Back to articles

Tag archive

#malware

n
Jul 16, 2026

npm Supply Chain Attacks: Miasma RAT & CI/CD Pipeline Exploits

A Unit 42 report details the evolution of npm supply chain attacks since the Shai-Hulud worm in 2025. It describes recent 2026 campaigns by the threat actor TeamPCP and the deployment of a new Miasma RAT variant. A significant attack on July 14, 2026, compromised AsyncAPI's GitHub repositories by exploiting unprotected pre-production branches in its CI/CD pipeline. This allowed attackers to bypass code reviews, steal credentials like NPM_TOKEN, and publish trojanized packages. The Miasma payload uses a multi-stage, obfuscated process, fetches a second stage from IPFS, and establishes persistence on compromised developer systems. The analysis highlights a strategic shift towards more sophisticated, systematic campaigns targeting software development lifecycles.

Jul 16, 20267 min read0 reactions0 comments
'
Jul 16, 2026

'CrashStealer' macOS Malware Steals Keychain and Crypto Wallet Data

A new information-stealing malware for macOS, dubbed 'CrashStealer,' is actively being used in targeted attacks. The malware evades Apple's Gatekeeper by using a notarized installer and impersonates the legitimate 'CrashReporter.app' to trick users into entering their system password. Once obtained, CrashStealer unlocks the macOS Keychain to steal saved passwords, browser credentials, and data from dozens of cryptocurrency wallet applications. The campaign appears highly targeted, with distribution from a PIN-protected website.

Jul 16, 20264 min read0 reactions0 comments