While this post comes out on April 1, the threat described has little to do with April Fools’ Day — except for the fact that the CrystalX malicious RAT, discovered by Kaspersky experts, can do more than just gain remote access to a victim’s device, steal cryptocurrency and credentials from browsers and apps, or conduct actual surveillance. It can also flip the victim’s screen, swap mouse buttons, write nonsense directly onto the screen, and even block keyboard input. Furthermore, it’s advertised as malware-as-a-service (MaaS) — meaning it’s subscription-based — on Telegram and through instructional videos on YouTube.
In this post, we explain some basics as to how this new malware was built, what makes it difficult to detect, and what to do so you don’t end up among its victims.
A Swiss army knife for attackers
In March 2026, our experts discovered previously unknown malware circulating on private Telegram channels. Borrowing from classic marketing tactics, the Trojan was offered for purchase via three different subscription tiers. Its capabilities cover a fairly broad spectrum: judge for yourself what it can do to a victim’s computer:
Change desktop wallpaper to an image from a specified link
Rotate the screen by 90, 180, or 270 degrees
Simply shut down the computer
Swap mouse button assignments
Chat with the victim
Block both keyboard input and monitor output
Display any notification text chosen by the attacker
Disable specific components, such as Task Manager, the command prompt, and the Windows taskbar
Yet that’s only the harmless side of the malware — the prank functionality that harks back to the joke viruses of past decades. The real damage from CrystalX comes from its stealing login credentials for Steam, Discord, Telegram, and all Chromium-based browsers. It can also monitor and change the contents of the clipboard; typically, attackers watch for a crypto wallet address to be copied, and then swap it with their own. This is a popular scheme for stealing crypto: while intending to make a legitimate transfer, the victim copies the recipient’s wallet address, but ends up pasting the scammers’ address instead.
But there’s more: a keylogger feature and full device control with remote access to the screen, camera, and microphone — including video and sound recording capabilities.
The malware was first mentioned in January 2026 in a private Telegram chat for RAT developers. At that time, this Windows Trojan was called WebCrystal RAT and, based on technical details, was revealed to be a clone of another RAT known as WebRat. A short time later, the author of WebCrystal rebranded it as CrystalX RAT, and began touting the Trojan on a newly created Telegram channel.
The initial infection vector for this stealer is currently unknown, but according to telemetry the victims at the time of writing are predominantly located in Russia. And since we’re continuing to find new versions of the malware, we deem it a rapidly growing and evolving threat.
Anyone can become a hacker
Developing any complex cyberattack used to come with a steep learning curve. You needed to understand cryptography and network protocols, and know how to write code that could fool antivirus solutions. It was a high bar to clear, but the malware-as-a-service model has been changing the game.
These days, an attacker only needs basic computer literacy to rent a ready-made platform with a user-friendly user interface. The threat is becoming widespread specifically because malware creators aren’t carrying out the attacks themselves anymore — they’re selling shovels during a gold rush. They focus on supporting their customers, improving the user interface, and pouring money into aggressive marketing.
CrystalX malware control panel
Hackers are even setting up YouTube channels where they use the pretext of “for educational and entertainment purposes” to explain how to manage the Trojan from the control panel. Instructional videos that were once buried in the dark web have gone mainstream, putting hacking techniques in front of a broad, general audience.
How CrystalX bypasses security
No matter how technically advanced a hacking app’s code is, it will die as a project without a constant stream of new clients. This makes marketing efforts vital to its survival — even if they significantly increase the risk of the developer ending up behind bars. However, the creators of CrystalX have figured out how to protect their creation.
The control panel allows clients to build their own unique versions of the Trojan with extensive configuration options. For example, they can enable location filtering to target users in specific countries, choose an icon for the executable file, and toggle anti-analysis features. The finished Trojan is compressed using zlib and then encrypted with a ChaCha20 stream cipher using a 256-bit key and a 96-bit nonce. This ensures that every customer receives a unique version of the malware.
CrystalX is also capable of detecting virtual machines and checking if it’s running in a test or debugging environment, which complicates discovery. You can read more about the structure and functionality of this new Trojan in our Securelist story.
The good news for Kaspersky users is that our security solutions both detect and neutralize CrystalX.
How to avoid becoming a victim
Here are a few simple tips to help you avoid infection by CrystalX and other similar malware:
Pay attention if your computer starts acting up. Spontaneous screen rotation, the keyboard or mouse behaving erratically or locking up, and random notifications or chat windows can all be signs of a CrystalX infection. If anything like that happens, kill the internet connection immediately by physically unplugging the Ethernet cable or toggling off the Wi-Fi. Then, use a flash drive to install our security suite to root out the virus.
Make sure you download software only from official websites and trusted marketplaces. Avoid pirated software, license key generators, and free versions of paid applications: these builds are the most common hiding spots for Trojans.
Don’t fall for “tutorial” videos that push questionable tools for “administration”, “optimization”, or “security testing”. If the blogger says you should disable your antivirus to complete installation, that’s a major red flag and a reason to stop watching.
Be careful with files you receive through messaging apps. Password-protected archives containing “important documents” or “cool private builds” are typical containers for malicious software.
Regularly update your operating system and apps. Fresh patches plug security holes that let malware slip onto your system silently and without any interaction from your side.
Use a reliable security suite, such as Kaspersky Premium. It detects and blocks Trojan installation or download attempts.
Read more about remote access Trojans, miners, crypto-stealers, and other digital nasties:
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-04-01 16:07:312026-04-01 16:07:31CrystalX RAT: a Trojan for pranks, remote access, and cryptocurrency theft | Kaspersky official blog
March 2026 brought a wave of cyber attacks that reflected how quickly modern threats can move from subtle early signals to serious business impact. ANY.RUN analysts identified and explored several major threats this month, exposing phishing campaigns, stealthy malware, payment-skimming activity, and resilient botnet infrastructure affecting organizations across industries.
From Microsoft 365 token abuse and registry-hidden RAT delivery to card theft, macOS backdoor activity, and multi-vector DDoS operations, the threat landscape in March showed how much harder early detection has become for security teams.
Key Business Risks That Stood Out in March Attacks
Trusted services and normal-looking workflows were repeatedly used to hide malicious activity, increasing the risk of delayed detection across enterprise email, cloud, payment, and endpoint environments.
Attacks observed in March affected industries including government, finance, healthcare, technology, education, manufacturing, and energy, with risks extending beyond initial access into token abuse, remote access, card theft, and broader malware deployment.
Stealthy, multi-stage delivery methods made early signals weaker and investigations slower, raising the likelihood of escalation before security teams could confirm malicious behavior.
For organizations, the business impact was not limited to infection alone, but included fraud, downtime, deeper compromise, and higher operational costs tied to delayed response.
Reduce the risk of delayed detection
Help your team investigate faster and respond earlier
ANY.RUN analysts observed a sharp rise in EvilTokens, a phishing campaign abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week. Instead of stealing credentials on a fake login page, attackers trick victims into entering a verification code on microsoft[.]com/devicelogin, which causes Microsoft to issue OAuth tokens directly to the attacker.
Execution chain of EvilTokens
This makes EvilTokens especially dangerous for organizations relying on traditional phishing detection. The user signs in through a legitimate Microsoft page, completes MFA, and never submits credentials to the phishing site. As a result, the compromise shifts from password theft to token abuse, giving attackers access to Microsoft 365 resources while blending into normal authentication activity.
Because the workflow runs over encrypted HTTPS and uses legitimate Microsoft infrastructure, key attack signals are often hidden from security teams. That delays validation, extends investigations, and increases the chance of escalation before analysts can confirm what happened.
Fake verification granting access to external client
Inside ANY.RUN Sandbox, automatic SSL decryption revealed the hidden JavaScript and backend communication used to orchestrate the phishing flow. In this case, analysts uncovered high-confidence network indicators such as:
/api/device/start
/api/device/status/*
X-Antibot-Token
When seen in HTTP requests to non-legitimate hosts, these artifacts become strong hunting signals for identifying related phishing infrastructure and improving detection coverage.
To investigate similar activity and validate detection logic, use this TI Lookup query:
Targeted industries and countries displayed in TI Lookup
TI Lookup helps teams quickly assess the broader attack landscape around EvilTokens and related OAuth phishing activity. Recent submissions show notable targeting across Technology, Education, Manufacturing, and Government & Administration, especially in the United States and India, while other regions are also affected.
Get broader visibility into malware and phishing activity
Use TI Lookup to track related infrastructure and IOCs
This gives SOC teams access to related sandbox analyses, IOCs, and behavioral patterns they can use to strengthen detections and hunting. For CISOs, that means earlier visibility into relevant campaigns, better prioritization of response efforts, and a stronger ability to reduce the business impact of Microsoft 365 account takeover.
ANY.RUN analysts identified a macOS-specific ClickFix campaign targeting users of AI tools such as Claude Code, Grok, n8n, NotebookLM, Gemini CLI, OpenClaw, and Cursor. In the observed case, attackers used a redirect from Google Ads to a fake Claude Code documentation page, where a ClickFix flow pushed the victim to run a terminal command that ultimately delivered AMOS Stealer.
Fake Claude Code documentation page used as a lure
Once executed, the infection chain moved beyond credential theft. The malware collected browser data, saved credentials, Keychain contents, and sensitive files, then deployed a backdoor that provided continued access to the infected Mac. This makes the attack more serious than a one-time stealer infection, especially in enterprise environments where macOS systems often hold developer access, internal documentation, and business-critical credentials.
How the attack unfolds:
Google Ads redirect sends the victim to a fake Claude Code documentation page
ClickFix lures the user into running a terminal command
The command downloads and executes an encoded script
The updated ~/.mainhelper module enables an interactive reverse shell over WebSocket with PTY support
AMOS Stealer detected by ANY.RUN
A key finding in this case was the evolution of the backdoor module ~/.mainhelper. Previously described as a more limited implant, the updated variant now supports a fully interactive reverse shell, giving attackers persistent, hands-on access to the infected system in real time.
For defenders, that changes the risk significantly. What starts as a phishing-style ClickFix infection can quickly turn into long-term remote access, data theft, and broader compromise. Multi-stage delivery, obfuscated scripts, and abuse of legitimate macOS components also break visibility into weaker signals, which can slow validation and delay escalation.
macOS ClickFix campaign details discovered by ANY.RUN
ANY.RUN Sandbox helps teams investigate macOS, Windows, Linux, and Android threats with visibility into execution flow, attacker behavior, persistence mechanisms, and dropped artifacts. In cases like this, this cross-platform threat analysis helps analysts confirm malicious activity faster, attribute the intrusion with greater confidence, and strengthen detection logic before the compromise expands further.
Expand your SOC’s cross-platform threat visibility
Reduce breach risk with analysis across 4 major operating systems
ANY.RUN analysts detected RUTSSTAGER, a stealthy malware stager that hides a DLL inside the Windows registry in hexadecimal form, making the payload harder to spot during early triage. In the observed chain, the stager led to the deployment of OrcusRAT, followed by an additional binary that helped maintain persistence, ran PowerShell-based system checks, and relaunched the RAT when needed.
What makes this threat notable is the way it avoids a straightforward on-disk delivery path. By storing the DLL in the registry instead of dropping it as a conventional file, the malware reduces its visibility and gives defenders fewer obvious artifacts to catch at first glance. The follow-on activity then helps stabilize the infection and keep remote access available on the compromised system.
Inside ANY.RUN Sandbox, behavioral analysis exposed how the infection unfolded across stages, while file system and process monitoring helped reveal the relationship between the stager, the deployed RAT, and the persistence component. Process synchronization events were especially useful here, showing that the payload components were not acting independently but as part of a coordinated, multi-stage execution chain.
Catch multi-stage malware before it goes further
Expose hidden execution chains and speed up validation
To explore related activity, review relevant sandbox analyses and assess the broader threat landscape, use the following TI Lookup query: registryName:”^rutsdll32$”
ANY.RUN analysts identified phishing emails carrying HTM/HTML attachments disguised as PDF files. In the observed case, a file named pdf.htm opened a fake login page and sent submitted credentials in JSON format through an HTTP POST request to the Telegram Bot API.
Attack details discovered by ANY.RUN
The attack relies on a simple but effective disguise: the attachment looks like a document but actually launches a phishing page designed to collect login data. Some samples also include obfuscated scripts, which makes the credential theft logic less obvious during manual inspection and slows down triage.
Once a victim enters their credentials, attackers can use them to access business email, internal services, and other corporate systems tied to the compromised account. For security teams, this turns what may look like a routine attachment into a fast-moving account takeover risk.
Less than 1 minute required to reveal the phishing behavior inside ANY.RUN sandbox
Inside ANY.RUN Sandbox, the phishing behavior became visible in under 60 seconds, exposing the outbound communication, loaded scripts, and file contents involved in the theft flow. This helps teams quickly confirm whether an attachment is just suspicious or part of an active credential-harvesting attack, reducing review time and helping analysts act before the stolen access is used.
ANY.RUN analysts observed a phishing campaign targeting organizations in Colombia, particularly in government, finance, oil and gas, and healthcare. The attackers use Spanish-language phishing emails with an attached SVG file that acts as more than an image: it contains embedded JavaScript that rebuilds the next attack stage locally through SVG smuggling.
SVG smuggling campaign details revealed by ANY.RUN
Instead of downloading a payload from an external source right away, the SVG uses a blob URL to generate an intermediate HTML lure inside the browser. That lure imitates a document-related workflow and creates a password-protected ZIP archive for the victim to open, pushing the attack forward while reducing obvious early network signals.
This staged delivery makes the campaign harder to catch during initial triage. SVG smuggling, blob-generated content, and the later use of legitimate Windows components break the compromise into smaller artifacts that may look weak or unrelated on their own, slowing detection and investigation.
Inside ANY.RUN Sandbox, analysts were able to reconstruct the full flow:
SVG smuggling → Blob-based HTML lure → Password-protected ZIP → Notificacion Fiscal.js → radicado.hta → J0Ogv7Hf.ps1 → C2 communication
That visibility helps security teams connect scattered artifacts faster, uncover hidden delivery stages, and confirm malicious activity before the intrusion progresses further.
Catch hidden delivery chains before they lead to compromise
Give your team earlier visibility into multi-stage attacks
ANY.RUN analysts uncovered an active Magecart campaign targeting e-commerce websites, with a notable concentration in Spain. In the observed cases, attackers hijacked checkout flows, replaced legitimate payment steps with fake interfaces, and stole card data through WebSocket-based exfiltration.
WebSocket exfiltration code
What makes this campaign especially dangerous is its durability. The operation remained active for more than 24 months and relied on a large infrastructure of 100+ domains, using staged payload delivery, fallback domains, and payment-page mimicry to stay operational and avoid disruption. In Spain-focused cases, the attackers notably abused Redsys-themed payment context to make the fraudulent flow appear legitimate.
The campaign also stood out for how it blended card theft into trusted payment experiences. Instead of relying on a simple fake form, the malware dynamically adapted the checkout page, injected malicious elements, and transmitted stolen payment data outside normal HTTP flows, making detection harder for defenders and increasing fraud risk for banks and payment ecosystems.
PayPlug SAS payment window imitation displayed inside ANY.RUN sandbox
Inside ANY.RUN Sandbox, analysts exposed the multi-stage delivery logic, malicious script injection, fake payment overlays, and WebSocket-based card data exfiltration. This helps security teams understand how the skimmer operates, identify related infrastructure faster, and strengthen detections against long-running payment theft campaigns.
7. Kamasers: A Multi-Vector DDoS Botnet Targeting Organizations Worldwide
ANY.RUN published a detailed technical analysis of Kamasers, a multi-vector DDoS botnet designed to carry out both application-layer and transport-layer attacks while also supporting follow-on payload delivery. The research shows how the malware operates, how it receives commands, and why it creates risk beyond disruption alone.
Communication between the infected host and the C2 server observed inside ANY.RUN
Inside the sandbox, analysts observed the botnet retrieving command-and-control data, communicating with active infrastructure, executing DDoS-related commands, and in some cases downloading additional files for execution. This helps security teams confirm malicious behavior faster and understand whether an infected host is being used only for flooding activity or as part of a broader compromise.
Kamasers supports multiple attack methods, including HTTP, TLS, UDP, TCP, and GraphQL-based flooding. In addition, it can act as a loader, which increases the risk of further malware delivery, data theft, or ransomware.
Reduce the chance of data theft and financial loss
Help your team contain threats before the damage grows
Another notable finding was the botnet’s resilient Dead Drop Resolver design. Instead of depending on a single static C2 location, Kamasers uses legitimate public services such as GitHub Gist, Telegram, Dropbox, Bitbucket, and Etherscan to retrieve active command-and-control addresses, making disruption and early detection more difficult.
DDR links in the Kamasers codebase
For organizations, that means a single infected system can become both a source of external attacks and a foothold for deeper intrusion, increasing operational, financial, and reputational risk.
To review related sandbox analyses and broader activity, use the following TI Lookup query:
ANY.RUN analysts found MicroStealer, a fast-spreading infostealer that gained traction despite limited public detection. In observed activity, the malware appeared in 40+ sandbox sessions in less than a month, using a multi-stage chain to steal credentials, session data, screenshots, and wallet files.
Inside the sandbox, analysts were able to quickly confirm how the threat unfolds and what data it targets. This kind of visibility helps security teams move from an unclear file to a confident verdict faster, reducing review time and lowering the chance of missed credential theft.
How the attack unfolds:
NSIS installer delivers the initial payload
Electron loader requests elevated privileges and launches the next stage
Java module executes the main stealer logic
Browser credentials, session data, screenshots, and wallet files are collected
Stolen data is sent to attacker-controlled infrastructure
What makes MicroStealer notable is not only what it steals, but how it delays confident detection. The layered NSIS → Electron → Java execution chain, combined with obfuscation and anti-analysis checks, makes the malware harder to understand during early triage.
To review related sandbox analyses and broader activity, use the following; TI Lookup query:
ANY.RUN TI Lookup demonstrates relevant sandbox sessions with MicroStealer
For organizations, this risk goes beyond a single infected endpoint. Stolen browser credentials and active sessions can give attackers access to SaaS apps, internal systems, and cloud services, increasing the chance of account compromise and broader intrusion.
ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, helps security teams detect threats earlier, investigate incidents faster, and build stronger response workflows. With Interactive Sandbox, Threat Intelligence Lookup, and Threat Intelligence Feeds, the company gives SOC and MSSP teams the visibility and context they need to move from alert to confident decision more quickly.
Today, more than 15,000 organizations and 600,000 security professionals worldwide rely on ANY.RUN. The company is SOC 2 Type II certified, reflecting its focus on strong security controls and customer data protection.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-04-01 14:08:282026-04-01 14:08:28Major Cyber Attacks in March 2026: OAuth Phishing, SVG Smuggling, Magecart, and More
Today — March 31 — is World Backup Day. And every year, most people tell themselves, “I’ll get around to that tomorrow”. But even if you’re one of the responsible ones who regularly backs up their docs, photo archives, and the entire operating system — you’re still at risk. Why? Because ransomware has learned how to specifically target everyday users’ backups.
Why home users are in the crosshairs
In the not-so-distant past, ransomware was mostly a big business problem. Attackers focused on corporate servers and enterprise backups because freezing a major company’s production process or stealing all their information and customer databases usually meant a massive payout. We’ve seen plenty of those cases over the last few years. However, the “small-fry” market has become just as tempting for cybercriminals — and here’s why.
For starters, attacks are automated. Modern ransomware doesn’t need a human operating it manually. These programs scan the internet for vulnerable devices and, upon finding one, encrypt everything indiscriminately without the hacker getting involved. This means a single attacker can effortlessly hit thousands of home devices.
Second, because of this broad reach, the ransom demands have become more “affordable”. Regular users aren’t asked for millions, but “only” a few hundred or thousand dollars. Many people are willing to pay that amount without involving the police — especially when family archives, photos, medical records, banking documents, and other personal files are on the line, with no other copies in existence. And when you multiply those smaller payouts by thousands of victims, the hackers walk away with very tidy sums.
And finally, home devices are usually sitting ducks. While corporate networks are guarded really well, the average home router most likely runs on factory settings with “admin” as the password. Many people leave their network attached storage (NAS) wide open to the internet with zero protection. It’s low-hanging fruit.
How personal backups get attacked
A home NAS drive — often called a personal cloud — is essentially a mini-computer running a specialized Linux or FreeBSD-based operating system. It houses one or more large-capacity hard drives, often combined into an array. The storage connects to a home router, making files accessible from any device on the home network — or even remotely over the internet if you’ve configured it that way. Many people buy a NAS specifically to centralize their family’s backups and simplify access for family members, thinking it’s the ultimate safe haven for their digital archives.
The irony is that these very storage hubs have become the primary target for ransomware gangs. Hackers can break in relatively easily either by exploiting known vulnerabilities or simply brute-forcing a weak password. Over the last five years, there were several major ransomware attacks specifically targeting home NAS units made by QNAP, Synology, and ASUSTOR.
Targeting NAS isn’t the only way hackers can get to your files. The second method relies on social engineering: basically tricking victims into launching malware themselves. Take the massive AI hype of 2025, for example. Scammers would set up malicious websites distributing fake installers for ChatGPT, Invideo AI, and other trending tools. They would lure people in with promises of free premium subscriptions, but in reality users ended up downloading and running ransomware.
What ransomware looks for once it’s inside
Once the malware infiltrates your system, it starts surveying its environment and neutralizing anything that could help you recover your data without paying up.
It wipes Windows shadow copies. The Volume Shadow Copy Service is a built-in Windows feature for quick file recovery. Deleting this data makes it impossible to simply roll back to a previous version of a file.
It scans connected drives. If you leave an external hard drive permanently plugged into your computer, the ransomware will spot and encrypt it just like any other files.
It searches for network folders. If your home cloud is mapped as a network drive, the malware will follow that path to attack that too.
It checks cloud sync clients. Services like Dropbox, Google Drive, or iCloud for Windows all keep local sync folders on your computer. The ransomware encrypts the files in these folders, and the cloud service then “helpfully” uploads the encrypted versions to the cloud.
The golden rule of backups
The classic 3-2-1 rule for backups goes like this:
Three copies of your data: the original plus two backups
Two different media types: for example, your computer and an external drive
One copy off-site: in the cloud or elsewhere, like at a relative’s place
However, this rule predates the era of ransomware. Today we need to update it with one vital condition: another copy must be completely isolated from both the internet and your computer at the time of an attack.
The new rule is 3-2-1-1 — a bit more of a mouthful, but much safer. Following it is simple: get an external hard drive that you plug in once a week, back up your data, and then unplug it.
What you actually need to back up
Photos and videos. Wedding photos, a baby’s first steps, family archives — these are the memories people will pay for to get back.
Digital scans or photos of essential documents for every family member — everything from passports to medical records, including old archives.
Two-factor authentication data. If your authenticator app only lives on your phone and you lose it, you may also lose access to all your protected accounts. Many apps let you back up your authentication data.
If you use a password manager, make sure it’s syncing to a secure cloud or has an export function.
Privacy-focused messaging apps don’t always store your history in the cloud. Business correspondence, important agreements, and contacts could vanish if they aren’t backed up.
What to do if your data is already encrypted
Don’t panic. Check out our Free Ransomware Decryptors page. We’ve collected a library of decryption tools that might help you get your data back without paying up.
How to secure your backups
Don’t leave your external backup drive plugged in all the time. Connect it, copy your files, and unplug it immediately.
Set up automated cloud backups, but make sure your cloud provider keeps a version history for at least 30 days. If your current plan doesn’t offer this, it’s time to upgrade or switch providers.
Stick to the 3-2-1-1 rule: original files on your computer, plus an external drive that you only plug in periodically, plus cloud storage. That’s three copies, two media types, one copy offline, and one off-site.
Cut off internet access to your network storage. If you have a home network drive, make sure that it’s inaccessible from the internet without a password — and that the password isn’t “admin”. Disable any remote access features you don’t actually use, and make sure your firmware is up to date.
Actually, keep everything up to date. Most attacks exploit known vulnerabilities that have long been patched. Enabling auto-updates for your router, NAS, and computer only takes a few minutes of setup but effectively slams the door on hundreds of known security holes.
Steer clear of “free” versions of paid software. Fake installers for pirated software or game cheats are some of the primary delivery channels for ransomware. By the way, Kaspersky Premium sniffs out these threats and blocks them before they even launch.
Be sure to enable the System Watcher feature in our Windows security suites. This feature logs every operating system event to help track down threats like ransomware and either block them or roll back any damage they’ve already done.
Back up your authenticator app. The easiest move is to migrate your authentication tokens to Kaspersky Password Manager. It keeps them securely encrypted in the cloud alongside your passwords and sensitive docs, while syncing them across all your devices. That way, if your phone gets swiped or fried, you aren’t locked out of your accounts and vital data.
Test your backups. Every few months, try restoring a random file from your archive. You’d be surprised how often a seemingly successful backup turns out to be corrupted or glitchy. It’s better to catch those glitches now while you still have the originals to fix the problem.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-31 15:06:382026-03-31 15:06:38Why ransomware is now after your data — and how to protect your home storage | Kaspersky official blog
Ransomware attacks aren’t smash-and-grab anymore. They’re built on access that already looks legitimate — closer to positioning chess pieces than breaking the door down.
That’s the big trend that comes through in the ransomware data from the Talos 2025 Year in Review. Once attackers have initial access (and 40% of the time it’s through phishing) they move the way a user or administrator would: logging in, checking systems, and using the same remote access tools that are already installed.
In fact, one of the biggest challenges for defenders today is that ransomware actors are deliberately trying to overlap with everyday activity. RDP, PowerShell, and PsExec are the top three tools that are used by ransomware actors, but in many environments, these tools are part of normal operations.
The difference is how they’re being used. If they’re being used to expand access and move across systems, this should raise a few red flags. I’m not sure it’s possible to emphasise enough how important your asset management comes into play here — having clear asset inventories and network behaviour baselines and conducting continuous anomaly monitoring.
Like the rest of the Talos Year in Review, identity is what ties everything together. Valid accounts show up across nearly every stage of ransomware attacks: initial access, lateral movement, and execution.
Top-targeted sectors
From our ransomware data analysis, manufacturing continues to be the most targeted sector, which reflects how challenging these environments are to monitor closely. There’s a mixture of systems, users, and processes, often with limited tolerance for disruption.
Professional, scientific, and technical services (second on the most targeted sectors list) face similar exposure, especially when access spans multiple systems or organizations.
Most prolific ransomware groups
The ransomware-as-a-service (RaaS) groups have had a bit of a shakeup. After LockBit topped our 2024 report, the group fell to 35th this year following sustained law enforcement pressure. Qilin, a constant pain in the “you-know-what” for our incident responders for over a year now, came in at No. 1.
Qilin uses a double-extortion approach, combining data encryption with threats to release stolen information publicly. According to their data leak site, in 2025, Qilin targeted more than 40 victims every month except January, signaling that this ransomware group will remain a persistent and significant threat in 2026.
Akira and Play (No. 2 and 3 in the chart) had continued success, which can likely be credited to their evolving and adaptable tactics and absorption of affiliates from defunct ransomware groups (i.e., LockBit).
An opportunity for defenders
What’s interesting to note is that for the second year running, January saw lower activity, likely tied to holiday slowdowns and Eastern European public holidays.
It may be wise for security teams to consider testing ransomware defenses in months where activity levels are generally lower, such as January, as there is a reduced chance of interfering with real incidents.
Defender recommendations
Strengthen identity protections. Actors predominately targeted the person who holds the key rather than the lock itself (i.e., the target’s infrastructure). Phishing and social engineering training is highly recommended.
Monitor the use of built-in administrative tools such as RDP, PowerShell, and PsExec for lateral movement. Look for unexpected usage patterns, and abnormal access requests.
Basics, basics, basics! They very much still hold true. Strengthen your backup, EDR, segmentation, logging, and recovery capabilities.
Regularly test ransomware response readiness.
Read the full 2025 Talos Year in Review to dig deeper into ransomware trends, vulnerability exploitation, phishing and MFA bypass, state-sponsored activity, and how AI is shaping the threat landscape.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-31 11:06:422026-03-31 11:06:42Ransomware in 2025: Blending in is the strategy
March was a packed month for ANY.RUN. We rolled out major product improvements that help security teams investigate phishing inside encrypted traffic, expand cross-platform analysis with macOS, and bring Windows Server into the sandbox workflow.
At the same time, our detection team continued to strengthen threat coverage with new behavior signatures, Suricata rules, and fresh threat intelligence reports focused on active malware and attack techniques.
Here’s a closer look at what’s new.
Product Updates
This month’s updates are all about helping security teams see more and investigate with less friction. We improved phishing detection inside encrypted traffic, expanded sandbox coverage to macOS, and added Windows Server analysis so teams can work across more of the environments they protect every day.
Automatic SSL Decryption for Stronger Phishing Detection
Encrypted HTTPS traffic remains one of the main reasons phishing is harder to confirm quickly. It hides credential theft, redirect chains, and token-based attacks inside traffic that often appears legitimate, forcing teams to spend more time on validation and increasing the chance of missed compromise.
In March, ANY.RUN introduced automatic SSL decryption in the Interactive Sandbox across all subscription tiers. By extracting encryption keys directly from process memory, the sandbox can now inspect decrypted traffic during analysis and apply Suricata rules, detection signatures, and IOC extraction immediately.
Automatic SSL decryption provides a major phishing detection boost in the sandbox
This significantly expands phishing visibility across every sandbox session. After implementing the technology, ANY.RUN saw a 5x increase in SSL-decrypted phishing detection and added 60,000 more confirmed malicious URLs to TI Lookup each month.
For your SOC, this means:
Higher detection rate: Analysts can now identify phishing activity that would otherwise stay hidden inside encrypted traffic.
Faster MTTD and MTTR: Teams confirm malicious behavior earlier and respond before phishing causes broader damage.
Reduced Tier 1-to-Tier 2 escalation volume: Tier 1 can close more cases independently and escalate only the incidents that truly need deeper investigation.
Expanding Your SOC’s Cross-Platform Analysis with macOS
As enterprise environments grow more complex, SOC teams are expected to investigate threats across multiple operating systems without slowing down triage. But when analysis is split across separate tools and environments, investigations take longer, alert backlogs grow, and the risk of delayed or missed detection increases.
To help solve this, ANY.RUN expanded its sandbox OS coverage with macOS virtual machine, now available in beta for Enterprise Suite users. This gives teams one environment to investigate threats across Windows, Linux, Android, and now macOS.
Bringing interactive macOS analysis into the workflow is especially important for threats that stay dormant until a user enters a password, approves a system dialog, or triggers another action. By allowing real user interaction during detonation, the sandbox can expose behaviors that automated analysis often misses, including fake authentication prompts, staged execution chains, file collection, and post-authentication data exfiltration.
Expand your SOC’s
cross-platform threat visibility Reduce breach risk with analysis across 4 major OS
This operational improvement leads to measurable outcomes:
Faster validation of suspicious files and URLs: Teams can confirm malicious behavior in minutes through behavior-based analysis during triage.
Shorter investigation cycles: Analysts can observe full execution behavior in one environment without manually piecing evidence together across multiple tools.
Improved cross-platform detection coverage: Security teams can investigate platform-specific threats across macOS, Windows, Linux, and Android in a consistent workflow.
Higher productivity during triage: Less context switching helps analysts process more alerts per shift.
Reduced alert backlog during peak activity: Faster decisions help SOC teams keep queues under control during phishing waves and malware outbreaks.
Advancing Server-Side Threat Analysis with Windows Server
For many enterprise teams, critical infrastructure runs on Windows Server, from domain services and file storage to business applications and backups. But malware that targets server environments often behaves differently from threats launched on standard Windows systems, making it harder to assess risk accurately in a desktop-focused setup.
To close that gap, ANY.RUN Sandboxnow supports analysis in a Windows Server environment. This gives security teams a way to observe attack behavior in a server OS and investigate techniques tied to infrastructure, including changes to domain accounts, security policies, and the use of administrative tools.
Threats analyzed inside a Windows Server environment
This addition helps teams strengthen infrastructure-focused triage and response:
Better visibility into server-specific techniques: Teams can analyze behavior tied to domains, policies, and administrative utilities in a more relevant environment.
Stronger investigation confidence for infrastructure threats: Analysts can validate whether a sample affects server-side services or critical business systems before escalating.
More effective detection and response preparation: Security teams can collect artifacts, refine detections, and improve incident playbooks for Windows Server scenarios.
Cut business risk with earlier malware & phishing detection Equip your SOC with deeper threat analysis
In March, our detection team continued to expand coverage across phishing, credential theft, backdoors, miners, stealers, loaders, and evasive system abuse.
This month’s updates include:
91 new behavior signatures
1,293 new Suricata rules
These additions give security teams better visibility into modern attack chains, from OAuth phishing and Telegram-based credential theft to backdoor communication, loader behavior, and suspicious use of built-in system tools.
New Behavior Signatures
In March, we added 91 new behavior signatures to strengthen detection across malware families, Android threats, stealers, loaders, RATs, ransomware, and suspicious system-level activity.
These updates improve visibility into behaviors often seen in real attacks, including persistence, self-deletion, loader activity, shell delivery, registry tampering, PowerShell abuse, and virtual machine checks used to evade analysis.
Together, these additions give security teams broader behavioral coverage across both established malware families and attacker techniques that commonly appear in multi-stage intrusions.
Threats evolve fast across campaigns and infrastructure Now your SOC can track them with TI Lookup
In March, we added 1,293 new Suricata rules to strengthen detection of credential theft, phishing activity, and malicious command-and-control traffic.
Key highlights include:
Credential theft via Telegram API (sid: 84001778): Tracks adversary attempts to exfiltrate victim’s email & password via Telegram Bot API
MS OAuth Device Code phish / EvilTokens activity (sid: 84001845): Identifies usage of emerged attack technique that exploits legitimate OAuth 2.0 device authorization flows to gain control over victims’ Microsoft 365 accounts
DinDoor backdoor HTTP activity (sid: 85006556): Detects Iran-linked MuddyWater (TA450) actor’s new backdoor attempts to establish C2 communication via HTTP
Threat Intelligence Reports
In March, our team published new threat reports covering emerging malware, banking trojans, ransomware, backdoors, and stealthy delivery techniques.
Threat Intelligence reports available in ANY.RUN
VIDAR, VENON, and SLOPOLY: This report covers a polymorphic stealer, a Rust-based banking RAT, and a PowerShell backdoor tied to the Hive0163 ecosystem, with a focus on their behavior, artifacts, and detection opportunities.
Steaelite, BlackReaper, and Jigsaw: This brief looks at three threats combining credential theft, remote access, persistence, and ransomware behavior, including Telegram-based control and file encryption activity.
Used by more than 15,000 organizations and over 600,000 security professionals worldwide, including 74% of Fortune 100 companies, ANY.RUN is focused on helping teams improve detection and response while meeting the data protection, compliance, and workflow demands of real-world security operation
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-31 11:06:412026-03-31 11:06:41Release Notes: Cross-Platform Threat Analysis with macOS, SSL Decryption, and 1,300+ New Detections
Many AI visionaries see the universal smart assistant — one that takes over all sorts of routine tasks — as the key direction for the technology’s evolution. Experiments in this field are already in high gear and are yielding some results. Since the start of the year, the internet has been buzzing with stories of the miracles worked by the open-source AI agent OpenClaw, also known as Clawdbot and Moltbot.
If you’ve been following our blog, you already know the drill: every leap forward in AI innovation right now seems to come with serious issues regarding security and privacy. To actually get things done, these agents require access to virtually all of your digital services: email, calendars, cloud storage, messaging apps, and many more.
However, until recently, not a single project — OpenClaw included — could actually put a leash on these agents, or provide any real guarantee that they wouldn’t go off the rails. But that’s finally starting to change thanks to a new concept name IronCurtain — the brainchild of researcher Niels Provos.
The dangers of AI agents
Let’s keep the suspense going for a little longer, and first discuss what an AI agent gone rogue is actually capable of. It’s important to remember that at the most basic level, any modern AI tool is built on a language model — essentially a text-processing algorithm fed a massive volume of data in its training phase. The result is a statistical model capable of determining the probability of which word will most likely follow another.
A language model is a black box. In practice, this means nobody — not even its creators — fully understands exactly how an AI tool works under the hood. An obvious consequence is that AI developers themselves don’t entirely know how to control or restrict these systems at the model level; instead, they have to invent external guardrails of varying degrees of effectiveness and reliability.
Meanwhile, the methods used to bypass these safeguards often prove to be quite unexpected. For example, we recently shared how chatbots can be coaxed into forgetting almost all their safety instructions if you charm them with prompts written in verse.
But back to the threats posed by AI agents. The inability to fully control or predict the actions of smart assistants often leads to outcomes that no one could have expected. A prime example is the high-profile case where OpenClaw nuked every single email in its owner’s Gmail inbox — despite being explicitly told to wait for confirmation before doing anything — only to apologize afterwards and promise it wouldn’t happen again.
This chat between the OpenClaw bot and its owner resembles a conversation with a teenager who’s just messed up: “What did I tell you?!” – “Geez, Mom, I’m sorry, I won’t do it again — I promise.” Source
In another instance, a journalist testing an AI agent’s capabilities found that the system had pivoted to a highly questionable plan of action while executing a task. Instead of attempting a constructive solution, the agent decided to launch a phishing attack on the user. Seeing the system’s logic unfolding on the screen, the journalist immediately pulled the plug on the experiment.
Beyond spontaneous bad behavior, AI remains vulnerable to prompt injection attacks. In this type of attack, a threat actor smuggles their own malicious instructions into a command or the data being processed (direct prompt injection), or, in more sophisticated cases, even into third-party content used by the agent to do its job (indirect prompt injection). The large language model perceives these instructions as part of the user’s request; as a result, the AI may ignore its original constraints and help the attacker.
Additional danger stems from vulnerabilities within AI agents that could potentially allow attackers to access user data the agent is authorized to see — including passwords, encryption keys, and other secrets — or even grant the ability to execute arbitrary code on the host system.
Of course, this list of threats is by no means exhaustive. As we’ve said time and again, no one knows the full extent of the risks associated with AI. However, researcher Niels Provos recently proposed an approach to help put a leash on AI agents to make them more controllable and mitigate the potential threats.
How Iron Curtain makes AI agents safe to use
IronCurtain, Niels Provos’s new open-source solution, uses an added security buffer between the AI agent and the user’s system.
Instead of giving the AI agent free rein on your system, it forces the agent to work from inside an isolated virtual machine that sits between the bot and your actual accounts. This isolation allows the agent’s actions to be separated from the user’s own, reducing risks if the agent decides to go rogue.
Why did Provos use the name “IronCurtain”? Many will presume it’s a reference to the notional barrier that divided Western Europe and the Warsaw Pact countries of Eastern Europe in the second half of the 20th century. However, the author himself states there is no such connection.
The project’s name doesn’t refer to a political metaphor at all, but rather… to a theatrical term. In a theater, an iron curtain is a fireproof partition between the stage and the auditorium. If a fire breaks out on stage, the curtain drops to prevent the flames from spreading. By this analogy, the AI agent is “on stage”, while the user’s system with all its files and data is in the “auditorium”. IronCurtain acts as that protective barrier between them.
However, isolation is only part of the solution. At the heart of the system is a security policy that determines which actions the agent is permitted to perform. The design of IronCurtain allows the user to write their own security instructions — defining what the agent can and can’t do — in plain English (no word of support for other languages yet).
The system then uses AI to transform these instructions into a formalized security policy applied to the agent’s actions across the board. Every request it makes to external services — whether email, messaging, or file management — is run through this policy to make sure the agent isn’t overstepping its bounds.
The security policy set during the initial configuration can — and should — evolve over time. According to Provos’s vision, when encountering ambiguous situations, the AI should reach out to the user with follow-up questions and update the instructions from their responses.
IronCurtain is available to anyone on GitHub, but making it work on your computer takes some serious engineering skills. Remember too that, for now, this is merely an R&D prototype.
Can IronCurtain be a proper fix?
Niels Provos’s solution sure does look interesting, and aligns with some experts’ views on an ideal approach to AI safety. However, it’s too early to consider IronCurtain a definitive solution to the problem.
Its biggest obvious flaw is that it’s a resource hog. Using an isolated environment for every AI agent requires serious computing power, and complicates infrastructure — especially when multiple agents are running simultaneously.
Furthermore, as mentioned, IronCurtain is still very much in the prototype phase: practical effectiveness hasn’t been proven yet. In particular, there’s a significant question mark over how accurately natural language instructions can be converted into formalized security policies.
It’s also a coin toss as to whether this architecture can truly stop prompt injection. Sadly, the root of the problem is the fundamental inability of modern LLMs to distinguish between data and instructions.
Despite all its limitations, IronCurtain represents a major step toward safer and tamer AI agents. At a minimum, this approach provides a vital blueprint for future development, allowing for a substantive debate on how to make such systems reliable and effective.
How to use AI assistants safely
While architectures like IronCurtain remain experimental in nature, the responsibility for using AI safely rests primarily with users themselves. So, to wrap things up, let’s break down a few simple rules to help mitigate risks when working with AI assistants.
Evaluate the risks properly before experimenting with the next big thing. Think about what could go wrong and the possible fallout. The internet is already full of real-life examples from users, so you can learn from that collective experience.
Avoid giving AI agents excessive access privileges. If an assistant only needs access to a calendar or a specific folder, don’t connect your entire email, cloud storage, and work accounts to it.
Verify AI actions before they’re executed. Even if your agent offers to automate a task, it’s better to manually confirm important operations like sending emails, deleting data, or making payments. Yes, the agent might still misbehave, but you should at least try to rein it in.
Install a reliable security solution on all the devices you use, just in case a mischievous AI agent brings back some nasty malware as a souvenir from its uncontrolled wanderings across the web.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-30 15:06:472026-03-30 15:06:47An iron curtain for AI: how to improve autonomous AI agent security | Kaspersky official blog
We’ve just returned from RSAC 2026 in San Francisco, one of the most important cybersecurity events of the year.
As always, the conference brought together security leaders, vendors, and practitioners from around the world. For the ANY.RUN team, it was a packed few days of meetings with customers and partners, insightful presentations, and strong industry recognition.
ANY.RUN at RSAC 2026
This year, ANY.RUN was represented at RSAC by our CCO, Alex, who attended the conference to meet with partners and customers, discuss ongoing collaborations, and exchange insights on evolving threat detection challenges.
ANY.RUN’s CCO, Alex, at RSAC 2026
Beyond scheduled meetings, RSAC also provided an opportunity for deeper conversations in a more informal setting, including a partner dinner where key topics around SOC workflows, threat intelligence, and detection strategies were discussed.
These interactions are an important part of how we continue to align ANY.RUN’s solutions with real-world needs across security teams and MSSPs.
Industry Recognition at Global InfoSec Awards 2026
During RSAC 2026, ANY.RUN was honored at the Global InfoSec Awards 2026, organized by Cyber Defense Magazine.
We were honored to receive Global InfoSec awards during RSAC 2026
The recognition reflects what our solutions deliver in practice: higher detection rates, lower MTTR, and faster decision-making through interactive analysis and real threat context. It highlights unified workflows that keep investigations within a single process from monitoring to response, along with the ability to scale across both enterprise SOCs and MSSPs.
About ANY.RUN
ANY.RUN provides interactive malware analysis and actionable threat intelligence designed for modern security teams.
Our solutions combine an Interactive Sandbox, Threat Intelligence Lookup, and Threat Intelligence Feeds to help SOC and MSSP teams analyze threats faster, investigate incidents with deeper context, and detect emerging attacks earlier.
Trusted by more than 15,000 organizations and over 600,000 security professionals worldwide, including 74% of Fortune 100 companies, ANY.RUN maintains a strong focus on data protection and compliance, while continuously evolving its solutions to address real-world threat detection and investigation challenges for SOCs and MSSPs.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-30 11:11:062026-03-30 11:11:06ANY.RUN at RSAC™ 2026: Highlights & Industry Recognition
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-28 04:06:382026-03-28 04:06:38A cunning predator: How Silver Fox preys on Japanese firms this tax season
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-28 04:06:372026-03-28 04:06:37RSAC 2026 wrap-up – Week in security with Tony Anscombe
Supply-chain attacks have been one of the most dangerous categories of cybersecurity incidents for years now. And if 2025 taught us anything, it’s that cybercriminals are doubling down on them. In this deep dive, we’re looking at supply-chain attacks from 2025 that, while not always the costliest, were certainly the most unusual and caught the industry’s attention.
January 2025: a RAT found in the DogWifTools GitHub repository
As a “warm-up” after the holiday break, cybercriminals systematically backdoored several versions of DogWifTools. This is a utility designed for launching and vigorously promoting Solana-based meme coins on Pump.fun. After compromising the private GitHub repository for DogWifTools, the attackers waited for the developers to upload a fresh build, injected a RAT into it, and then swapped the legitimate program with their malicious version just a few hours later. According to the developers, the threat actors successfully trojanized versions 1.6.3 through 1.6.6 of DogWifTools for Windows.
The endgame was triggered in late January. After using the RAT to harvest a massive amount of data from infected devices, the attackers drained their victims’ crypto wallets. While victims estimate the total haul at over US$10 million in cryptocurrency, the attackers themselves disputed that figure — though they stopped short of revealing exactly how much they’d actually made off with.
February 2025: the US$1.5 billion Bybit heist
If January was a warm-up, February was a total meltdown. The Bybit crypto exchange hack completely eclipsed previous incidents — becoming the largest crypto heist in history. The attackers managed to compromise the Safe{Wallet} software, the multisig cold storage solution the exchange relied on to manage its assets.
Bybit employees thought they were signing a routine transaction; in reality they were authorizing a malicious smart contract. Once executed, it drained a primary cold wallet, dispersing the funds across several hundred attacker-controlled addresses. The final haul exceeded 400 000 ETH/stETH, with a staggering total value of approximately… US$1.5 billion!
March 2025: Coinbase targeted in a GitHub Actions cascading compromise
Spring 2025 kicked off with a sophisticated attack that used a compromise of multiple GitHub Actions — the workflow patterns used to automate standard DevOps tasks — as its primary delivery mechanism. It all started with the theft of a personal access token belonging to a maintainer of the SpotBugs analysis tool. Using this foothold, the attackers published a malicious process and managed to hijack a token from a maintainer of the reviewdog/action-setup workflow, who was also involved in the project.
From there, they compromised a dependency, the tj-actions/changed-files workflow, modifying it to execute a malicious Python script. This script was designed to hunt for high-value secrets, such as AWS, Azure and Google Cloud keys, GitHub and NPM tokens, database credentials, and RSA private keys. Oddly, the script wrote everything it found directly to publicly accessible build logs. This meant the leaked data wasn’t just available to the attackers, but to anyone savvy enough to look.
The original goal of this operation was a repository belonging to the Coinbase crypto exchange. Fortunately, the developers caught the threat in time and prevented the compromise. After apparently realizing they were about to lose control of the tj-actions/changed-files pipeline, the attackers pivoted to a spray-and-pray approach. This put 23 000 repositories at risk of a secrets leak. In the end, several hundred of those repositories actually saw their sensitive credentials exposed to the public.
April 2025: a backdoor in 21 Magento extensions
In April, an infection was discovered across a whole range of extensions for Magento, one of the most popular platforms for building online stores. The backdoor was embedded into 21 modules developed by three vendors: Tigren, Meetanshi, and MGS. These extensions were part of the infrastructure for several hundred e-commerce companies, including at least one multinational corporation.
According to the researchers who discovered it, the backdoor was actually planted way back in 2019. In April 2025, the attackers finally triggered it to compromise websites and upload web shells. This was accomplished through a function embedded in the extensions that executed arbitrary code pulled from a license file.
Ironically, the infected modules included MGS GDPR and Meetanshi CookieNotice. As the names suggest, these extensions were designed to help sites comply with user privacy and data processing regulations. In the end, instead of ensuring privacy, their use most probably led to the theft of user data and financial assets through web skimming.
May 2025: ransomware distributed through a compromised MSP
In May, ransomware actors from the DragonForce gang gained access to the infrastructure of an unnamed managed service provider (MSP) and used it to distribute their ransomware and steal data from the MSP’s client organizations.
It appears the attackers exploited several vulnerabilities (including one critical flaw) in SimpleHelp, the remote monitoring and management tool used by the MSP. These vulnerabilities were discovered back in 2024 and were publicly disclosed and patched in January 2025. Unfortunately, the MSP evidently decided not to rush the update process — a delay the ransomware gang was more than happy to exploit.
June 2025: a backdoor in over a dozen popular npm packages
At the start of the summer, attackers hacked the account of one of the Gluestack library maintainers and used a stolen access token to inject backdoors into 17 npm packages. The most popular of these packages, @react-native-aria/interactions, boasted 125 000 weekly downloads, while all the compromised packages combined totaled over a million.
What’s particularly interesting in this case are the steps the Gluestack developers took following the incident: first, they restricted GitHub repository access for secondary contributors; second, they enabled two-factor authentication (2FA) for publishing new versions; and third, they promised to implement secure development practices like pull-request-based workflow, systematic code reviews, audit logging, and so on. In other words, prior to the incident a project with hundreds of thousands of weekly downloads had no such measures in place.
July 2025: popular npm packages infected through a phishing attack
In July, npm packages were once again the stars of the show — including the widely used, succinctly named “is” package, which boasts 2.7 million weekly downloads. This JavaScript utility library provides a broad range of type-checking and value validation functions. To pull off a phishing strike against one of the project owners, attackers successfully utilized the oldest trick in the book: typosquatting (using the domain npnjs.com instead of npmjs.com) and a clone of the official npm website.
They then used the compromised account to publish several of their own versions of the package with an embedded backdoor. The infection flew under the radar for six hours: plenty of time for a large number of developers to download the malicious npm packages.
The same phishing tactic was deployed against other developers as well. The attackers leveraged several compromised developer accounts to distribute different variants of their malicious payload. There’s also a strong suspicion that they may have saved some of their haul for future attacks.
August 2025: the s1ngularity attack and a leak of hundreds of developers’ secrets
In late August, an incident dubbed “s1ngularity” continued the trend of targeting JavaScript developers. Attackers compromised Nx, a popular build system and CI/CD pipeline optimization tool. Malicious code injected into the packages searched through infected developer systems for a vast range of sensitive data, such as crypto wallet keys, npm and GitHub tokens, SSH keys, API keys, and more.
Interestingly, the attackers used locally installed AI tools, such as Claude Code, Gemini CLI, and Amazon Q, to sniff out secrets on the victims’ machines. Everything they found was then posted to public GitHub repositories created in the victims’ names, using titles “s1ngularity-repository”, “s1ngularity-repository-0”, and “s1ngularity-repository-1”. As you might have guessed, that’s where the name of the attack comes from.
Consequently, the private data of hundreds of developers ended up sitting in plain sight, where it could be accessed not just by the attackers, but by absolutely anyone with an internet connection.
September 2025: a crypto stealer hits npm packages that have 2.6 billion weekly downloads
The trend of npm package compromises rolled right into September. Following a fresh phishing campaign targeting JavaScript developers, attackers managed to inject malicious code into a few dozen high-profile projects. Some of these, specifically “chalk” and “debug”, boast hundreds of millions of weekly downloads; collectively, the infected packages were racking up over 2.6 billion downloads per week at the time of the breach — and they’ve only grown more popular since.
The payload was a crypto stealer: malware designed to intercept cryptocurrency transactions and reroute them to the attackers’ wallets. Fortunately, despite successfully poisoning some of the world’s most popular projects, the attackers somehow managed to botch the final stage of their operation. In the end, they walked away with a measly US$925.
Just a week later, another major incident struck: the first wave of the self-propagating Shai-Hulud malware, which infected around 150 npm packages, including projects from CrowdStrike. However, the second wave, which hit several months later, proved to be far more destructive. We’ll take a closer look at the Great Worm a bit further down.
October 2025: GlassWorm infects the Visual Studio Code ecosystem
Roughly a month after the Shai-Hulud attack, similar self-propagating malware dubbed GlassWorm began infecting Visual Studio Code extensions across both the Open VSX Registry and the Microsoft Extension Marketplace. The attackers were hunting for GitHub, Git, npm, and Open VSX accounts, as well as crypto wallet keys.
The creators of GlassWorm took a highly creative approach to their command-and-control infrastructure: they used a crypto wallet on the Solana blockchain as their primary C2, with Google Calendar serving as a backup communication channel.
Beyond simply draining victims’ crypto wallets and hijacking their accounts to spread the worm further, the attackers also dropped a RAT named Zombi onto infected devices, granting them total control over the compromised systems.
November 2025: the IndonesianFoods campaign and 150 000 spam packages on npm
In November, a new nuisance emerged within the npm registry. A coordinated malicious campaign dubbed IndonesianFoods saw attackers flood the registry with tens of thousands of useless packages.
The primary goal here was gaming the system to inflate metrics and farm tokens on tea.xyz, a blockchain platform designed to reward open-source developers. To pull this off, the attackers built a massive web of interdependent projects with the names referencing Indonesian cuisine, such as zul-tapai9-kyuki or andi-rendang23-breki.
The creators of this campaign didn’t bother hijacking accounts. Strictly speaking, the spam packages didn’t even contain a malicious payload — unless you count a script designed to automatically generate new packages every seven seconds. Nevertheless, the incident served as a stark reminder of how vulnerable the npm infrastructure is to large-scale spam campaigns.
December 2025: Shai-Hulud 2.0 and the leak of 400 000 developer secrets
The absolute headliner of the year — not just for supply-chain attacks, but likely for the entire cybersecurity field — was the self-propagating malware Shai-Hulud (also known as Sha1-Hulud) targeting developers.
This malware was the logical evolution of the s1ngularity attack we mentioned earlier: it also scours systems for all kinds of secrets and publishes them in open GitHub repositories. However, Shai-Hulud added a self-propagation mechanism to this baseline: the worm infects projects controlled by already-compromised developers by using their stolen credentials.
The first wave of Shai-Hulud hit in September, infecting several hundred npm packages. But toward the end of the year, a second wave arrived, dubbed Shai-Hulud 2.0.
This time, the worm was upgraded with wiper functionality. If the malware failed to find valid npm or GitHub tokens on an infected system, it triggered a destructive payload that erased user files.
Approximately 400 000 secrets were leaked in total as a result of the attack. It’s worth noting that, just like with s1ngularity, all this sensitive data ended up in public repositories where it could be downloaded not only by the attackers but by anyone else. And it’s highly likely that the fallout from this attack will be felt for a long time to come.
One of the first, confirmed cases of an exploit using secrets leaked by Shai-Hulud was a cryptocurrency theft targeting several thousand Trust Wallet users. Attackers used these secrets on Christmas Eve to upload a malicious version of the Trust Wallet extension, complete with a built-in crypto drainer, to the Chrome Web Store. In the end, they managed to make off with US$8.5 million in cryptocurrency.
How to protect against supply-chain attacks
While putting together a similar retrospective for 2024, we found sticking to a “one month, one threat” structure fairly easy. For 2025, however, it was a much taller order. There were so many massive supply-chain attacks last year that we simply couldn’t fit them all into this one overview.
The year 2026 is shaping up to be just as intense, so we recommend checking out our dedicated post on preventing supply-chain attacks. In the meantime, here are the essential takeaways:
Thoroughly evaluate your vendors and carefully audit the code you integrate into your own projects.
Implement strict security requirements directly into your service contracts.
Develop a comprehensive incident response plan.
Monitor your corporate infrastructure for suspicious activity using an XDR solution.
If you want to learn more about supply-chain attacks, have a read of our analytical report Supply chain reaction: securing the global digital ecosystem in an age of interdependence. It’s based on insights from technical experts, and reveals how often organizations face supply-chain and trusted-relationship risks, where protection gaps remain, and what strategies to employ to improve resilience against these kinds of threats.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-27 15:06:362026-03-27 15:06:36Most notable supply-chain attacks of 2025 | Kaspersky official blog
2026 in San Francisco, one of the most important cybersecurity events of the year. 
