OnyxC2 Malware Campaign Exploiting Fake Software Installers External Inbox CTIA

A Malware-as-a-Service (MaaS) campaign using OnyxC2 is being used by threat
actors to steal credentials and sensitive data from over 210 applications. The campaign delivers infostealer malware through fake software installers and
uses evasion techniques to enable financial fraud and unauthorized access to accounts, systems and crypto assets.

Pulse ID: 6a2ce2ef1e1556ace79c78b3
Pulse Link: https://otx.alienvault.com/pulse/6a2ce2ef1e1556ace79c78b3
Pulse Author: cryptocti
Created: 2026-06-13 04:56:15

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #FinancialFraud #InfoSec #InfoStealer #MaaS #Malware #MalwareAsAService #OTX #OpenThreatExchange #bot #cryptocti

400+ AUR Packages Compromised with Infostealer and Rootkit

https://discourse.ifin.network/t/400-aur-packages-compromised-with-infostealer-and-rootkit/577

#linux #arch #archlinux #aur #infostealer

Malware Exploits Arch Linux Packages to Spread Rootkit, Infostealer

Over 400 Arch Linux packages were compromised in a shocking discovery, distributing a sneaky Linux rootkit and infostealer to unsuspecting users through the Arch User Repository (AUR). A cleverly spoofed maintainer account was used to modify the packages and download malicious code.

https://osintsights.com/malware-exploits-arch-linux-packages-to-spread-rootkit-infostealer?utm_source=mastodon&utm_medium=social

#LinuxMalware #ArchLinux #Rootkit #Infostealer #Aur

11.1 million devices infected with infostealers in 2025. 3.3 billion credentials now circulating in criminal markets.

Vidar surged to 73% of infected hosts by early 2026. Lumma dropped to 1.1%. The ecosystem rotates tools faster than detection catches up.

MaaS entry point: $60/month. Less than most SaaS subscriptions.

The ransomware connection that gets overlooked: stolen VPN/RDP credentials are how attackers enter the perimeter as legitimate users, weeks before the payload fires.

Full breakdown: https://relayshield.hashnode.dev/infostealers-credential-theft-2025

#infosec #infostealer #malware #threatintel #ransomware #cybersecurity

AUR Packages Compromised with Infostealer and Rootkit

https://discourse.ifin.network/t/400-aur-packages-compromised-with-infostealer-and-rootkit/577

#HackerNews #AUR #Packages #Compromised #Infostealer #Rootkit #Cybersecurity #Vulnerabilities

Fake software tutorials on TikTok are being used to deliver Vidar infostealer malware - “how-to” videos are becoming malware distribution channels. Trust the source before you trust the shortcut. 🎥⚠️ #Infostealer #SocialEngineering

https://www.infosecurity-magazine.com/news/fake-software-videos-tiktok-vidar/

Russia-aligned groups are still exploiting a patched WinRAR flaw (CVE-2025-8088) to target Ukrainian organisations with stealer malware and espionage toolchains. 🔐
The attacks use crafted archives and persistence tricks, showing how delayed patching keeps known entry points open. 🧩

🔗 https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html

#TechNews #Cybersecurity #WinRAR #RAR #ZIP #Ukraine #Russia #Ukrainian #Russianinvasion #CVE2025 #CVE #Malware #Infostealer #Espionage #Hacking #ThreatIntel #Security #Infosec #APT #Patch

Scammers are abusing TikTok and Instagram Reels to spread Vidar infostealer malware - short-form content is becoming a long-term security risk. Entertainment and deception now share the same feed. 📱🎭 #Infostealer #SocialEngineering

https://hackread.com/scammers-tiktok-instagram-reels-vidar-infostealer/