Social-Engineering — CraftedSignal Threat Feed

Malware Distribution via Hugging Face and ClawHub

hello@craftedsignal.io — Fri, 01 May 2026 08:41:57 +0000

Threat actors are leveraging AI distribution platforms like Hugging Face and ClawHub to distribute malware. This involves social engineering tactics to deceive users into downloading files that contain malicious code. Instead of directly compromising AI agents, the attackers abuse user trust by injecting indirect prompts into resources that the AI accesses. Acronis reported that on ClawHub, nearly 600 malicious skills across 13 developer accounts were identified distributing trojans, cryptominers, and information stealers targeting both Windows and macOS. On Hugging Face, attackers created repositories hosting malicious files designed to stage multi-step infection chains leading to infostealers, trojans, malware loaders, and other types of malware targeting Windows, Linux, and Android. This tactic allows attackers to bypass traditional security measures and leverage the platforms’ reputation for trusted AI tooling.

Attack Chain

Attacker creates a malicious repository or skill on Hugging Face or ClawHub.
The repository or skill contains files that appear legitimate but include malicious code.
The attacker uses social engineering to entice users to download the files.
Upon execution, the malicious code fetches additional payloads from external sources.
For macOS, the payload can be Atomic macOS Stealer (AMOS) Stealer.
The downloaded payload executes commands to install hidden dependencies.
The malware establishes persistence on the victim’s system.
The malware performs its intended malicious actions, such as stealing information or mining cryptocurrency.

Impact

Successful attacks can lead to the installation of various types of malware, including infostealers, trojans, cryptominers, and malware loaders. The targeted platforms include Windows, macOS, Linux, and Android, potentially impacting a wide range of users and systems. The abuse of trust in AI distribution platforms poses a significant risk, as users may be less likely to scrutinize files from these sources. Acronis identified close to 600 malicious skills on ClawHub alone, indicating the scale of this threat.

Recommendation

Monitor process creation events for execution of downloaded files from Hugging Face or ClawHub with unusual parent processes using the “Detect Suspicious Process Execution from AI Platforms” Sigma rule.
Implement network monitoring to detect connections to known malicious domains or IPs associated with malware distribution campaigns that originate from processes associated with AI platform tooling.
Educate users about the risks of downloading files from untrusted sources, even on trusted platforms like Hugging Face and ClawHub.
Regularly scan systems for known malware signatures and indicators of compromise associated with infostealers and trojans.

ClickFix 'BackgroundFix' Campaign Delivers CastleLoader, NetSupport RAT, and CastleStealer

hello@craftedsignal.io — Thu, 30 Apr 2026 13:00:00 +0000

The BackgroundFix campaign is a social engineering scheme using fake “remove your photo background” services to deliver malware. Victims are lured to malicious sites mimicking legitimate image editing tools. The sites feature fake upload interfaces, progress bars, and download buttons to appear authentic. This campaign delivers a multi-stage payload, starting with CastleLoader. CastleLoader then drops NetSupport RAT, enabling remote access for the attackers, and CastleStealer, a custom .NET stealer designed to exfiltrate browser credentials, wallet extension data, and Telegram session files. This campaign appears to be active, with multiple domains sharing the same template.

Attack Chain

Victim searches for an online background removal tool and lands on a malicious BackgroundFix site.
The victim uploads an image to the fake website.
After clicking a checkbox, the site instructs the victim to copy a command to their clipboard.
The copied command executes finger.exe to query cheeshomireciple[.]com
finger.exe retrieves a batch script from the C2 server.
The batch script executes commands to download and execute further payloads.
CastleLoader is deployed, subsequently dropping NetSupport RAT and CastleStealer.
NetSupport RAT grants the attacker remote access, while CastleStealer exfiltrates sensitive data.

Impact

Successful attacks result in the installation of NetSupport RAT, granting attackers remote control over the compromised system. Additionally, CastleStealer exfiltrates sensitive information such as browser credentials, wallet extension data, and Telegram session files. This stolen data can be used for further malicious activities, including financial fraud, identity theft, and unauthorized access to sensitive accounts. The active nature of the campaign and the use of multiple domains suggest a broad targeting scope.

Recommendation

Monitor process creation events for the execution of finger.exe with command-line arguments pointing to external domains (IOC: cheeshomireciple[.]com).
Deploy the Sigma rule to detect the execution of finger.exe to identify potential initial access attempts.
Block the C2 domain cheeshomireciple[.]com at the DNS resolver to prevent initial payload delivery.
Monitor network connections for NetSupport RAT C2 communications on port 688 to detect compromised systems (IOCs: poronto[.]com:688, giovettiadv[.]com:688).

UNC6692 Combines Social Engineering, Malware, and Cloud Abuse

hello@craftedsignal.io — Tue, 28 Apr 2026 14:00:00 +0000

UNC6692 is a newly tracked, financially motivated threat group that employs a multi-stage intrusion campaign combining persistent social engineering and custom modular malware. The actor begins by flooding a target’s email inbox before contacting them via Microsoft Teams, posing as help desk personnel to resolve the issue. This leads to a phishing attack where victims are tricked into downloading and executing malicious payloads. UNC6692 abuses legitimate cloud infrastructure, specifically AWS S3 buckets, for payload delivery, command and control (C2), and data exfiltration, allowing them to bypass traditional network reputation filters. The group’s operations are focused on gaining access and stealing credentials for further actions, ultimately aiming to exfiltrate data of interest from compromised systems. The initial campaign was observed in late December.

Attack Chain

The attacker floods a target’s email inbox to create a sense of urgency.
The attacker contacts the target via Microsoft Teams, impersonating help desk personnel.
The attacker sends a phishing link via Teams, promising a local patch to fix the email spamming issue.
The target clicks the link, which downloads a renamed AutoHotKey binary and an AutoHotkey script from a threat actor-controlled AWS S3 bucket.
Execution of the AutoHotKey binary automatically runs the script, initiating reconnaissance commands and installing the SNOWBELT malicious Chromium browser extension.
SNOWBELT facilitates the download of additional tools, including the Snowglaze Python tunneler, the Snowbasin Python bindshell (used as a persistent backdoor), additional AutoHotkey scripts, and a portable Python executable with required libraries.
The attacker uses a Python script to scan the local network for ports 135, 445, and 3389 and enumerate local administrator accounts.
The attacker uses a local administrator account to initiate an RDP session via Snowglaze from the compromised system to a backup server, then dumps LSASS process memory and uses pass-the-hash to move laterally to the domain controller.

Impact

The UNC6692 attack leads to the compromise of targeted systems, credential theft, and potential data exfiltration. If successful, the attacker gains control over the domain controller, allowing them to access sensitive information and potentially cause significant damage to the organization. The abuse of AWS S3 buckets allows the threat actor to blend in with legitimate cloud traffic, making detection more difficult. The financial motivation suggests that stolen credentials and data could be used for further malicious activities, such as ransomware attacks or sale on the dark web.

Recommendation

Monitor for AutoHotKey execution, especially when associated with downloads from unusual locations like AWS S3 buckets, to detect initial payload execution (see Sigma rule below).
Implement network monitoring to detect unusual RDP connections initiated from compromised systems to internal servers, as this is a key lateral movement technique used by UNC6692 (see Sigma rule below).
Monitor for the installation of new Chromium extensions, especially those not distributed through the Chrome Web Store, as this is how the SNOWBELT malware is deployed.
Monitor for the use of Python scripts to scan the local network for open ports (135, 445, 3389) and enumerate local administrator accounts.
Investigate any Microsoft Teams messages delivering links that promise to fix technical problems, as this is the initial social engineering tactic used by UNC6692.

Drift Protocol $280M Crypto Theft Linked to North Korean Hackers

hello@craftedsignal.io — Mon, 06 Apr 2026 16:35:39 +0000

On April 1st, 2026, the Solana-based trading platform, Drift Protocol, experienced a sophisticated attack resulting in the theft of over $280 million. Investigations by Elliptic and TRM Labs point to North Korean hackers, possibly UNC4736 (also known as AppleJeus and Labyrinth Chollima), a threat actor previously linked to Lazarus. The attackers cultivated a presence within the Drift ecosystem over six months, posing as a quantitative firm. They approached Drift contributors in person at multiple crypto conferences, building trust and rapport. Communications continued via Telegram, where they discussed trading strategies and potential vault integrations, demonstrating technical proficiency and familiarity with Drift’s operations. The Telegram group was deleted immediately after the theft.

Attack Chain

Initial Reconnaissance: The threat actors posed as a quantitative firm to gather information about Drift Protocol and its contributors.
In-Person Engagement: The actors attended multiple crypto conferences, engaging with specific Drift contributors.
Relationship Building: They communicated with targets via Telegram, discussing trading strategies and potential vault integrations.
Potential Compromise: Two contributors were potentially compromised via a malicious code repository exploiting a VSCode/Cursor vulnerability allowing silent code execution, or via a malicious TestFlight application presented as a wallet product.
Privilege Escalation: The attack allowed the hijacking of the Security Council administrative powers.
Asset Draining: The attackers drained user assets in approximately 12 minutes.
Data Removal: The Telegram group used for engaging contributors was deleted immediately after the theft.
Funds Laundering: The stolen funds were likely transferred to attacker-controlled wallets and prepared for laundering, though the wallets have been flagged across exchanges and bridge operators.

Impact

The Drift Protocol suffered a loss of over $280 million, impacting users of the Solana-based trading platform. All Drift Protocol functions remain frozen, and the compromised wallets have been removed from the multisig process. The incident highlights the risks associated with social engineering and the importance of verifying the identities of individuals and organizations interacting with critical infrastructure. The attack has also raised concerns about the security practices within the cryptocurrency sector.

Recommendation

Monitor for unusual network activity and potential exploitation of VSCode/Cursor vulnerabilities via process_creation and network_connection logs using the “Detect Suspicious VSCode Code Execution” Sigma rule.
Monitor for suspicious applications installed via TestFlight, especially those presented as wallet products, using file_event logs and the “Detect Suspicious TestFlight Application Installation” Sigma rule.
Implement strict identity verification procedures for individuals and organizations interacting with sensitive systems and data.
Educate employees about social engineering tactics and the risks of interacting with unknown individuals or organizations.

Axios npm Package Compromised via Social Engineering

hello@craftedsignal.io — Sat, 04 Apr 2026 20:30:42 +0000

On April 4, 2026, the maintainers of the Axios HTTP client disclosed a social engineering attack targeting one of their developers. The attack, attributed to the North Korean threat actor UNC1069, involved impersonating a legitimate company to build trust with the targeted developer. The attacker used a fake Microsoft Teams update disguised as a critical error fix to deploy a remote access trojan (RAT). This RAT allowed the attackers to gain access to the developer’s system and npm credentials. The attackers then published two malicious versions of Axios (1.14.1 and 0.30.4) to the npm package registry. These malicious versions included a dependency called plain-crypto-js, which installed a RAT on macOS, Windows, and Linux systems. These versions were available for three hours, posing a supply chain risk to any systems that installed them during that period.

Attack Chain

The attacker identifies a target developer and initiates contact via LinkedIn/Slack, impersonating a legitimate company.
The attacker invites the developer to a Slack workspace populated with fake profiles and staged company activity.
A meeting is scheduled on Microsoft Teams, during which a fake “RTC Connection” error message is displayed.
The attacker prompts the developer to install a “Teams update” to resolve the error.
The fake update is a RAT malware, granting the attacker remote access to the developer’s machine.
The attacker steals the developer’s npm credentials, bypassing MFA due to already authenticated session.
The attacker publishes malicious versions of the Axios package (1.14.1 and 0.30.4) to the npm registry, injecting the plain-crypto-js dependency.
Systems installing the compromised Axios versions download and execute the plain-crypto-js package, resulting in RAT deployment and credential theft.

Impact

The compromise of the Axios npm package created a supply chain attack impacting an unknown number of systems across various sectors. Systems that installed the malicious versions (1.14.1 and 0.30.4) within the three-hour window are considered compromised. Successful exploitation results in the installation of a remote access trojan (RAT) capable of stealing credentials, browser data, and other sensitive information from macOS, Windows, and Linux systems. This can lead to further unauthorized access, data breaches, and potential financial loss.

Recommendation

Monitor npm package installations for the presence of the plain-crypto-js dependency, particularly in projects that use Axios versions 1.14.1 or 0.30.4.
Implement multi-factor authentication (MFA) for npm accounts and other developer accounts, but recognize that authenticated sessions can be hijacked.
Deploy the Sigma rule “Detect Suspicious NPM Package Installation” to detect potentially malicious package installations based on unusual parent processes (see below).
Block the domain associated with the malicious dependency plain-crypto-js at the DNS resolver.
Educate developers about social engineering tactics and the risks of installing software from untrusted sources.

Democratization of Business Email Compromise (BEC) Attacks

hello@craftedsignal.io — Fri, 03 Apr 2026 12:00:00 +0000

Business Email Compromise (BEC) attacks have historically targeted large organizations with significant payouts justifying the required time investment. However, recent trends indicate a democratization of BEC, with smaller organizations becoming increasingly targeted. This shift is largely driven by the adoption of AI, enabling attackers to rapidly reconnoiter and tailor content for smaller organizations at scale. Attackers are now targeting smaller community associations, charities, and businesses, recognizing that scamming smaller sums from many victims can be as profitable as scamming large sums from a few. These organizations are often less aware of the threat and thus more vulnerable.

Attack Chain

Reconnaissance: Attackers use AI-powered tools to gather information about target organizations and key personnel (e.g., community associations, small businesses).
Impersonation: Attackers craft emails impersonating trusted individuals within the organization (e.g., the chair of the association).
Request Initiation: The attacker sends an email requesting a fund transfer to an account they control, relying on social engineering to trick someone with payment authority.
Evasion: The initial email is often sent from a plausible email address or a compromised genuine account.
Account Compromise: Exploit React2Shell vulnerability (CVE-2025-55182) in Next.js applications to gain access to sensitive data, including cloud tokens, database credentials, and SSH keys, which are used for lateral movement.
Data Exfiltration: Sensitive data, including cloud tokens, database credentials, and SSH keys, is exfiltrated using custom framework called “NEXUS Listener”.
Obfuscation: Once received, funds typically pass through money mules or compromised personal accounts before being rapidly shuffled through multiple transfers, obscuring the trail.
Financial Gain: The attacker successfully initiates the fund transfer and receives the money.

Impact

The democratization of BEC attacks expands the threat landscape to include vulnerable small organizations. While the individual sums may be smaller, the cumulative impact of successful attacks can be significant. If successful, organizations suffer financial losses, potential data breaches through stolen credentials (related to CVE-2025-55182), and reputational damage. The European Commission investigated a breach after an Amazon cloud account hack, highlighting the potential for data leaks.

Recommendation

Educate employees, especially those with payment authority, about the signs of BEC scams, emphasizing unexpected requests for payment and the importance of verifying requests through separate channels (reference: Overview section).
Implement and enforce strict procurement rules that prevent any last-minute urgent payments (reference: Overview section).
Patch Next.js applications against React2Shell vulnerability (CVE-2025-55182) immediately and rotate potentially compromised credentials including API keys and SSH keys (reference: “The one big thing” section).
Deploy the following Sigma rule to detect suspicious process creation activity (reference: rules section).
Monitor for the presence of the malware files identified in the report using the provided SHA256 hashes (reference: IOCs section).

Palo Alto Networks Recruiting Impersonation Phishing Campaign

hello@craftedsignal.io — Wed, 25 Mar 2026 12:00:00 +0000

Since August 2025, a series of phishing campaigns have impersonated Palo Alto Networks talent acquisition staff, targeting senior-level professionals. The attackers leverage scraped LinkedIn data to craft personalized lures, enhancing the credibility of their outreach. This campaign involves social engineering to manufacture a bureaucratic barrier related to the candidate’s resume. The attackers falsely claim that the candidate’s resume failed to meet the applicant tracking system (ATS) requirements. They then offer to assist the candidate in acquiring a position for a fee, typically ranging from $400 to $800 for services like “executive ATS alignment” or “end-to-end executive rewrite.” The goal is to exploit the candidate’s professional ambitions by creating a sense of financial urgency and directing them to a third-party “expert” for paid services.

Attack Chain

Initial Outreach: Attackers send personalized emails posing as Palo Alto Networks talent acquisition staff, using flattering language and details from the victim’s LinkedIn profile.
Establish Rapport: The emails use legitimate company logos and signatures to appear authentic and build trust with the targeted professional.
Manufactured Crisis: Attackers claim the candidate’s resume failed to meet ATS requirements, creating a bureaucratic barrier.
Offer of Assistance: The “recruiter” offers “executive ATS alignment” services for a fee, suggesting an urgent need to update the resume.
Hand-off to “Expert”: The candidate is directed to a purported expert who provides structured service offers with specific price points (e.g., $400, $600, $800).
Time Pressure: The “recruiter” implies that the “review panel” has already begun, urging the candidate to update their CV within a limited timeframe.
Payment Solicitation: The “expert” offers to deliver the CV within hours, fitting the ostensible review window, but only after payment.
Financial Exploitation: Victims who comply with the demands pay for services that are never delivered, resulting in financial loss and potential identity theft.

Impact

This phishing campaign targets senior-level professionals, aiming to defraud them of hundreds of dollars through fabricated resume services. Multiple incidents have been reported, indicating a widespread effort to exploit individuals seeking job opportunities. If successful, victims lose money and may expose personal information, potentially leading to further identity theft or fraudulent activities. The campaign undermines trust in legitimate recruiting processes and damages the reputation of Palo Alto Networks.

Recommendation

Implement email filtering rules to flag messages from the IOC email addresses (paloaltonetworks@gmail[.]com, recruiter.paloalnetworks@gmail[.]com, phillipwalters006@gmail[.]com, posunrayi994@gmail[.]com).
Monitor network traffic and DNS queries for connections to domains resembling “paloaltonetworks” but with slight variations, as mentioned in the overview, and implement blocking where appropriate.
Educate employees and potential job candidates about this phishing scheme, emphasizing the importance of verifying recruiter identities and avoiding payment requests during the hiring process.
Deploy a Sigma rule to detect emails originating from free email providers (e.g. gmail.com) that claim to be from a specific organization based on email content and sender information (see rule below).