Malicious Go Module Exfiltrates SSH Credentials via Telegram Bot

A new version of the ChillyHell modular backdoor malware targeting macOS has been discovered. The malware, first seen in 2022, was used in attacks against Ukrainian officials and has now resurfaced with updated capabilities. ChillyHell provides remote access, payload delivery, and password brute-forcing. The malware was notarized by Apple in 2021 and has been publicly hosted on Dropbox since then. The malware disguises itself as an executable applet and deploys as a persistent backdoor, capable of retrieving sensitive data and evading detection. It employs multiple persistence mechanisms and can communicate over different protocols. It also features timestamping to cover its tracks. Apple has revoked the notarization of the developer certificates associated with the malware after being notified. ChillyHell is written in C++ and targets Intel architectures. It is attributed to an uncategorized threat cluster dubbed UNC4487, which has been active since at least October 2022. UNC4487 is suspected to be an espionage actor targeting Ukrainian government entities.

A new AI-powered ransomware strain named 'PromptLock' has been discovered by ESET researchers. This ransomware uses an AI model to generate scripts on the fly, making it difficult to detect. The malware is currently in development and has not been observed in active attacks. It is designed to exfiltrate files, encrypt data, and potentially destroy files. The ransomware was uploaded to VirusTotal from the United States and is written in the Go programming language, with variants for Windows, Linux, and macOS systems. The Bitcoin address associated with PromptLock appears to belong to Satoshi Nakamoto. PromptLock uses the SPECK 128-bit encryption algorithm to lock files and can generate custom notes based on the files affected and the type of infected machine.

UNC6384, a China-nexus threat actor, has been deploying PlugX malware to diplomats in Southeast Asia and other global entities. The campaign, detected in March 2025, uses captive portal hijacks, adversary-in-the-middle (AitM) attacks, and valid code signing certificates to evade detection. The PlugX variant, SOGU.SEC, is delivered via a digitally signed downloader called STATICPLUGIN. The malware supports commands for file exfiltration, keystroke logging, remote command shells, and file upload/downloads. The attack chain involves redirecting web traffic through a captive portal to a threat actor-controlled website, where the malware is downloaded. The malware is disguised as an Adobe Plugin update, using a legitimate-looking HTTPS connection with a valid TLS certificate. The campaign highlights the sophistication of PRC-nexus threat actors and their evolving operational capabilities. The campaign targeted approximately two dozen victims, primarily Southeast Asian diplomats, between March and July 2025. The malware used a blank landing page with a valid TLS/SSL certificate issued by Let's Encrypt to evade browser security warnings. The STATICPLUGIN downloader employed a valid code-signing certificate from Chengdu Nuoxin Times Technology Co. Ltd. The downloader dropped a launcher called CANONSTAGER, which used legitimate Windows features and API hashing to evade detection. The CANONSTAGER launcher introduced the SOGU.SEC variant of the PlugX backdoor.

A critical server-side request forgery (SSRF) vulnerability in Docker Desktop for Windows and macOS allows attackers to hijack the host system by running malicious containers. The flaw, identified as CVE-2025-9074, has a severity rating of 9.3. It enables unauthorized access to user files on the host system, even with Enhanced Container Isolation (ECI) enabled. The vulnerability was discovered by security researcher Felix Boulet, who demonstrated a proof-of-concept exploit that does not require code execution rights inside the container. The flaw affects Docker Desktop on Windows and macOS but not the Linux version. Docker released a patch in version 4.44.3. The exploit can be triggered by a web request from any container to the Docker Engine API at 192.168.65.7:2375 without authentication. The exploit involves posting a JSON payload to /containers/create to bind the host C:\ drive to a folder in the container and using a startup command to access host files. The exploit can be initiated by posting to /containers/{id}/start to launch the container and start the execution. The vulnerability allows an attacker to proxy requests through the vulnerable application and reach the Docker socket, enabling various HTTP request methods depending on the SSRF flaw. The article further elaborates on the differences in impact between the Windows and macOS versions of Docker Desktop, noting that macOS has additional safeguards that mitigate the risk compared to Windows. The vulnerability allows attackers to control containers, mount the host’s file system, and escalate privileges to those of an administrator. On Windows, an attacker could exploit the flaw to mount the host’s file system and overwrite a system DLL to obtain administrative privileges on the host. The macOS version of the application can be exploited to take full control of other containers, or to backdoor the Docker app by mounting and modifying its configuration. A variant of a recently disclosed campaign abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs. The attack chain involves breaking into misconfigured Docker APIs to execute a new container based on the Alpine Docker image and mount the host file system into it. The threat actors run a Base64-encoded payload to download a shell script downloader from a .onion domain. The shell script alters SSH configurations to set up persistence and installs tools such as masscan, libpcap, libpcap-dev, zstd, and torsocks. The dropper launches Masscan to scan the internet for open Docker API services at port 2375 and propagate the infection. The binary includes checks for ports 23 (Telnet) and 9222 (remote debugging port for Chromium browsers) for potential future exploitation. The malware utilizes a Go library named chromedp to interact with the web browser and siphon cookies and other private data. The malware transmits details to an endpoint named "httpbot/add," indicating potential botnet activity. The attackers also block external access to the exposed Docker API by writing a command in the crontab file to create a cron job that executes every minute. The attackers deploy tools to perform mass scans for other open 2375 ports, which are used for malware propagation through the creation of new containers using the identified exposed APIs. The attackers' scripts scan for two additional open ports, namely 23 (Telnet) and 9222 (remote debugging for Chromium browsers). The attackers use a modified Alpine Linux image that includes a base64-encoded shell command to execute the payload. The container executes the decoded shell command, which installs curl and tor, launches a Tor daemon in the background, and waits for the confirmation of the connection by accessing Amazon's checkip.amazonaws.com service over a SOCKS5 proxy. The docker-init.sh script enables persistent SSH access by appending an attacker-controlled public key to /root/.ssh/authorized_keys on the mounted host filesystem. The docker-init.sh script writes a base64-encoded cron job on the host, which executes every minute and blocks external access to port 2375 using whichever firewall utility is available. The malware downloads a Zstandard-compressed Go binary over Tor, decompresses it to /tmp/system, grants execute permissions, and runs it. The Go binary functions as a dropper, extracting and executing an embedded second-stage binary, and parses the host’s utmp file to identify logged-in users. The binary scans for other exposed Docker APIs, attempts to infect them via the same container creation method, and removes competitor containers after gaining access.

APT36, a Pakistani threat actor also known as Transparent Tribe, is exploiting Linux .desktop files to install malware in attacks targeting government and defense entities in India. The campaign, active since August 1, 2025, aims at data exfiltration and maintaining persistent access. The attacks use phishing emails to deliver ZIP archives containing malicious .desktop files disguised as PDFs. The malware, a Go-based ELF executable, establishes persistence and communicates via a WebSocket channel for command and control. The campaign also targets Windows and BOSS Linux systems, using decoy PDFs and anti-debugging techniques to evade detection.