RE: https://social.tchncs.de/@gborn/116380074049025577

Ich reich das mal ungeprüft weiter, sicher ist sicher:

#cpuz #hwmonitor #cpuid #Trojaner #trojan

RE: https://social.tchncs.de/@gborn/116380074049025577

Alarm an alle PC / Windows Nutzer

#cpuz #hwmonitor #cpuid #Trojaner #trojan #security

und einen schönen Start ins Wochenende!

NPM Package Supply Chain Compromise Leads to RAT Deployment

A supply chain attack targeting the Axios npm package has been identified after threat actors compromised the npm account of the company's lead developer. Malicious versions ([email protected] and [email protected]) were published containing a hidden dependency that executed postinstall scripts during npm installation. This automated execution downloaded and deployed a remote access trojan on affected systems without requiring user interaction, making it particularly dangerous for developer environments and CI/CD pipelines. The compromise resulted in full remote access capabilities, potential credential exposure including API keys and SSH keys, and possible insertion of malicious code into software builds. Detection platforms identified suspicious process execution chains involving npm spawning command interpreters and network utilities, followed by outbound connections to attacker-controlled infrastructure.

Pulse ID: 69d8b0c258b4fef5541358bb
Pulse Link: https://otx.alienvault.com/pulse/69d8b0c258b4fef5541358bb
Pulse Author: AlienVault
Created: 2026-04-10 08:11:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #NPM #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SSH #SupplyChain #Trojan #Troll #bot #iOS #AlienVault

Il colloquio di lavoro come arma: Lazarus Group e la campagna Graphalgo contro gli sviluppatori crypto

https://insicurezzadigitale.com/il-colloquio-di-lavoro-come-arma-lazarus-group-e-la-campagna-graphalgo-contro-gli-sviluppatori-crypto/

Stealer Campaign Impacting SLTT macOS Users

MacSync Stealer is a macOS infostealer operating as Malware-as-a-Service (MaaS), distributed through SEO poisoning and fake ClickFix CAPTCHAs. The campaign has evolved through three iterations since November 2025, shifting from fake download sites to malicious ChatGPT conversations and finally to sophisticated shell-based loaders with dynamic AppleScript payloads. Threat actors use Google-sponsored search results to redirect victims to fake CAPTCHA pages that trick users into executing malicious terminal commands. The stealer targets browser credentials, cryptocurrency wallets, SSH keys, cloud provider credentials, and Keychain data. A critical capability includes trojanizing Ledger hardware wallet applications to capture seed phrases. The February 2026 campaign generated over 18,000 clicks in three days, with Russian-language comments suggesting operators work within a Russian-speaking ecosystem. The malware employs API key-gated C2 infrastructure and in-memory execution for evasion.

Pulse ID: 69d7ed2e323d7edb856fa161
Pulse Link: https://otx.alienvault.com/pulse/69d7ed2e323d7edb856fa161
Pulse Author: AlienVault
Created: 2026-04-09 18:17:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CAPTCHA #ChatGPT #Cloud #CyberSecurity #Edge #Google #InfoSec #InfoStealer #MaaS #Mac #MacOS #Malware #MalwareAsAService #OTX #OpenThreatExchange #RAT #Russia #SEOPoisoning #SSH #Trojan #bot #cryptocurrency #AlienVault

Malware Delivers ClipBanker Through Sophisticated Infection Chain

Beware of a sneaky malware that can swap out the cryptocurrency wallet address you copied with a fake one, just by pasting a malicious software masquerading as Proxifier - putting your digital assets at risk. This Trojan uses a multi-stage infection chain to deliver ClipBanker, a stealthy threat that hijacks your clipboard.

https://osintsights.com/malware-delivers-clipbanker-through-sophisticated-infection-chain?utm_source=mastodon&utm_medium=social

#Clipbanker #Trojan #Proxifier #Malware #Cryptocurrency

ClipBanker Trojan masquerades as Proxifier software | Securelist

Kaspersky is the world’s leading anti-virus company, which has developed a range of tools to combat malware, but is also one of the most well-known security firms.

Pulse ID: 69d7966702a0faac1e96ea52
Pulse Link: https://otx.alienvault.com/pulse/69d7966702a0faac1e96ea52
Pulse Author: CyberHunter_NL
Created: 2026-04-09 12:07:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #CyberSecurity #InfoSec #Kaspersky #Malware #OTX #OpenThreatExchange #SecureList #Trojan #bot #CyberHunter_NL

North Korea's Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads

A North Korean threat operation has published malicious packages across npm, PyPI, Go Modules, crates.io, and Packagist, impersonating legitimate developer tooling. The campaign uses GitHub aliases including golangorg and aokisasakidev to distribute staged malware loaders that contact actor-controlled infrastructure, retrieve payloads from Google Drive, and deliver platform-specific second-stage malware. The loaders are hidden behind normal-looking API functions in logging and utility libraries. Windows variants include full remote access trojans with capabilities for shell execution, keylogging, browser and wallet theft, sensitive file collection, and AnyDesk deployment. The operation demonstrates coordinated cross-ecosystem supply chain attacks with shared infrastructure patterns, reused extraction directories, and consistent staging logic across multiple programming languages.

Pulse ID: 69d61d25c472b8eb580c2996
Pulse Link: https://otx.alienvault.com/pulse/69d61d25c472b8eb580c2996
Pulse Author: AlienVault
Created: 2026-04-08 09:17:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #Browser #CyberSecurity #GitHub #Golang #Google #InfoSec #Korea #Malware #NPM #NorthKorea #OTX #OpenThreatExchange #PyPI #RAT #RemoteAccessTrojan #SupplyChain #Trojan #Troll #Windows #bot #AlienVault

Threat Brief: Widespread Impact of the Axios Supply Chain Attack

A sophisticated supply chain attack compromised the Axios JavaScript library after threat actors hijacked an npm maintainer account, releasing malicious versions v1.14.1 and v0.30.4. These versions contained a hidden dependency called plain-crypto-js, which deployed a cross-platform remote access Trojan affecting Windows, macOS, and Linux systems. The malware performed reconnaissance, established persistence, and included self-destruct capabilities for evasion. Using a heavily obfuscated dropper script, the attack fetched platform-specific payloads from a command-and-control server while disguising traffic as legitimate npm registry requests. All variants shared identical C2 protocols and beaconed every 60 seconds. The campaign impacted multiple sectors across the U.S., Europe, Middle East, South Asia, and Australia, with analysis showing overlap with DPRK-linked operations.

Pulse ID: 69cda35868f6af78fc09b167
Pulse Link: https://otx.alienvault.com/pulse/69cda35868f6af78fc09b167
Pulse Author: AlienVault
Created: 2026-04-01 22:59:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #Australia #CyberSecurity #DPRK #ELF #Europe #InfoSec #Java #JavaScript #Linux #Mac #MacOS #Malware #MiddleEast #NPM #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SouthAsia #SupplyChain #Trojan #Windows #bot #iOS #AlienVault