Socket detected a coordinated typosquatting npm campaign dubbed “StegaBin” that published 26 malicious packages which use Pastebin-based character-level steganography to hide Vercel C2 infrastructure and deliver a multi-stage installer that ultimately deploys a RAT and a nine-module infostealer targeting developer artifacts. The activity is consistent with the North Korean-aligned cluster tracked as FAMOUS CHOLLIMA / Contagious Interview and includes a shared loader (vendor/scrypt-js/version.js, SHA256: da1775d0…) and live C2 at 103[.]106[.]67[.]63:1244. #StegaBin #FAMOUS_CHOLLIMA
Search Results for: FAMOUS_CHOLLIMA
This report analyzes various cyber threats targeting diverse sectors, with a focus on malicious campaigns and tools utilized by actors from different regions. Notably, the Sandworm APT’s espionage against Ukrainian users highlights threats to national securityβ¦