Trending Topics

Attackers Abuse Atlassian Jira Cloud to Deliver Trusted-Looking Spam Campaigns

TrendMicro researchers observed threat actors abusing Atlassian Jira Cloud to distribute large-scale spam campaigns by sending emails directly from legitimate atlassian[.]net domains. Since the messages originated from a trusted SaaS platform with valid SPF and DKIM authentication, they bypassed many traditional email security controls and appeared legitimate to both users and email gateways. The campaigns ran from late December 2025 through January 2026 and targeted recipients across multiple language groups, including English, French, German, Italian, Portuguese, and Russian speakers. Rather than sending generic spam, the operators tailored subject lines and targeting lists to specific demographics, including corporate employees, government entities, and highly skilled Russian professionals living abroad. Some subject lines mimicked platform notifications or referenced localized promotions to increase credibility and engagement. This level of targeting suggests that the campaigns were both automated and strategically curated to improve click-through rates while avoiding broad detection. The attack chain relied on rapidly creating trial Atlassian Cloud instances, which were then used to send crafted emails via Jira automation features without requiring recipients to join any projects or interact with the platform. This allowed attackers to distribute messages at scale while keeping their infrastructure largely anonymous and disposable. Messages redirected victims through intermediary email infrastructure and a Keitaro traffic distribution system, ultimately leading to investment scams and online casino pages designed for financial fraud. Because the emails resembled routine Jira notifications, organizations that heavily rely on collaboration tools and high-volume notification workflows were especially susceptible. Organizations should treat SaaS-generated emails as untrusted input, implement behavioral email filtering, and, where possible, restrict automated outbound messaging from collaboration platforms.

Update: Infostealers Shift Focus to Local-First AI Assistants Like ClawdBot and OpenClaw

Security researchers are warning that local-first AI assistants such as ClawdBot and OpenClaw are rapidly becoming high-value targets for commodity infostealer malware. Unlike cloud-hosted AI services, these assistants store persistent “memory” files, configuration data, and authentication tokens directly on the user’s filesystem, often in plaintext JSON or Markdown formats. These files can contain API keys, VPN credentials, collaboration platform tokens, and detailed records of user activity, all of which are accessible to any process running under the user’s account. As a result, a single infostealer infection can expose not only login credentials, but also the operational context of a user’s work, personal projects, and communications. Researchers refer to this as “cognitive context theft,” in which attackers gain insight into what the victim is doing, whom they trust, and which systems they interact with daily. This intelligence can then be weaponized for targeted phishing, business email compromise, or lateral movement into corporate environments. Because these assistants often integrate with email, ticketing systems, and cloud platforms, a single compromised token can provide attackers with access to entire corporate knowledge bases. Recent incident data confirms that infostealers are already adapting to target these AI environments. In one observed case, a Vidar variant exfiltrated OpenClaw configuration files containing gateway authentication tokens, device private keys, and persistent memory files. With this data, attackers could potentially impersonate the victim’s device, bypass security checks, or execute remote commands through the AI agent’s control interface. Beyond simple data theft, researchers warn of a more persistent threat known as “memory poisoning,” where attackers modify AI memory files to influence future assistant behavior. By altering files such as MEMORY[.]md or SOUL[.]md, a threat actor could cause the agent to trust malicious domains, leak sensitive data, or serve as a covert persistence mechanism. This effectively turns the AI assistant into an insider threat operating under the user’s identity. As local AI agents become embedded in enterprise workflows, they are likely to become standard targets for infostealers and ransomware operators. Organizations should treat AI agent storage directories as sensitive credential repositories, enforce endpoint protections, and require encryption or isolation controls for any local AI assistants handling authentication tokens or sensitive context data.

Keenadu Firmware Backdoor Links Multiple Major Android Botnets

Kaspersky has uncovered a new firmware-level Android backdoor called Keenadu that was embedded directly into the system libraries of multiple tablet brands during the build process, indicating a supply-chain compromise. The malware was inserted into the libandroid_runtime[.]so component and injected itself into the Zygote process, allowing it to run inside every application launched on the device. This architecture effectively bypasses Android’s sandboxing model, giving the backdoor unrestricted access to app data, permissions, and system services. Keenadu uses a client-server model inside the operating system, with a privileged AKServer component running in the system_server process and an AKClient injected into each app to execute malicious payloads. The backdoor communicates with an encrypted command-and-control infrastructure, collects device identifiers, and downloads modular plugins tailored to specific apps or functions. These plugins can exfiltrate data, hijack search queries, install apps silently, manipulate advertising traffic, or grant and revoke permissions across the system. Because the malware is embedded in firmware, it persists across factory resets and runs with the highest privileges available on the device. Further analysis revealed that Keenadu is not an isolated threat, but part of a broader ecosystem of interconnected Android botnets, including Triada, BADBOX, and Vo1d. Researchers found shared infrastructure, overlapping payload code, and evidence that some botnets deploy modules from others, suggesting collaboration or code reuse among operators. In several cases, devices were infected through compromised firmware builds, malicious OTA updates, trojanized system apps, or modified applications distributed through unofficial stores, including Google Play. Some payloads targeted popular apps such as Chrome, Facebook, YouTube, and major shopping platforms, enabling credential theft, search hijacking, and ad fraud at scale. Other modules silently installed applications, manipulated advertising attribution, or harvested account credentials from messaging and social media platforms. Organizations should avoid untrusted or low-cost devices from unknown supply chains, enforce mobile device management controls, and monitor for unusual network activity or unauthorized app behavior on managed Android endpoints.

Update: ClickFix Delivers Matanbuchus 3.0 and AstarionRAT in Rapid Hands-on-Keyboard Intrusion

ClickFix social engineering is now fueling the resurgence of Matanbuchus 3.0, a premium Malware-as-a-Service loader that re-emerged in early 2026 after a brief hiatus the previous year. Originally introduced in 2021, Matanbuchus has evolved into a high-end loader rented for up to $15,000 per month, reflecting its use in targeted, high-value intrusions rather than commodity campaigns. Recent activity shows the loader being delivered through ClickFix prompts that trick users into executing silent MSI installers, bypassing traditional email-based defenses. Once executed, the infection chain uses layered obfuscation, DLL sideloading with legitimate security software, and ChaCha20-encrypted shellcode to download additional payloads. In observed campaigns, Matanbuchus ultimately delivered a previously undocumented implant, AstarionRAT, through a complex chain involving reflective loaders, a Lua interpreter, and in-memory execution. AstarionRAT supports credential theft, SOCKS5 proxying, token impersonation, port scanning, file exfiltration, and in-memory payload execution, with RSA-encrypted command-and-control traffic disguised as application telemetry. This combination demonstrates a shift back toward high-end loader-plus-RAT chains designed for stealthy, operator-driven intrusions. The renewed activity shows that Matanbuchus is once again being used as an initial foothold for rapid, hands-on keyboard operations inside enterprise environments. After initial access, operators can quickly perform domain reconnaissance, create rogue administrator accounts, and move laterally using legitimate tools such as PsExec and RDP. Staging directories that mimic Windows Update paths, along with the use of renamed legitimate binaries, allow the activity to blend into normal system operations and evade simple detection controls. The speed of lateral movement, often reaching multiple servers or domain controllers within an hour, mirrors behavior seen in pre-ransomware or large-scale data-theft campaigns. Organizations should prioritize controls that limit user-executed command prompts, monitor for suspicious account creation and PsExec activity, and deploy behavioral detections focused on loader chains and reflective in-memory execution.