telegram, ETHERSCAN, Unix crontab, macOS, Windows scheduled task, Windows Registry 🪙Crypto: solana 🔢Algorithms: base58 🔠Functions: Set-ExecutionPolicy, setTimeout, Set-ItemProperty 📜Programming Languages: python, javascript, powershell, typescript #threatreport: The Solana FakeFix campaign, identified by JFrog Security Research, involves the distribution of 25 malicious npm and PyPI packages specifically targeting Solana developers, utilizing tactics like typosquatting, fake branding for Solana SDKs, and lifecycle execution hooks to facilitate data theft. These packages aim to extract sensitive information, including wallet keys, cloud credentials, source control tokens, and various environment secrets. The primary deceptive approach leveraged in this campaign was the promotion of these dangerous packages as compatibility fixes for Solana build issues. The campaigns operated through GitHub issue spamming by user PassWord1337, who posed as a community contributor, effectively targeting developers experiencing dependency challenges. The first stage of the attack required the execution of JavaScript controlled by the attacker during the npm package installation. This executed payload immediately set up a Telegram command-and-control (C2) channel and initiated a search for developer secrets. For the Python packages, malware was triggered during a standard import process, highlighting differences in execution methods between npm and PyPI. Each type of package shared common payload characteristics, indicating a coordinated effort to breach systems. The later npm variants evolved their attack vector by embedding malicious code within functional-looking Solana JavaScript libraries, enabling them to operate unnoticed while scanning for sensitive information such as Solana keypairs and AWS credentials. In another facet of the campaign, a CMS-themed loader involved npm packages uploaded by a user named thermonuclear. While not specifically tied to Solana, these packages contained mechanisms for executing remote Windows payloads via PowerShell scripts and JavaScript executed within the context of the Deno runtime. These practices included clandestine installations, dynamic second-stage retrieval of payloads, and attempts to maintain persistence through various Windows functionalities such as scheduled tasks and registry modifications. The threat actors also leveraged the concept of MEV (miner extractable value) bots to entice victims into providing sensitive credentials under the false promise of passive income. This represents a blend of technical package exploitation and classic phishing tactics. Remediation steps include uninstalling affected packages, rotating all sensitive credentials, and auditing for potential persistence indicators that could enable attackers to maintain access. Investigation should focus on signs of the Telegram API traffic and other specific IOCs related to the campaign. The complexity of the methods utilized, transitioning from simple backdoors to sophisticated Trojanized libraries, underlines the rapid evolution and increasing sophistication of such cyber threats targeting developer ecosystems.

#threatreport #HighCompleteness OceanLotus: From external espionage to domestic targeting | 12-06-2026 Source: welivesecurity.com/en/eset-r… Key details below ↓ 🧑‍💻Actors/Campaigns: Oceanlotus (🧠motivation: cyber_espionage) 💀Threats: Spectralviper, Supply_chain_technique, Dns_tunneling_technique, Soundbite, Phoreal, Cuegoe, Watering_hole_technique, Process_injection_technique, 🎯Victims: Stock investors, Financial services, Infrastructure and transport construction, Businesses, Human rights activists, Human rights defenders, Government 🏭Industry: Financial, Government 🌐Geo: Germany, China, Asia, Vietnam, Vietnamese, Singapore 📚TTPs: ⚔️Tactics: 8 🛠️Technics: 16 🧨IOCs: - Url: 2 - Domain: 6 - File: 11 - IP: 8 - Hash: 20 💽Software: Linux, Microsoft SQL server, Microsoft SQL, curl 📜Programming Languages: python #threatreport: OceanLotus, also known as APT32, has demonstrated a notable shift in its operational priorities from external espionage to increased domestic targeting, particularly within Vietnam, as observed between 2024 and 2026. The group has engaged in two specific campaigns utilizing its backdoor malware, SPECTRALVIPER. One operation involved compromising a Vietnamese infrastructure and transport construction company, while the other was a supply-chain attack aimed at the FireAnt MetaKit software platform, a tool commonly used by stock investors in Vietnam. The construction company was reportedly breached between November 2024 and February 2026, likely through remote code execution (RCE) vulnerabilities, specifically in a Microsoft SQL server. Various iterations of SPECTRALVIPER were employed within the network, demonstrating tailored adaptations to the specific environments of compromised hosts. Meanwhile, in the supply-chain attack against FireAnt MetaKit, which began in October 2025, attackers infiltrated the legitimate update mechanism of the platform to distribute malicious versions that deployed SPECTRALVIPER. SPECTRALVIPER's architecture features capabilities allowing it to function both as a backdoor and as a loader, facilitating process manipulation and injection of malicious code into target applications. The malware initiates contact with its command and control (C&C) servers using HTTPS, embedding key data such as host profiling information and a unique User-Agent header within HTTP requests. This communication infrastructure appears designed to avoid detection within normal network traffic. One notable aspect of SPECTRALVIPER is its orchestration model, where different instances can communicate and activate commands via named pipes, allowing for lateral movement within compromised networks. This method highlights the malware's potential for distributed operations, making it capable of managing multiple infected hosts effectively. The timing and focus of these attacks correlate with Vietnam's domestic anti-corruption efforts, suggesting that OceanLotus may be aligning its cyber operations with state objectives against financial crime and corruption. The operational security misstep, which left certain programming details intact in SPECTRALVIPER, has facilitated deeper insights into the malware's workings, illustrating how the group is leveraging advanced techniques to fulfill its espionage goals within Vietnam’s evolving political landscape.

#threatreport #MediumCompleteness Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter | 08-06-2026 Source: stepsecurity.io/blog/pythago… Key details below ↓ 🧑‍💻Actors/Campaigns: Teampcp Mini_shai-hulud 💀Threats: Shai-hulud, Credential_stealing_technique, Supply_chain_technique, 🎯Victims: Open source software, Software development, Artificial intelligence development 🌐Geo: Russian 📚TTPs: ⚔️Tactics: 3 🛠️Technics: 8 🧨IOCs: - File: 1 - Hash: 2 💽Software: Mistral, Kubernetes, HashiCorp Vault, Claude, Linux, macOS, Node.js 🔢Algorithms: md5, sha256, base64, aes-256-gcm 🔠Functions: run, v3MNGJU, HJgj4ju, require, rMq3gu, eval, unref, GetSecretValue 📜Programming Languages: javascript, typescript, python 💻Platforms: arm, cross-platform, x64 #threatreport: On June 8, 2026, a co-founder of the popular open-source AI developer tool, Pythagora-io/gpt-pilot, had their GitHub account compromised, resulting in a force-push of a credential-stealing payload. This malicious payload is a variant of the Shai-Hulud worm, specifically designed as a 758KB obfuscated JavaScript credential stealer, which targets sensitive credentials such as AWS keys, GitHub secrets, and SSH keys. The malware utilizes GitHub commit messages as a covert command-and-control (C2) channel, exfiltrating stolen data by creating and committing to new GitHub repositories, making its operations difficult to detect. The attack demonstrated a sophisticated method of concealment, as the attacker backdated the malicious commit to August 2025. This was intended to obscure its visibility in the project's history. Notably, the malware leverages a Python module import system for activation, displaying cross-platform capabilities across Linux, macOS, and Windows. It prevents duplicate executions through a lock file and silences its output, further aiding in its stealth. The core of the malware is the _runtime.bin payload, which is designed to run under the Bun runtime and employs multiple layers of obfuscation to evade analysis. The malware establishes a novel C2 channel through the GitHub commits API, where it searches for a specific marker string. Commands are extracted using regex, allowing the attacker to control infected machines by merely creating public commits containing this marker, blending the malicious activity with routine developer operations. Exfiltration occurs primarily through new GitHub repositories using stolen tokens, impersonating a generic commit author to reduce visibility, while a secondary method involves encrypted DNS calls. Persistence is achieved through settings files for Claude Code and VS Code, which re-execute the malware during code sessions. The malware also showcases advanced anti-analysis techniques, including locale-based evasion strategies and monitoring for newly created tokens. This event aligns with other incidents attributed to the Shai-Hulud campaign, believed to be connected to the threat actor group TeamPCP/UNC6780. The sophistication in the methods used, including substantial obfuscation and the exploitation of Sigstore for publishing malicious packages with misleading authenticity signals, suggests a well-planned approach to software supply chain attacks. Subsequently, it highlights the need for enhanced security measures, such as enforcing branch protection on main branches, to prevent unauthorized changes to repositories. The incident emphasizes that traditional code quality tools can inadvertently provide security protection by rejecting code that does not conform to established standards, indicating gaps in supply chain defense mechanisms.

#threatreport #MediumCompleteness Threat Actors Weaponize AI Hype to Deliver AsyncRAT | 11-06-2026 Source: fortinet.com/blog/threat-res… Key details below ↓ 💀Threats: Asyncrat, Process_hollowing_technique, Runpe_tool, 🎯Victims: Users seeking ai related learning resources 🌐Geo: Chinese 🤖LLM extracted TTPs:` T1012, T1027, T1033, T1036.004, T1036.005, T1036.008, T1041, T1053.005, T1055.012, T1059.001, ... 🧨IOCs: - File: 31 - Domain: 3 - IP: 1 - Hash: 3 💽Software: PostgreSQL, Claude, AutoHotkey, NET Framework, Microsoft Defender, Task Scheduler 🔢Algorithms: aes-cbc, zip, exhibit, md5, base64, pbkdf2, gzip, xor 🔠Functions: Execute 🗂️Win API: Run 📜Programming Languages: powershell #threatreport: Threat actors are exploiting current AI trends by distributing malware disguised as legitimate AI-related documents. A recent campaign observed by FortiGuard Labs involves files with titles related to AI learning resources, which are crafted to entice users searching for such content. The initial phase of this attack involves a compressed archive that seems innocuous, but actually conceals malicious scripts designed to execute a complex multi-stage infection chain, ultimately delivering AsyncRAT, a .NET-based remote access trojan. The malware begins its execution with a ZIP file containing a shortcut and hidden files. A PowerShell script is triggered, leveraging cryptographic techniques to decode payloads hidden within the initial documents. This script creates other scripts and establishes persistence through the Windows Task Scheduler, disguising its activity under the guise of a Realtek audio service. The scripts employ obfuscation techniques, including the use of Simplified Chinese variable names and unconventional identifiers drawn from cultural references, which complicates analysis and detection. Particularly noteworthy is the use of AutoHotkey scripts which serve as an execution engine for the malware, allowing for the loading and execution of additional components without relying solely on compiled binaries. The attack's latter stages involve sophisticated techniques, such as process hollowing and reflective loading, to execute .NET payloads in a stealthy manner, while minimizing forensic visibility by cleaning up traces of execution. The main payload, identified as a modular RAT, establishes communication with command-and-control (C2) servers, collecting and exfiltrating detailed system information about the victim’s environment. The malware employs advanced communication methods, including encryption of outbound data and custom serialization, ensuring persistent interaction with the C2 infrastructure.

#threatreport #HighCompleteness Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open | 08-06-2026 Source: trendmicro.com/en_us/researc… Key details below ↓ 🧑‍💻Actors/Campaigns: Gamaredon (🧠motivation: cyber_espionage) Uac-0226 (🧠motivation: cyber_espionage) Fancy_bear Apt29 Sandworm Turla Void_rabisu 💀Threats: Giftedcrook, Romcom_rat, Spear-phishing_technique, Antidebugging_technique, Gammasteel, 🎯Victims: Ukrainian organizations, Military innovation centers, Military formations, Law enforcement agencies, Local self government bodies, Government entities, Military entities 🏭Industry: Military, Government 🌐Geo: Malaysian, Crimea, Ukraine, Netherlands, Russia, Moscow, Switzerland, France, Germany, Ukrainian 🔓CVEs: CVE-2018-20250 \[[Vulners](vulners.com/cve/CVE-2018-202…)] - CVSS V3.1: *7.8*, - Vulners: Exploitation: True Soft: - rarlab winrar (le5.61) CVE-2025-8088 \[[Vulners](vulners.com/cve/CVE-2025-808…)] - CVSS V3.1: *8.8*, - Vulners: Exploitation: True Soft: - rarlab winrar (<7.13) CVE-2025-6218 \[[Vulners](vulners.com/cve/CVE-2025-621…)] - CVSS V3.1: *7.8*, - Vulners: Exploitation: True Soft: - rarlab winrar (<7.12) 📚TTPs: ⚔️Tactics: 8 🛠️Technics: 17 🧨IOCs: - File: 13 - Hash: 37 - Command: 5 - Path: 3 - IP: 14 - Url: 5 - Domain: 2 - Email: 1 💽Software: Telegram, Chrome, Firefox, Opera, Google Chrome, Microsoft Edge, Mozilla Firefox, KeePass, PDQ Deploy 🔢Algorithms: rc4, prng, fnv-1a, sha256, exhibit, base64 🔠Functions: Get-Content, flexibility_denominator_wiretap, Sleep 🗂️Win API: NtProtectVirtualMemory, NtAllocateVirtualMemory, NtCreateThreadEx, CryptUnprotectData, CreateProcessW, DeleteFileW, CryptImportKey, VirtualAlloc 📜Programming Languages: powershell 💻Platforms: x64 #threatreport: The ongoing exploitation of the WinRAR vulnerability CVE-2025-8088, which was patched in July 2025, continues to pose significant cyber threats to Ukrainian organizations. The vulnerability, a path traversal flaw (CVSS 8.4), allows attackers to write files outside the extraction directory using NTFS Alternate Data Streams. This vulnerability is leveraged by various Russia-aligned groups, including SHADOW-EARTH-066 and Earth Dahu (Gamaredon), against Ukrainian military and governmental entities. SHADOW-EARTH-066, designated by CERT-UA as UAC-0226, has transitioned from an earlier tactic of using Excel macros for initial access to exploiting CVE-2025-8088. It deploys the GIFTEDCROOK information stealer, capable of harvesting browser passwords, session cookies, and specific file extensions before self-deleting. The evolved version of this stealer, known as result.dll, shows significant enhancements, such as in-memory DLL loading and encrypted command-and-control infrastructure. The malware, compiled in C , utilizes dual-layer RC4 encryption for stolen data exfiltration, indicating a deliberate attempt to evade detection and analysis. In contrast, Earth Dahu exploits the same vulnerability using an HTA-based attack chain. The group drops malicious HTA files or obfuscated VBS scripts into the Startup folder, executing them at user login to deliver espionage tools. This method shows a characteristic shift in tactics, reflecting a need for operational security as other methods become less effective. Both campaigns exemplify how unmanaged software like WinRAR can create vulnerabilities that persist long after patches are issued. The lack of centralized update mechanisms for such applications leaves organizations exposed, allowing threat actors to maintain access through a reliable entry point. Academic analysis points to a history of vulnerabilities in similar widely used utility applications, emphasizing the need for robust software management and security hygiene. The exploitation strategies employed by both SHADOW-EARTH-066 and Earth Dahu highlight distinct differences in development and methodology, with one favoring a compiled C malware chain and the other relying on scripting mechanisms. However, both leverage the same weakness in WinRAR, representing a considerable risk to Ukrainian security initiatives and potentially impacting allied nations through compromised credentials and data. Organizations are advised to prioritize patching WinRAR, conduct thorough hunts for indicators of compromise, and enforce stringent credential management practices to mitigate the ongoing risks posed by these cyber threat actors.

#threatreport #LowCompleteness World Cup 2026 Mobile Targeted Phishing: The Global Social Engineering Threat | 11-06-2026 Source: zimperium.com/blog/world-cup… Key details below ↓ 🧑‍💻Actors/Campaigns: Ghost_stadium Retailphish Offsidehire_phishing 💀Threats: Typosquatting_technique, Aitm_technique, Mishing_technique, Credential_harvesting_technique, 🎯Victims: Consumers, Sports retail, Corporate google workspace accounts, Job seekers 🏭Industry: Transport, Retail, Entertainment 🌐Geo: Croatia, Ecuador, England, Germany, New york, France, Colombia, Chinese, German, Portugal, Portuguese, Spain, Spanish, Qatar, French 📚TTPs: ⚔️Tactics: 1 🛠️Technics: 0 🤖LLM extracted TTPs:` T1056.003, T1078, T1111, T1557, T1566.002, T1566.003, T1583.001, T1583.006, T1656 🧨IOCs: - Domain: 6 - File: 3 💽Software: WhatsApp, Telegram, TikTok, Chrome 📜Programming Languages: javascript #threatreport: The surge in phishing campaigns associated with the FIFA World Cup 2026 poses significant risks to mobile users as cybercriminals exploit the high demand for game tickets and merchandise. With 48 teams and 104 matches, the event's scale creates an ideal environment for social engineering attacks aimed at various audiences, notably ticket buyers and job seekers. Threat actors have employed techniques such as Typosquatting and institutional spoofing, deploying fake domains like fifa-tickets.vip to mislead users who are desperate for tickets. Additionally, sophisticated retail campaigns are using sites that appear to mimic legitimate brands such as Nike and Adidas, often hiding their origins behind Cloudflare to evade detection. Three main campaigns have emerged: the first focuses on ticket sales, the second on merchandise, and the last on recruitment fraud. These campaigns leverage urgent messages via SMS and social media to instill emotional panic among readers, prompting them to click on malicious links. For the ticketing scheme, attackers have created deceptive sites that closely resemble official platforms, effectively misdirecting users into providing sensitive personal and financial information. The implementation of advanced phishing kits enables thorough engagement throughout the fraudulent ticket purchasing process, ensuring victims are led through a realistic purchasing journey. The merchandise phishing campaign, branded as RetailPhish, capitalizes on fans seeking team apparel after ticket availability dwindles. By using malicious domains registered under a privacy proxy, the attackers obscure their identities while employing templated URLs that target multiple languages and regions. Rapid domain registration allows for efficient scaling of their operations. The recruitment fraud, dubbed OffsideHire, is particularly alarming as it focuses on temporary employment opportunities related to the World Cup. This involves setting up phishing sites designed to steal credentials from corporate Google Workspace accounts under the guise of legitimate hiring efforts. The site's structure compromises organizations by facilitating a form of Adversary-in-the-Middle (AiTM) attack, allowing for real-time credential harvesting that can lead to deeper breaches within corporate networks. All these campaigns are strategically executed to operate outside conventional corporate security measures such as firewalls, often using personal devices that link back to company resources. Their intricate designs highlight the need for robust mobile threat detection and prevention solutions that can identify suspicious activities in real-time, thereby protecting sensitive organizational data from compromise.

#threatreport #HighCompleteness Shai-Hulud Campaign Evolution: Miasma, Hades, and AI Scanner Evasion | 12-06-2026 Source: zscaler.com/blogs/security-r… Key details below ↓ 🧑‍💻Actors/Campaigns: Teampcp 💀Threats: Shai-hulud, Miasma, Hades, Supply_chain_technique, Aitm_technique, Dead_drop_technique, 🎯Victims: Software, Cybersecurity, Artificial intelligence, Automation, Open source projects, Aqua security, Litellm, Tanstack, Mistral ai, Guardrails ai, ... 🏭Industry: Financial 📚TTPs: ⚔️Tactics: 2 🛠️Technics: 0 🤖LLM extracted TTPs:` T1001.003, T1027, T1078, T1102.003, T1195.001, T1195.002, T1528, T1546, T1550.001, T1562.001, ... 🧨IOCs: - File: 8 - Domain: 1 - Url: 1 - Hash: 3 💽Software: Anthropic, Trivy, LiteLLM, jupyter notebook, TanStack, Mistral, OpenSearch, Claude 🪙Crypto: monero 🔢Algorithms: sha256, pbkdf2, aes-256-gcm 🗂️Win API: In 📜Programming Languages: python, javascript #threatreport: The Shai-Hulud campaign, associated with the threat actor TeamPCP (tracked as UNC6780), has undergone significant evolution since its initial analysis in November 2025. This campaign has notably transitioned from traditional software supply chain attacks to more sophisticated methods that include targeting the Python Package Index (PyPI) and exploiting continuous integration/continuous deployment (CI/CD) workflows, thereby undermining the integrity of established software provenance frameworks like Supply-chain Levels for Software Artifacts (SLSA). A key development occurred in March 2026 when TeamPCP expanded their operations into PyPI by compromising Aqua Security's Trivy vulnerability scanner through a method of GitHub Actions cache poisoning. The attackers leveraged this vulnerability to install malicious binaries in dependency management workflows, particularly affecting the LiteLLM Python library. The persistence mechanism utilized by the malware involved .pth files, which are loaded by Python at startup, enabling the execution of malicious payloads without explicit user action. In May 2026, the campaign escalated with the misuse of GitHub Actions, exploiting a pull_request_target misconfiguration, which allowed attackers to scrape OpenID Connect (OIDC) tokens from the CI runner's memory. These tokens facilitated the publication of malicious packages with valid provenance, even though the newly published 84 artifacts from the TanStack repository appeared legitimate. Such tactics demonstrated a critical exploit of the trust in automated publishing processes, where the underlying infrastructure remained intact but was compromised by malicious contributions. Moreover, the campaign included novel approaches such as prompt injection aimed at bypassing AI-driven security scanning. By manipulating the parsing logic of language models, attackers could misdirect these tools into classifying their payloads as secure, thus allowing the malicious packages to evade detection during automated security triage processes. On May 12, 2026, the public release of the entire worm source code initiated a major shift in the threat landscape, transforming private attack methodologies into public resources. This change complicates attribution efforts as external actors can now utilize and modify the toolkit for their own purposes. The campaign further demonstrated its adaptability by extending its reach beyond traditional package registries. In June 2026, techniques evolved to inject malicious workflows and configuration files directly into developer tooling environments, leading to the suspension of several Microsoft repositories. The risk posed by this shift underscores the necessity for heightened vigilance within software development and deployment ecosystems. The ongoing evolution of Shai-Hulud signifies a systematic assault on various facets of software supply chain security, highlighting vulnerabilities in maintainer authentication, execution during installation, security tooling reliability, and AI-assisted code analysis. The continued innovation and complexity of these attacks necessitate an adaptive defense strategy to safeguard against both known and emerging threats within the cybersecurity landscape.