malware

According to SlowMist monitoring, a new type of Rust supply chain malware activity named IronWorm is attacking developer environments and the Web3 ecosystem through malicious npm packages. Potential attack behaviors include credential theft, wallet mnemonic and password theft, GitHub repository tampering, malicious package publishing, CI/CD secret leakage, Tor-based command control, and eBPF rootkit stealth.Security teams should audit the repository for backtracked commits, suspicious branches, unexpected build hooks, and commits from automated identities such as claude, dependabot, renovate, or github-actions. It is recommended to remove or deprecate affected package versions, publish clean versions, rotate all leaked keys and tokens, review GitHub Actions artifacts, and rebuild potentially compromised development or CI systems from clean images.

GitHub has updated the details of the investigation into the unauthorized access incident of its internal repositories: GitHub detected and contained an incident yesterday involving an employee's device being compromised, which involved a maliciously implanted VS Code extension. GitHub removed the malicious extension, isolated the affected terminals, and immediately initiated an incident response. Current assessments show that only GitHub's internal repositories experienced data exfiltration, and the approximately 3,800 repositories claimed by the attackers are roughly consistent with the investigation results. GitHub has prioritized rotating critical credentials, is analyzing logs, verifying credential rotations, and monitoring subsequent activities, with a complete report to be released after the investigation is concluded.Additionally, Slow Mist's Chief Information Security Officer 23pds commented on this incident, stating: "By analyzing leaks from cybercrime forums, hackers may have used Anthropic's Mythos security AI to precisely breach GitHub's defenses and steal information from about 4,000 core internal repositories: including the source code for Copilot, the algorithms for CodeQL, the Actions runtime, and the entire billing system. Further analysis of this code could lead to subsequent attacks, having a profound security impact on the integration of the open-source community."

The Chief Information Security Officer of Slow Fog, 23pds, disclosed on platform X that node-ipc has been compromised again. The released three malicious versions of node-ipc (9.1.6, 9.2.3, 12.1) carry the same credential-stealing payload, with the package being downloaded over 10 million times per week.

According to Decrypt, Microsoft's threat intelligence department disclosed that attackers implanted malicious code into the Mistral AI package distributed through the PyPI platform. This malicious code automatically runs when developers use it on Linux systems, downloading a malicious file named transformers.pyz and executing it in the background, with the filename deliberately mimicking the widely used Hugging Face Transformers library to confuse users.Microsoft pointed out that this malware primarily steals developer login credentials and access tokens, and it avoids Russian systems. Some of the code can randomly delete device files located in Israel or Iran. This attack is related to the "Shai-Hulud" supply chain attack campaign that started in September. Mistral responded that investigations show the attack originated from compromised developer devices, and the company's infrastructure was not breached.

According to the blockchain security organization SlowMist (@SlowMist_Team), a highly complex npm worm named "Mini Shai-Hulud" is spreading through well-known developer projects such as TanStack, UiPath, and DraftLab, as monitored by their threat monitoring system MistEye. Attackers hijack GitHub credentials to publish malicious packages disguised as legitimate updates, embedding a hidden script router_init.js that runs silently in CI/CD environments like GitHub Actions, specifically designed to steal CI/CD keys, cloud infrastructure keys, and cryptocurrency wallet information, using GitHub's own infrastructure for data exfiltration.SlowMist has synchronized relevant threat intelligence (IOC) with clients and recommends that projects using the affected packages immediately check their CI/CD pipelines for the presence of the router_init.js file, rotate all exposed GitHub, cloud service, and cryptocurrency credentials, and continuously monitor for abnormal background activities in the development environment.

According to market news, Microsoft's security research team has discovered that attackers have been inducing users to run malicious terminal commands by publishing fake macOS troubleshooting guides since the end of 2025, thereby stealing cryptocurrency wallets, iCloud data, and passwords saved in browsers.These fake guides are published on platforms such as Medium, Craft, and Squarespace, targeting common user issues like freeing up disk space or fixing system errors, and tricking users into copying and pasting malicious commands into the terminal, which automatically downloads and runs malware. This social engineering technique, named ClickFix, bypasses macOS's Gatekeeper security mechanism because the victims are actively executing the commands.The malware families involved include AMOS, Macsync, and SHub Stealer, which can steal cryptocurrency wallet keys from Exodus, Ledger, and Trezor, as well as usernames and passwords saved in Chrome and Firefox. In some cases, attackers also delete legitimate wallet applications and replace them with trojan versions. Apple has added a protective feature in macOS version 26.4 to prevent the pasting of potentially malicious commands.

According to research by OpenSourceMalware, the North Korean hacker group Lazarus has adopted new techniques in malicious activities targeting developers, such as "infectious interviews" and "TaskJacker," hiding the second-stage loader in the pre-commit scripts of Git Hooks. "Infectious interviews" is a series of attack activities where the organization lures developers into cloning malicious code repositories by faking recruitment processes in the cryptocurrency/DeFi field, ultimately stealing crypto assets and credentials.Researchers recommend that developers who are asked to clone code repositories as part of the interview process should be wary of such risks and preferably run in an isolated environment to avoid mounting personal browser configurations, SSH keys, and cryptocurrency wallets.

According to Slow Fog CISO @im23pds's post on the X platform: attackers used 13 accounts to implant 575 malicious Skills into Hugging Face and ClawHub.

Vercel's CEO Guillermo Rauch tweeted that the team has completed an in-depth security investigation, analyzing nearly 1 PB of complete Vercel network and API logs, far exceeding the initial Context.ai account breach incident.The investigation revealed that the attackers' activities extended beyond Context.ai and have distributed malware on a broader scale, targeting account keys from platforms like Vercel. Once the keys are obtained, the attackers quickly and comprehensively enumerate non-sensitive environment variables. Current measures include deepening collaboration with industry partners such as Microsoft, AWS, and Wiz to jointly protect the broader internet ecosystem; other suspected victims have been notified and advised to immediately rotate credentials and strengthen security best practices.

According to CoinDesk, monitoring by CertiK reveals that the Lazarus Group is conducting an attack operation named Mach-O Man targeting executives in the fintech and cryptocurrency industries. This operation utilizes ClickFix social engineering techniques, sending fake online meeting invitations to lure victims into pasting repair commands on their Mac terminals, thereby gaining access to company and financial systems.CertiK researcher Natalie Newson stated that the Lazarus Group has stolen over $500 million through attacks on Drift and KelpDAO in the past two weeks. Mach-O Man is a modular macOS malware toolkit developed by the Chollima division of the Lazarus Group, capable of automatically deleting itself after use to evade detection.Additionally, attackers have implemented this attack by hijacking DeFi project domain names and replacing them with fake Cloudflare messages.

According to monitoring by the blockchain security firm SlowMist, MistEye has received threat intelligence from the community indicating that a malware named "MacSync Stealer" (v1.1.2) is active and highly destructive. This malware targets macOS users, stealing sensitive data including cryptocurrency wallets, browser credentials, system keychains, and infrastructure keys (SSH/AWS/K8s).The malware uses a spoofed AppleScript system dialog for phishing and displays fake error messages stating "unsupported" after data leakage. It has immediately synchronized this IOC (Indicator of Compromise) to clients. Do not execute unverified macOS scripts and remain highly vigilant against unexpected system password prompts. If an attack is suspected, immediate remediation is required: change all infrastructure credentials (SSH/AWS/K8s), invalidate any exposed keychains, and quickly migrate cryptocurrency assets to a secure wallet.

Bybit's Security Operations Center has discovered a multi-stage malware attack targeting macOS users of the search AI development tool Claude Code.Attackers used search engine optimization poisoning to push malicious domains to the top of Google search results, luring users into a counterfeit installation page, thereby stealing browser credentials, macOS keychain, Telegram sessions, VPN configurations, and cryptocurrency wallet information. Bybit stated that the malware can also establish persistent access through backdoor programs and attempts to target over 250 browser wallet extensions and multiple desktop wallet applications. This malicious infrastructure was identified on March 12, and relevant analysis, mitigation, and detection measures were completed on the same day.

According to the threat intelligence released by the SlowMist security team, its threat intelligence system MistEye has received community feedback regarding an active social engineering attack targeting cryptocurrency users.The attackers contact target users under the pretext of project collaboration, luring them to use a counterfeit "Harmony Voice" software (domain: harmony-voice[.]app) for so-called real-time translation, which is actually malware. SlowMist has synchronized the relevant threat intelligence (IOC) to its corporate clients.

The attacker stole the npm access token of the chief maintainer of Axios, the most popular HTTP client library for JavaScript, and used that token to publish two malicious versions containing cross-platform remote access trojans (RATs) ([email protected] and [email protected]), targeting macOS, Windows, and Linux systems. The malicious packages were removed from the npm registry about 3 hours after being published.According to data from security company Wiz, Axios is downloaded over 100 million times weekly and exists in about 80% of cloud and code environments. Security company Huntress detected the first infections just 89 seconds after the malicious packages went live and confirmed that at least 135 systems were compromised during the exposure window. Notably, the Axios project had previously deployed modern security measures such as OIDC trusted publishing mechanisms and SLSA provenance proofs, but the attacker completely bypassed these defenses. Investigations revealed that while configuring OIDC, the project retained the traditional long-lived NPM_TOKEN, and npm defaults to using the traditional token when both coexist, allowing the attacker to publish without breaching OIDC.

According to GoPlus Security, a piece of malware named Infiniti Stealer is targeting Mac users' cryptocurrency wallets and sensitive credentials through a "ClickFix" social engineering attack method.The attackers forge a highly realistic Cloudflare CAPTCHA page to lure users into opening the terminal and manually pasting malicious commands. After executing the command, the script removes the macOS quarantine attribute and silently writes subsequent payloads to the /tmp directory. The final payload is a native macOS binary compiled with Nuitka, significantly increasing the difficulty of detection by security tools. Once deployed, Infiniti Stealer can steal Chromium / Firefox browser credentials, macOS Keychain, cryptocurrency wallets, and developer key files (such as .env files), and it has sandbox detection and delayed execution capabilities to evade tracking.

According to Cryptopolitan, a new type of malware called GhostClaw is targeting cryptocurrency wallets on macOS devices.This malware disguised itself as a legitimate OpenClaw CLI tool and was present in the npm registry for a week before being removed after infecting 178 developers. Once developers run the "npm install" command, a hidden script globally installs the GhostClaw package and evades detection through obfuscated configuration files. GhostClaw scans the clipboard every three seconds, capturing private keys, seed phrases, public keys, and other cryptocurrency wallet and transaction-related data.After the second stage payload is downloaded, GhostLoader scans for cryptocurrency wallet data in the Chromium browser, macOS Keychain, and system storage, clones browser sessions to gain access to logged-in wallets, and steals API Tokens that connect to AI platforms such as OpenAI and Anthropic. The stolen data is sent to the attackers via Telegram, GoFile, and command servers.

Hackers have launched Android malware attacks in Brazil by spoofing a phishing page that mimics the Google Play Store. Currently, all known victims are located in Brazil.The attackers set up a phishing website that closely resembles Google Play, enticing users to download a fake application called "INSS Reembolso." Once installed, the application releases hidden malicious code in stages and loads it directly into memory, leaving no visible files on the device, which makes it highly stealthy. One of the core functions of the malware is cryptocurrency mining, with an embedded XMRig mining program compiled for ARM devices that silently connects to the attacker's controlled mining server in the background. The program monitors battery level, temperature, and device usage status, dynamically adjusting mining behavior to evade detection, and bypasses Android's background process management mechanism by looping silent audio files.Some variants also include banking trojans that can overlay fake pages on the USDT transfer interface of Binance and Trust Wallet, silently replacing the recipient address. Additionally, the malware supports various remote control commands such as recording, screenshotting, keylogging, and remote locking of the device.

According to 23pds, the Chief Information Security Officer of Slow Fog Technology, an intelligence system has discovered a malicious npm package named "@openclaw-ai/openclawai" that is implementing a multi-layer attack.This malicious package disguises itself as a legitimate command-line tool called OpenClaw Installer, aimed at stealing sensitive user information, including system credentials, cryptocurrency wallet private keys, browser data, SSH keys, and Apple Keychain database, among others.

GoPlus Chinese community issued a warning on platform X, stating that North Korean hackers have published a set of 26 malicious packages to the npm registry. These malicious packages come with an installation script ("install.js") that automatically executes during the package installation process, running malicious code located in "vendor/scrypt-js/version.js".The malicious code downloads and executes a remote access trojan (RAT) via the same malicious URL, implementing malicious activities such as keylogging, clipboard theft, browser credential collection, TruffleHog secret scanning of Git repositories, and SSH key theft. This incident is related to a North Korean hacking activity known as "Famous Chollima".

According to Cointelegraph, hackers are using the "ClickFix" attack method to steal cryptocurrencies, with the latest two attacks involving impersonating venture capital firms and hijacking browser extensions.Cybersecurity company Moonlock Lab reports that scammers impersonate fake VCs such as SolidBit, MegaBit, and Lumax Capital, contacting users via LinkedIn to offer collaboration opportunities, then directing them to click on fake Zoom and Google Meet links. After clicking the link, users are led to a page with a forged Cloudflare "I'm not a robot" verification box; clicking this box copies malicious commands to the clipboard and prompts users to open a terminal to paste the so-called verification code, thus executing the attack.Moonlock Lab points out that this method turns victims into execution mechanisms, bypassing defenses in the security industry. Meanwhile, hackers are also spreading malware by hijacking the Chrome extension QuickLens. This extension allows users to run Google Lens searches directly in the browser, and after ownership was transferred, the new version contains malicious scripts that can initiate ClickFix attacks and steal information.The extension has about 7,000 users, and once hijacked, it searches for cryptocurrency wallet data and recovery phrases to steal funds, as well as scraping Gmail inbox content, YouTube channel data, and login credentials or payment information entered in web forms. The extension has been removed from the Chrome Web Store. The ClickFix technique has been popular among hackers since last year, forcing victims to manually execute malicious payloads, affecting thousands of businesses and multiple industries worldwide.