A suspected nation-state threat actor has developed Airstalk, a sophisticated malware targeting enterprise environments through supply chain attacks, leveraging AirWatch API for covert communication. The malware can exfiltrate sensitive browser data and system files, potentially compromising BPO organizations and their clients. #Airstalk #CL-STA-1009
Keypoints
- Airstalk is linked to a nation-state threat actor targeting enterprise supply chains.
- The malware uses the AirWatch API to establish covert command-and-control channels.
- Variants include PowerShell and more advanced .NET versions with expanded capabilities.
- The malware can perform actions like taking screenshots, harvesting cookies, and exfiltrating browser profiles.
- It is currently unknown how Airstalk is distributed or its specific targets, but BPO sectors are likely victims.
Read More: https://thehackernews.com/2025/10/nation-state-hackers-deploy-new.html