Threat Research | Weekly Recap [29 Mar 2026]

Supply chain & developer ecosystem

• Trojanized PyPI/OpenVSX releases of LiteLLM executed staged payloads to harvest secrets, target Kubernetes, and maintain persistence — LiteLLM supply‑chain trojan
• TeamPCP used compromised CI/CD credentials to inject credential‑stealers into Trivy and related actions, poisoning developer pipelines — Trivy supply‑chain guidance
• Datadog links the LiteLLM compromise to a five‑day TeamPCP campaign that spread through npm, Checkmarx, and other ecosystems — LiteLLM: TeamPCP campaign
• Additional compromised Trivy Docker images contained TeamPCP stealer artifacts; avoid affected images and treat recent runs as exposed — Trivy Docker images compromised
• Telnyx Python SDK releases were trojanized on PyPI to deliver credential‑harvesters; PyPI quarantined releases and rollbacks are advised — Telnyx SDK compromise
• GlassWorm distributed malicious npm/PyPI/VSCode packages with hidden installers and Solana‑based payload retrieval, ending in infostealers and fake Chrome extensions — GlassWorm package supply‑chain abuse
• Attackers published trojanized GitHub repos (300+ lures) delivering a LuaJIT loader and encrypted scripts — AI‑assisted lure factory ties to TroyDen — OpenClaw / TroyDen lure factory
• Malicious npm packages presented fake install logs to phish for sudo passwords and drop a RAT that steals wallets and data — npm fake‑install logs / Ghost campaign

Credential theft, phishing & platform abuse

• Threat actors abuse Cloudflare Workers, Tunnels and Pages to host convincing AiTM phishing pages and covert malware delivery on trusted domains — Cloudflare services abused
• Railway.com PaaS and multi‑hop redirect chains were used to host Microsoft 365 token‑harvesting backends for the EvilTokens service — Railway / EvilTokens token phishing
• Convincing Xiaomi HR/IT phishing pages captured credentials via a counterfeit Mi Account login hosted at amolikhousing[.]co — Xiaomi credential phishing
• Fake Avast site staged a “virus scan” to push Venom Stealer (disguised as Avast_system_cleaner.exe) that exfiltrated browser credentials and wallets — Bogus Avast / Venom Stealer
• FriendlyDealer faked app‑store pages across 1,500+ domains to push PWAs redirecting victims to gambling offers (affiliate monetization) — FriendlyDealer PWA scam
• Keitaro adtech/trackers are widely abused as cloakers/TDS to scale phishing, malvertising, and malware delivery (DonutLoader, wallet‑drainer campaigns) — Keitaro abuse in distribution
• Dead Infrastructure Hijacking (expired domains, SaaS CNAME takeovers, bucket squatting) lets attackers inherit trust and receive sensitive traffic — Dead Infrastructure Hijacking
• Recruitment‑style spear‑phishing impersonating Palo Alto Networks talent acquisition targeted senior professionals to monetize via fake ATS/resume services — PANW recruiter impersonation

Malware campaigns, RATs & loaders

• EtherRAT (Node.js) retrieves C2 from Ethereum smart contracts (EtherHiding), performs broad fingerprinting and uses CDN‑like HTTPS beacons to blend traffic — EtherRAT / EtherHiding analysis
• Elastic uncovered BRUSHWORM (modular backdoor) and BRUSHLOGGER (DLL side‑loading keylogger) deployed against a South Asian bank with USB‑spread and AES/XOR log handling — BRUSHWORM & BRUSHLOGGER
• New macOS Infiniti Stealer uses ClickFix lures and Nuitka‑compiled Python payloads to harvest Keychain, browser data, wallets and developer secrets — Infiniti Stealer (macOS)
• Multi‑stage campaign used VBS launchers, fileless PowerShell, PNG‑embedded .NET (PhantomVAI) to deliver Remcos RAT and XWorm variants from Cloudflare‑backed hosts — Multi‑vector malware delivery (Remcos / XWorm)
• Kamasers botnet offers multi‑vector DDoS with resilient Dead Drop Resolver C2 and loader functionality for follow‑on payloads — Kamasers DDoS botnet
• China‑linked set Silver Fox blends APT‑style backdoors (ValleyRAT, HoldingHands) with opportunistic campaigns and a compiled Python stealer exfiltrating to xqwmwru[.]top — Silver Fox operations
• Actor targeting exposed MS‑SQL servers deployed the Go‑based ICE Cloud Client scanner to harvest MSSQL credentials and report successes to C2 — ICE Cloud Scanner (Larva‑26002)
• Securelist refined CoolClient IoCs: a HoneyMyte campaign used updated CoolClient backdoor to deploy browser stealers and reconnaissance scripts — CoolClient / HoneyMyte campaign

Web threats & exploitation

• Large‑scale Magecart operation hijacked eStores (100+ domains) with multi‑stage JS loaders and WebSocket exfil to steal card data and shift fraud impact to banks — Magecart targeting Spain
• High‑interaction honeypot observed rapid exploitation of unauthenticated Oracle WebLogic RCE (CVE‑2026‑21962) and continued scans for legacy RCEs — WebLogic honeypot — CVE‑2026‑21962
• Comprehensive web shell guidance: types, deployment vectors (RFI/LFI, SQLi, file upload flaws), persistence methods and removal recommendations — Web shells: mitigation & removal

Advanced persistence, rootkits & exploit chains

• Leaked source exposes VoidLink, a hybrid LKM–eBPF Linux rootkit with ICMP C2, anti‑debug, delayed init and eBPF Netlink hiding across multiple kernel versions — VoidLink rootkit analysis
• Google GTIG detailed DarkSword, a JavaScript iOS full‑chain exploit (six vulnerabilities) used to deliver GHOSTBLADE/GHOSTKNIFE/GHOSTSABER by commercial vendors and suspected state actors — DarkSword iOS exploit chain
• Datadog revisits CVE‑2020‑8561: an “unpatchable” Kubernetes attack path combining ValidatingWebhookConfiguration SSRF with API server profiling to leak full responses when cluster creds exist — Kubernetes CVE‑2020‑8561 analysis

Strategic targeting, espionage & campaign clusters

• CloudSEK warns MLOps and exposed AI infrastructure (100+ credential sets, 80+ unauthenticated MLOps deployments) are strategic targets amid regional kinetic escalation — AI infrastructure as strategic target
• Pawn Storm (APT28) deployed PRISMEX against Ukrainian defense supply chain using steganography, cloud abuse and newly disclosed CVEs for resilient fileless execution — Pawn Storm / PRISMEX
• Unit 42 mapped coordinated espionage against a Southeast Asian government using USB‑spread loaders (USBFect/HIUPAN), PUBLOAD backdoor and multiple RATs suggesting China‑aligned sets — SE Asia espionage clusters
• M‑Trends 2026 highlights bifurcated adversary behavior (fast, destructive criminals vs. persistent espionage), rising token theft/voice phishing and recommends identity controls and extended logging — M‑Trends 2026 takeaways

Tools, detection & defender guidance

• Elastic Workflows automates alert triage in Kibana with YAML playbooks, enrichment, threat intel lookups and AI steps to scale investigations — Elastic Workflows automation
• Elastic Security XDR centralizes endpoint telemetry, forensics (osquery), Device Control and automated workflows for cross‑environment investigations — Elastic Security XDR
• CrowdStrike’s Falcon Next‑Gen SIEM adds third‑party EDR support (starting with Microsoft Defender), federated search and a Query Translation Agent for migrations — Falcon Next‑Gen SIEM update
• EclecticIQ offers free, time‑limited TIP Bundles to test vendor integrations (sandboxing, reversing, VMRay, vulnerability intel) in real SOC workflows — EclecticIQ TIP Bundles
• Sysdig highlights risks from local AI coding agents running on developer machines — review agent behavior and credential exposure in dev environments — AI coding agents on hosts

Threat Research | Weekly Recap – hendryadrian.com