It's been a busy 24 hours in the cyber world with significant updates on supply chain attacks affecting developers and marketing SDKs, alongside new warnings about AI agent vulnerabilities. Let's dive in:

AppsFlyer SDK Spreads Crypto Stealer ⚠️

- The AppsFlyer Web SDK was compromised, delivering malicious JavaScript that hijacked cryptocurrency transactions by replacing legitimate wallet addresses with attacker-controlled ones.
- AppsFlyer confirmed a domain registrar incident on March 10, 2026, which temporarily exposed a segment of customer websites to unauthorised code, though their mobile SDK was unaffected.
- Organisations using the SDK should review telemetry for suspicious API requests, consider downgrading to known-good versions, and investigate potential compromises, as the full scope is still under investigation.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/appsflyer-web-sdk-used-to-spread-crypto-stealer-javascript-code/

GlassWorm Escalates Supply Chain Attacks 🛡️

- The GlassWorm campaign has significantly escalated, now abusing extensionPack and extensionDependencies in Open VSX extensions to turn benign-appearing packages into transitive delivery vehicles for malware.
- Researchers discovered at least 72 new malicious Open VSX extensions targeting developers, mimicking popular utilities and AI coding assistants, often using invisible Unicode characters to hide payloads.
- The campaign retains hallmarks like avoiding Russian locales and using Solana transactions for C2 resilience, but now features heavier obfuscation, rotating Solana wallets, and potentially uses LLMs to generate convincing cover commits for malicious injections in GitHub and npm.

📰 The Hacker News | https://thehackernews.com/2026/03/glassworm-supply-chain-attack-abuses-72.html

OpenClaw AI Agent Flaws Pose Major Risks 🔒

- China's CNCERT has warned about significant security flaws in the OpenClaw open-source AI agent, stemming from weak default configurations and its privileged system access.
- Risks include prompt injection attacks (indirect and cross-domain), where malicious instructions can trick the agent into leaking sensitive data, even via messaging app link previews without user clicks.
- Other concerns involve inadvertent data deletion, malicious skills from repositories like ClawHub, and exploitation of recently disclosed vulnerabilities, leading to potential data exfiltration or system paralysis.

📰 The Hacker News | https://thehackernews.com/2026/03/openclaw-ai-agent-flaws-could-enable-prompt-injection-and-data-exfiltration/

#CyberSecurity #SupplyChainAttack #Malware #CryptoStealer #AI #PromptInjection #Vulnerabilities #InfoSec #ThreatIntelligence #DeveloperSecurity #WebSecurity

ZeroDayRAT: il malware che copisce Android e iOS
#Android #CryptoStealer #CyberSecurity #iOS #iPhone #Keylogger #Malware #Phishing #Privacy #Sicurezza #Smartphone #Smishing #Spyware #ZeroDayRAT

https://www.ceotech.it/zerodayrat-il-malware-che-copisce-android-e-ios/

With cryptocurrencies reaching record values in H2 2024, cryptocurrency wallet data was one of the prime targets of cybercriminals. In ESET telemetry, this was reflected in a rise in #cryptostealer detections across multiple platforms, specifically Windows, macOS, Android.

The increase was most dramatic on macOS, where Password Stealing Ware targeting cryptocurrency wallets more than doubled. Windows #cryptostealers grew by 56%, and Android financial threats, targeting banking apps and wallets, grew by 20%.

Read more about threats targeting cryptocurrency wallets on various platforms in the latest #ESETThreatReport from #ESETresearch: https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-threat-report-h22024.pdf