Developer-Focused Supply Chain Malware via Malicious Open-Source Packages
Security researchers reported multiple software supply chain campaigns targeting developers through malicious packages in public repositories, aiming to steal credentials/secrets and establish persistent access that can later impact production environments. Socket disclosed a campaign dubbed StegaBin involving 26 malicious npm packages published over a two-day window that used a Pastebin “dead-drop” with character-level steganography to conceal C2 details, then resolved additional infrastructure across 31 Vercel deployments to deliver platform-specific shell payloads that install a RAT and a nine-module infostealer targeting VSCode data, SSH keys, git repositories, browser credential stores, clipboard contents, and other local secrets. Socket assessed the tradecraft as consistent with activity previously attributed to North Korea-aligned FAMOUS CHOLLIMA (Lazarus-linked) and noted rapid detection of the packages shortly after publication.
Separately, reporting highlighted four malicious NuGet packages—NCryptYo, DOMOAuth2_, IRAOAuth2.0, and SimpleWriter_—that targeted ASP.NET developers by exfiltrating ASP.NET Identity data (users/roles/permissions) and enabling backdoors; the packages were published in August 2024, accumulated 4,500+ downloads, and were later removed. In that campaign, NCryptYo functioned as a dropper and proxy to an attacker-controlled C2, while DOMOAuth2_ and IRAOAuth2.0 handled data theft and backdoor rule delivery, and SimpleWriter_ enabled file writing and hidden process execution while masquerading as a PDF utility. Other items in the set described unrelated C2 tooling trends (a Polygon blockchain-based botnet loader and the Vshell C2 framework) and do not describe the same package-repository supply chain incidents.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
47 events from the most recent confirmed update back to the earliest known activity.
Socket reports 23 malicious PyPI variants using .abi3.so and Bun loaders
On 2026-06-09, Socket Threat Research reported an ongoing malicious PyPI supply-chain campaign involving 23 newly identified package-version variants linked to infrastructure associated with Mini Shai-Hulud, Miasma, and Hades. The report said the activity had evolved from *.pth startup hooks to trojanized native .abi3.so extensions and a Bun-executed loader variant, broadening techniques used to steal developer and CI/CD secrets.
Socket detects PyPI maintainer-takeover campaign tied to Hades cluster
On 2026-06-07, reporting described a coordinated PyPI supply-chain attack in which multiple legitimate Python packages were compromised through maintainer account takeover and seeded with malware. Researchers linked the activity to the Hades branch of the broader Shai-Hulud/Miasma lineage and said the malicious packages used a *.pth startup hook to launch a Bun-executed JavaScript payload that stole credentials and exfiltrated data via attacker-created GitHub repositories.
Snyk discloses node-gyp supply-chain compromise affecting 57 packages
On 2026-06-04, Snyk reported a large supply-chain attack abusing binding.gyp files to trigger node-gyp during npm install, bypassing defenses focused on preinstall and postinstall scripts. The campaign affected 57 packages and hundreds of malicious versions across npm and RubyGems, using a multi-stage loader to steal developer and CI/CD secrets, persist via GitHub Actions workflow injection, and republish packages from compromised maintainer accounts.
Sonatype links Lazarus brandjacking npm campaign to malicious packages
On 2026-06-03, Sonatype Security Research reported a Lazarus Group npm campaign using dozens of brandjacked packages that mimicked legitimate developer tools through suffix addition, embedding, and version mimicry. Sonatype said package buffer-utilities bundled legitimate buffer code with dropper logic that fetched a persistent Node.js backdoor/downloader, which collected host data, contacted C2, created a hidden .vscode directory, downloaded additional payloads, and supported updates.
OX reports IronWorm self-replicating malware in 36 npm packages
On 2026-06-03, OX Security disclosed the IronWorm npm supply-chain campaign, saying 36 packages were infected with self-replicating malware that used postinstall-triggered binaries instead of traditional obfuscated JavaScript. The malware targeted developers by stealing environment variables, cloud credentials, and cryptocurrency wallet data, and attempted to propagate by abusing stolen credentials to push GitHub commits that published additional malicious packages.
Socket identifies malicious Sicoob.Sdk NuGet package stealing banking credentials
By 2026-05-29, researchers reported that the NuGet package Sicoob.Sdk versions 2.0.0 through 2.0.4 impersonated a C# SDK for Brazil's Sicoob banking ecosystem and exfiltrated client IDs, PFX passwords, certificates, and Boleto API response data to hardcoded Sentry endpoints. Socket said the linked GitHub repository appeared clean while the malicious behavior existed only in the NuGet artifact, and NuGet blocked the package after responsible disclosure.
Sonatype uncovers 176-package npm dependency-confusion campaign
On 2026-05-28, Sonatype disclosed a coordinated campaign involving 176 malicious npm packages that used inflated version numbers such as 99.99.99 to beat internal dependency resolution and compromise developer workstations and build environments. The packages used postinstall scripts to fingerprint hosts, fetch platform-specific payloads for Windows, macOS, and Linux, and exfiltrate environment variables, CI/CD secrets, tokens, and system details.
SafeDep reports npm packages delivering MicrosoftSystem64 RAT
On 2026-05-28, SafeDep published a technical analysis of malicious npm packages delivering the MicrosoftSystem64 remote access trojan, an 81 MB Node.js SEA binary. The malware was described as stealing browser credentials, Telegram sessions, and data from more than 80 cryptocurrency wallet extensions, with exfiltration to Hugging Face.
vpmdhaj publishes 14 malicious npm packages targeting cloud tooling
On 2026-05-28, a threat actor using the alias vpmdhaj published 14 malicious typosquatted npm packages within four hours, impersonating OpenSearch, ElasticSearch, and other cloud- and database-related utilities. Microsoft said the packages used evolving install-time stagers, including a fileless Bun-based loader, to steal AWS metadata and secrets, HashiCorp Vault data, environment variables, and npm publish tokens; the packages and user profiles were later removed from npm.
Researchers identify TrapDoor campaign across PyPI, npm, and Crates.io
Beginning on 2026-05-22 with the PyPI package eth-security-auditor@0.1.0, attackers launched the TrapDoor software supply-chain campaign across PyPI, npm, and Crates.io, affecting 34 packages and more than 380 versions. Researchers said the malware targeted cryptocurrency, DeFi, AI development, and smart-contract environments, using ecosystem-specific execution paths plus hidden Unicode prompt-injection content in .cursorrules and CLAUDE.md files to steal credentials and wallet data.
Socket finds malicious postinstall hook in Packagist packages and 700+ GitHub repos
On 2026-05-22, Socket disclosed a coordinated supply-chain campaign in which upstream GitHub repositories for eight Packagist/Composer packages were modified to include an identical malicious postinstall script. The hook downloaded and executed a Linux binary from an attacker-controlled GitHub Releases URL, and Socket said Packagist removed the reported packages while some repositories had already reverted the malicious commits.
OX Security reports npm malware campaign using Hugging Face for payload hosting
On 2026-05-22, researchers reported an active npm supply-chain attack involving terminal-logger-utils and related packages that used a postinstall dropper to fetch a second-stage Node.js malware payload from Hugging Face. OX Security linked the activity to a North Korean threat actor and said the implant enabled remote access, keylogging, screenshot capture, credential and wallet theft, and exfiltration to private Hugging Face datasets and attacker-controlled endpoints.
Researchers disclose four malicious npm packages stealing keys and wallet data
On 2026-05-18, researchers reported a coordinated npm typosquatting campaign involving four malicious packages that targeted Axios users and stole SSH keys, cloud credentials, cryptocurrency wallets, environment variables, and other sensitive data. The activity included a copycat variant of the leaked Shai-Hulud infostealer and a Go-based 'Phantom Bot' capable of persistence and DDoS attacks, with the packages drawing about 2,678 weekly downloads before being flagged.
ddjidd5640 publishes 22 malicious npm packages targeting Web3 developers and AI agents
Starting on 2026-05-15, the npm and GitHub account ddjidd5640 published 22 malicious npm packages and 31 versions targeting Web3 and DeFi developers. Researchers said the campaign used typosquatted packages and fake MCP security tools to steal wallet secrets, API keys, and other credentials, including from AI coding agents such as Claude Code, Cursor, and Copilot, with env-security-scanner embedding a zero-width-Unicode prompt-injection worm.
Socket reports compromise of 84 @tanstack npm package artifacts
On 2026-05-11, Socket disclosed that 84 npm package artifacts in the @tanstack namespace were compromised with credential-stealing malware targeting developer and CI/CD environments. The report linked the activity to the ongoing Mini Shai-Hulud campaign and said TanStack responded by unpublishing affected versions and shutting down publishing pipelines while investigating.
SafeDep identifies forge-jsx/forge-jsxy npm malware campaign
SafeDep identified an active npm supply-chain campaign involving the malicious packages forge-jsx and later forge-jsxy, which impersonated an Autodesk Forge-related package and deployed a persistent cross-platform RAT and infostealer. The malware stole wallet data, browser credentials, and developer secrets, and the operator relaunched under a new npm account after forge-jsx was taken down.
Socket uncovers BufferZoneCorp RubyGems and Go modules supply-chain campaign
On 2026-05-01, Socket disclosed a software supply-chain campaign tied to the GitHub account BufferZoneCorp that used malicious Ruby gems and Go modules to steal secrets from developers, CI runners, and build environments. The report detailed credential theft, GitHub Actions and GOPROXY tampering, fake Go wrappers, and persistence via an added SSH key; Go Security blocked the identified malicious Go modules, while the Ruby gems and BufferZoneCorp account remained live at publication.
Panther Threat Research flags malicious npm package lint-null
On 2026-04-18, Panther Threat Research identified the npm package lint-null as a verified malicious package that abused its postinstall phase to add an attacker SSH key to authorized_keys, enable inbound SSH access, and steal sensitive files including SSH keys, .env files, and shell history. The package targeted Linux, Windows, and macOS and exfiltrated collected data to attacker-controlled Vercel-hosted infrastructure, with reporting suggesting possible links to the Contagious Interview cluster.
Socket links Contagious Interview to 1,700+ packages across five ecosystems
On April 7, 2026, Socket reported that a broader Contagious Interview software supply-chain cluster had spread across npm, PyPI, Go Modules, crates.io, and Packagist, encompassing more than 1,700 malicious packages. The report detailed shared publisher aliases, staged malware loaders, infrastructure on Vercel/Render and Google Drive, and noted that some packages and accounts were removed after reporting while others remained live.
RustSec reports malicious `logtrace` crate removed from crates.io
On 2026-04-01, RustSec published advisory RUSTSEC-2026-0081 stating that the Rust crate `logtrace` had been removed from crates.io for containing malicious code. The advisory adds a separate crates.io supply-chain incident to the timeline distinct from the later TrapDoor campaign.
Ghost Campaign disclosed using fake npm install logs to hide malware
On 2026-03-24, reporting described a new npm supply-chain campaign dubbed the Ghost Campaign in which malicious packages used fake installation logs to disguise malware execution during package install. The disclosure added a distinct npm threat cluster with different concealment tradecraft from the StegaBin, axios, and PhantomRaven campaigns already in the timeline.
JFrog reports LofyGang npm package using dual payloads via fake undici
On 2026-03-21, JFrog Security Research disclosed a malicious npm package tied to the returning LofyGang campaign that impersonated the popular undici package. The report described a dual-payload attack combining data theft with broader system-compromise capabilities, adding a distinct npm supply-chain development to the timeline.
MiniRAT macOS RAT delivered via malicious npm package disclosed
On 2026-03-20, a report described MiniRAT, a Go-based remote access trojan for macOS delivered through a malicious npm package. The disclosure added technical details on a distinct npm supply-chain malware case targeting macOS developers.
Endor Labs reports three new PhantomRaven npm attack waves
On 2026-03-10, Endor Labs disclosed three new waves of npm supply-chain attacks tracked as PhantomRaven. The report introduced a distinct named campaign not previously captured in the timeline and added a new public research disclosure about ongoing malicious npm activity.
Socket identifies five malicious NuGet packages impersonating Chinese UI libraries
On 2026-03-07, Socket disclosed five malicious NuGet packages published by the account bmrxntfj that impersonated or typosquatted Chinese .NET libraries and delivered a .NET Reactor-protected infostealer. The campaign had used 224 package versions since at least September 2025, amassed about 64,784 downloads, and the packages were still available on NuGet when Socket said it submitted takedown requests.
Researchers link three hidden npm packages to axios attacker follow-on campaign
On 2026-03-02, a secondary npm campaign began less than 18 hours after the malicious axios packages were removed, using the packages redeem-onchain-sdk, nicegui, and period-newline to deliver an infostealer. Researchers later linked the activity to the axios attacker through shared cryptographic artifacts and tradecraft, noting different C2 infrastructure and expanded targeting of developers, including crypto and Polymarket-related users.
Researchers detail updated Contagious Interview npm tradecraft
By March 2, 2026, researchers described the StegaBin activity as a new iteration of the North Korea-linked Contagious Interview campaign. The reporting highlighted the actor's shift to Pastebin steganography and multi-stage Vercel routing, plus a separate newer technique using Google Drive to fetch next-stage JavaScript.
Backdoored axios npm releases tied to hijacked maintainer account
In March 2026, attackers hijacked an axios maintainer account and published backdoored npm package versions carrying a cross-platform RAT. Microsoft and Google later attributed the campaign to a North Korea-linked cluster, while Elastic Security Labs described the operation as highly coordinated and carefully prepared.
Malicious NuGet packages removed after discovery
The four malicious NuGet packages targeting ASP.NET developers were removed from NuGet after being discovered. Before takedown, the campaign accumulated more than 4,500 downloads.
Socket discloses StegaBin campaign and links it to Famous Chollima
On February 27, 2026, Socket publicly reported the StegaBin campaign, detailing 26 malicious npm packages, Pastebin steganography for C2 resolution, Vercel-based routing, and a nine-module infostealer/RAT toolkit. Based on tradecraft and infrastructure overlap, Socket assessed the activity as consistent with the North Korea-aligned actor FAMOUS CHOLLIMA tied to the Lazarus Group.
Researcher Kieran Miyamoto discloses 17 related malicious npm packages
On February 26, 2026, independent researcher Kieran Miyamoto disclosed 17 related malicious npm packages and described the Pastebin decoder technique used in the campaign. The disclosure corroborated broader findings about the npm supply-chain activity.
Socket rapidly detects StegaBin packages after publication
Socket reported detecting the first malicious StegaBin package within two minutes of publication and all 26 packages within six minutes each. This early detection helped surface the campaign's infrastructure, payload delivery chain, and post-exploitation toolkit.
Malicious npm packages published in StegaBin campaign
A supply-chain campaign later dubbed StegaBin published 26 typosquatted malicious npm packages on February 25–26, 2026, targeting developers with install-time malware. The packages used obfuscated loaders, Pastebin-based steganography, and Vercel-hosted infrastructure to deliver cross-platform payloads.
JFrog discloses malicious npm package delivering three-stage macOS RAT
On 2026-02-18, JFrog Security Research reported a malicious npm package that used a three-stage infection chain to deploy a full-featured remote access trojan targeting macOS systems. The disclosure added technical details on a separate npm supply-chain threat distinct from the StegaBin and Ethereum-focused campaigns already in the timeline.
Veracode reports 54 malicious npm packages targeting Ethereum developers
On 2026-02-04, Veracode disclosed 54 malicious npm packages that beaconed to an attacker-controlled command-and-control server in an Ethereum smart-contract development context. The report identified a separate npm supply-chain campaign targeting developers working with blockchain tooling.
Checkmarx discloses PyPI name-confusion campaign abusing colorama and colorizr
On 2025-05-28, Checkmarx Zero reported a malicious PyPI supply-chain campaign using typosquatting and cross-ecosystem name confusion around the legitimate packages colorama and colorizr to target Python users. The malicious packages delivered Windows and Linux payloads for persistence, remote access, data theft, and exfiltration, and Checkmarx said the packages were removed from public repositories while attribution remained unclear.
Socket reports malicious npm and PyPI packages targeting crypto developers
On 2025-04-22, Socket Threat Research reported three malicious open-source packages — npm package react-native-scrollpageviewtest and PyPI packages web3x and herewalletbot — disguised as developer tools to steal mnemonic seed phrases and private keys from cryptocurrency developers. The campaign accumulated nearly 8,000 downloads and used obfuscation plus Google Analytics and Telegram-based exfiltration to evade detection and siphon wallet secrets.
Malicious NuGet packages published to target ASP.NET developers
Four malicious NuGet packages — NCryptYo, DOMOAuth2_, IRAOAuth2.0, and SimpleWriter_ — were published between August 12 and 21, 2024, to compromise ASP.NET web application developers during development. The packages were designed to steal ASP.NET Identity data and establish persistent backdoors that could later provide access to production environments.
RH-ISAC reports typosquatting campaign with hundreds of malicious Python libraries
On 2024-03-29, RH-ISAC disclosed a typosquatting campaign targeting Python developers that involved hundreds of malicious libraries. The report added a distinct large-scale PyPI supply-chain campaign to the timeline, separate from the npm, Go, and NuGet incidents already recorded.
Malicious Go typosquat of shopspring/decimal adds DNS backdoor
On 2023-08-19, version v1.3.3 of the typosquatted Go module github.com/shopsprint/decimal was published with a malicious init() function that polled a DNS TXT record for commands and executed them via os/exec.Command. The trojanized package preserved the legitimate API and behavior, creating a trust-then-poison supply-chain backdoor that could affect developers, CI runners, and production hosts importing the module.
Securelist reports two malicious Python packages on PyPI
On 2022-09-04, Securelist reported two malicious Python packages on PyPI as part of ongoing package-repository abuse, adding a distinct PyPI supply-chain disclosure to the timeline. The report documented malicious package activity targeting Python users and expanded public awareness of software supply-chain threats in PyPI during 2022.
Snyk uncovers targeted npm dependency confusion package gxm-reference-web-auth-server
By 2022-04-30, Snyk analyzed the malicious npm package gxm-reference-web-auth-server and determined it was a targeted dependency confusion attack against an unknown organization, using a post-install wrapper to steal .npmrc credentials, fetch the legitimate private package, and deploy an encrypted second-stage agent with remote command execution capability. Snyk also observed live operator activity from the C2 during a controlled test, indicating the campaign was active.
npm removes malicious gxm-reference-web-auth-server and publishes security placeholder
By 2022-04-28, npm had identified gxm-reference-web-auth-server as malicious, removed it from the registry, and published version 0.0.1-security as a placeholder package. npm said the action was taken to prevent future users from being affected and directed users to advisories for more information.
LofyLife npm campaign uploads packages stealing Discord tokens and card data
Between March and July 2022, attackers uploaded four malicious npm packages — proc-title, lifeculer, pern-valids, and small-sm — in a campaign later dubbed LofyLife. Kaspersky said the packages contained obfuscated Python and JavaScript malware that stole Discord tokens, IP addresses, login and MFA changes, and payment-card details from Discord clients, exfiltrating data to Replit-hosted endpoints.
Malicious typosquatted BoltDB Go module published and cached by Go proxy
In November 2021, attackers published malicious version 1.3.1 of the typosquatted Go module github.com/botdb-go/bolt, impersonating github.com/boltdb/bolt and embedding hidden remote command-and-control functionality. The package was subsequently retained by Go's module caching infrastructure for years, allowing the backdoored version to remain accessible even after repository contents were reverted.
Malicious npm typosquat crossenv published and later publicly flagged
On 2021-07-19, the npm user hacktask published the malicious typosquatted package crossenv, which impersonated cross-env, preserved expected functionality, and used a postinstall script to exfiltrate environment variables to an attacker-controlled server. The package was part of a broader set of more than 30 malicious packages and reportedly remained unnoticed for about two weeks before Oscar Bolmsten publicly flagged it.
StepSecurity reports malicious pgserve npm versions 1.1.11–1.1.13
StepSecurity reported that npm package pgserve was compromised with malicious postinstall scripts in versions 1.1.11 and 1.1.12, and said version 1.1.13 was also found to be malicious. The compromise involved credential harvesting and supply-chain worm behavior, adding a distinct npm package incident to the timeline.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
50 references tracked. Mallory keeps watching after this page renders.
Malicious PyPI Package Wave & Supply Chain Attacks
securityonline.info
Open sourcePyPI Supply Chain Attack: Socket Malware Detection
securityonline.info
Open sourceNode-gyp Supply Chain Compromise | Snyk
snyk.io
Open sourceLazarus Group's Latest: Brandjacking Campaign on npm - Malware News - Malware Analysis, News and Indicators
malware.news
Open sourceMalicious NuGet packages target ASP.NET developers, steal sensitive data | brief | SC Media
scworld.com
Open sourceStegaBin: 26 Malicious npm Packages Use Pastebin Steganograp...
socket.dev
Open sourceThree Stages Deep: A Malicious npm Package Delivering a Full-Featured macOS RAT - JFrog Security Research
research.jfrog.com
Open source54 New NPM Packages Found Beaconing to C2 Server
veracode.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Malicious open-source packages and developer-targeted supply chain attacks
Security researchers reported multiple **software supply chain** threats targeting developers via public package ecosystems. Tenable analyzed a malicious npm package, **`ambar-src`**, that reached roughly **50,000 downloads** in days before removal; it executed during installation via **malicious `preinstall` behavior**, used evasion techniques, and dropped OS-specific payloads for Windows, Linux, and macOS, with typosquatting assessed as the likely lure (mimicking *`ember-source`*). Separate reporting described a campaign using **malicious NuGet packages** (e.g., **NCryptYo**, **DOMOAuth2_**, **IRAOAuth2.0**, **SimpleWriter_**) that impersonated legitimate .NET libraries, executed code on assembly load, and established local proxying/backdoor behavior to facilitate credential theft and persistence in ASP.NET environments. Additional coverage warned of an npm “worm-like” propagation pattern impacting **CI pipelines and AI coding tools**, reinforcing that developer tooling and build systems are high-risk choke points where a single poisoned dependency can spread quickly across environments. While the broader set of articles also included unrelated breach, ransomware, and policy items, the developer-focused supply chain reporting consistently emphasized that **installation-time execution** and **typosquatting/impersonation** enable compromise even when developers never directly call the malicious code, and that traditional detection can lag (e.g., low initial antivirus detection rates for obfuscated .NET payloads).
Mar 21, 2026
Software Supply Chain Threats Targeting Open-Source Ecosystems and Developer Tooling
Open-source software supply chain risk continued to escalate, with reporting citing **454,600+** newly identified malicious packages across major repositories (including **PyPI, npm, Maven Central, NuGet, and Hugging Face**) and tactics ranging from **credential theft** to **multi-stage attacks** and even early **self-replicating** package malware. The activity reportedly concentrated heavily in **npm**, including high-volume “ecosystem flooding” (e.g., single accounts publishing **150,000+** malicious packages in days) and **hijacking of trusted projects**, exploiting developer reliance on superficial trust signals such as package names, READMEs, and download counts. Separately, researchers disclosed **“PackageGate”** vulnerabilities in JavaScript package managers (**npm, pnpm, vlt, and Bun**) that can bypass common post-incident defenses—namely `--ignore-scripts` and lockfile integrity—enabling malicious code execution via compromised dependencies. Koi Security reported six issues; **pnpm, vlt, and Bun** shipped fixes, while **npm** reportedly treated the behavior as expected. In parallel, threat actors abused **GitHub’s fork architecture** to distribute a spoofed *GitHub Desktop* installer promoted via search ads; execution deployed **HijackLoader** and established persistence via a **scheduled task**, underscoring that supply chain threats extend beyond package registries into developer tooling distribution channels.
Mar 21, 2026
Malware campaigns abuse developer ecosystems via malicious npm packages and GitHub repositories
Security researchers reported multiple **software supply chain-style malware distribution** efforts abusing developer-adjacent platforms. JFrog detailed a malicious npm package, `@openclaw-ai/openclawai`, masquerading as an *OpenClaw* CLI installer; once executed, it uses a `postinstall` hook to reinstall globally and drop an obfuscated first-stage (`setup.js`) that deploys a multi-stage payload internally identified as **GhostLoader** (campaign tracked as **GhostClaw**). The malware is designed to persist and exfiltrate a broad set of sensitive data from developer workstations, including credentials (e.g., cloud config artifacts for **AWS/GCP/Azure**), macOS Keychain data, browser sessions, SSH keys, and cryptocurrency wallet/seed material. Separately, Trend Micro reported a large-scale distribution operation for the **BoryptGrab** information stealer via **100+ public GitHub repositories** that pose as legitimate tools and game cheats. The campaign uses SEO manipulation (keyword-stuffed READMEs and lookalike download pages) to drive victims from search results into redirect chains that ultimately deliver ZIP archives containing the stealer; some variants also deploy a PyInstaller backdoor (**TunnesshClient**) that establishes a reverse SSH tunnel for attacker communications. Reported indicators (e.g., Russian-language comments and related infrastructure) suggest a possible Russian nexus, and the observed targeting focuses on harvesting browser data, crypto wallets, system information, and user files.
Apr 2, 2026