Backdoored Cemu release linked to TanStack and Mistral supply chain campaign | Datadog Security Labs

MITRE Techniques

• [T1195.001] Compromise Software Dependencies and Development Tools – The attackers poisoned trusted packages in npm and PyPI and reused the same payload in another legitimate release channel (‘a coordinated supply chain campaign poisoned 170 legitimate packages across npm and PyPI’; ‘the poisoned AppImage was hosted on the real Cemu release page’).
• [T1195.002] Compromise Software Supply Chain – The campaign altered upstream distribution artifacts and release assets to deliver malicious code through trusted project channels (‘direct commit to the upstream GitHub repo’; ‘Replacing it required write access to the actual cemu-project/Cemu repository’).
• [T1135] Network Share Discovery – The payload collected Kubernetes secrets and cloud credentials from multiple environments (‘Credential harvesting is broad, covering AWS (Secrets Manager, SSM), Azure Key Vault, GCP Secret Manager, Kubernetes secrets across all namespaces’).
• [T1552.001] Credentials In Files – The malware searched filesystem credentials including SSH keys, GitHub tokens and password managers (‘filesystem credentials including SSH keys, GitHub tokens and password managers’).
• [T1027] Obfuscated Files or Information – The payload used a renamed zipapp and base64-decoded blobs to hide its behavior (‘startup.pyz is a Python zipapp: a renamed zip archive’; ‘decoding a base64 blob, writing it to disk’).
• [T1497.001] System Checks – The malware used Linux-only, locale, and CPU-count checks to avoid analysis (‘it targets Linux hosts only, exiting early if Russian language settings are detected or the CPU count falls below four’).
• [T1204.002] Malicious File – The AppImage/Ubuntu asset executed the payload after installation and user execution (‘silently installs the cryptography package if absent, and immediately runs the entrypoint module’).
• [T1053.005] Scheduled Task/Job: Systemd Service – Persistence was achieved by installing a systemd service (‘installing it as a systemd service (pgsql-monitor.service)’).
• [T1041] Exfiltration Over C2 Channel – Stolen data was POSTed to a command-and-control endpoint (‘results are POSTed to 83[.]142.209[.]194/v1/weights first’).
• [T1105] Ingress Tool Transfer – The malware fetched and installed a dependency before execution (‘install the cryptography package if absent’).
• [T1562.001] Impair Defenses – The destructive component deleted files and attempted to disrupt the host (‘deleting files from the host’s filesystem with rm -rf /’).
• [T1610] Deploy Container – The payload referenced a dead-drop resolver and GitHub commit polling for RSA-signed C2 addresses (‘polls public GitHub commits for RSA-signed C2 addresses’).
• [T1091] Replication Through Removable Media – Not mentioned.