All CosmicBytez Labs articles tagged #Infostealer, across news, security advisories, how-to guides, and projects.
Cybersecurity researchers have uncovered a malicious npm package named codexui-android that targets developers using OpenAI Codex by masquerading as a legitimate remote web UI tool, silently exfiltrating authentication tokens to attacker-controlled servers via postinstall hooks.
Threat actors are exploiting ChatGPT's content-sharing feature to publish fake OpenAI outage pages that trick users into downloading trojanized ChatGPT desktop applications bundled with infostealer malware.
Ukrainian cyberpolice, working with US law enforcement, identified an 18-year-old from Odesa suspected of running an infostealer malware operation that...
Cybersecurity researchers have discovered a fresh Mini Shai-Hulud supply chain attack compromising the @antv npm ecosystem through a hijacked maintainer...
Researchers have uncovered four malicious npm packages embedding infostealer malware and a Phantom Bot DDoS payload — one of which is a direct clone of...
A Flare threat intelligence analysis breaks down the REMUS infostealer — a rapidly evolving credential theft tool built around stolen browser sessions and...
A malicious repository impersonating OpenAI's "Privacy Filter" project climbed to Hugging Face's trending list and delivered information-stealing malware...
Threat actors are capitalising on the Claude Code source code leak by creating fake GitHub repositories that impersonate the leaked source to deliver...
A new report reveals how industrialized credential theft has become the common thread connecting ransomware campaigns, SaaS platform breaches, and...
Researchers have identified DeepLoad, a previously undocumented malware loader that combines ClickFix social engineering with WMI-based persistence to...
Threat actors known as TeamPCP compromised the Telnyx Python package on PyPI, uploading malicious versions that conceal credential-stealing malware inside...
A newly observed ClickFix campaign impersonates Cloudflare's CAPTCHA verification pages to deliver the Python-based Infiniti Stealer to macOS users via a...
The Trivy supply chain attack has expanded dramatically beyond GitHub Actions: malicious Docker Hub images (versions 0.69.4–0.69.6) carry an infostealer,...
The open-source Trivy security scanner was weaponized by threat actor TeamPCP in a supply chain attack that hijacked 75 release tags to deploy an...
A new infostealer named VoidStealer bypasses Chrome's Application-Bound Encryption by attaching a remote debugger to the browser process and using the...
A SmartLoader campaign distributes a trojanized Model Context Protocol (MCP) server disguised as Oura Health's legitimate tool, deploying StealC...
A Russian state-sponsored APT group dubbed ChainReaver-L compromised trusted file-sharing mirrors and 50 long-established GitHub accounts to distribute...
Threat actors are abusing publicly shared Claude AI artifacts and Google Ads to deliver the MacSync infostealer to macOS users through ClickFix social...