{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/acronis/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Atomic macOS Stealer (AMOS)"],"_cs_severities":["high"],"_cs_tags":["malware","social-engineering","ai-platforms"],"_cs_type":"advisory","_cs_vendors":["Hugging Face","Acronis"],"content_html":"\u003cp\u003eThreat actors are leveraging AI distribution platforms like Hugging Face and ClawHub to distribute malware. This involves social engineering tactics to deceive users into downloading files that contain malicious code. Instead of directly compromising AI agents, the attackers abuse user trust by injecting indirect prompts into resources that the AI accesses. Acronis reported that on ClawHub, nearly 600 malicious skills across 13 developer accounts were identified distributing trojans, cryptominers, and information stealers targeting both Windows and macOS. On Hugging Face, attackers created repositories hosting malicious files designed to stage multi-step infection chains leading to infostealers, trojans, malware loaders, and other types of malware targeting Windows, Linux, and Android. This tactic allows attackers to bypass traditional security measures and leverage the platforms\u0026rsquo; reputation for trusted AI tooling.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker creates a malicious repository or skill on Hugging Face or ClawHub.\u003c/li\u003e\n\u003cli\u003eThe repository or skill contains files that appear legitimate but include malicious code.\u003c/li\u003e\n\u003cli\u003eThe attacker uses social engineering to entice users to download the files.\u003c/li\u003e\n\u003cli\u003eUpon execution, the malicious code fetches additional payloads from external sources.\u003c/li\u003e\n\u003cli\u003eFor macOS, the payload can be Atomic macOS Stealer (AMOS) Stealer.\u003c/li\u003e\n\u003cli\u003eThe downloaded payload executes commands to install hidden dependencies.\u003c/li\u003e\n\u003cli\u003eThe malware establishes persistence on the victim\u0026rsquo;s system.\u003c/li\u003e\n\u003cli\u003eThe malware performs its intended malicious actions, such as stealing information or mining cryptocurrency.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful attacks can lead to the installation of various types of malware, including infostealers, trojans, cryptominers, and malware loaders. The targeted platforms include Windows, macOS, Linux, and Android, potentially impacting a wide range of users and systems. The abuse of trust in AI distribution platforms poses a significant risk, as users may be less likely to scrutinize files from these sources. Acronis identified close to 600 malicious skills on ClawHub alone, indicating the scale of this threat.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process creation events for execution of downloaded files from Hugging Face or ClawHub with unusual parent processes using the \u0026ldquo;Detect Suspicious Process Execution from AI Platforms\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement network monitoring to detect connections to known malicious domains or IPs associated with malware distribution campaigns that originate from processes associated with AI platform tooling.\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of downloading files from untrusted sources, even on trusted platforms like Hugging Face and ClawHub.\u003c/li\u003e\n\u003cli\u003eRegularly scan systems for known malware signatures and indicators of compromise associated with infostealers and trojans.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-01T08:41:57Z","date_published":"2026-05-01T08:41:57Z","id":"/briefs/2026-05-huggingface-clawhub-malware/","summary":"Threat actors are using social engineering to distribute malware via AI distribution platforms such as Hugging Face and ClawHub by tricking users into downloading malicious files, which leads to malware infections on Windows, macOS, Linux, and Android systems.","title":"Malware Distribution via Hugging Face and ClawHub","url":"https://feed.craftedsignal.io/briefs/2026-05-huggingface-clawhub-malware/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-41220"},{"cvss":7.8,"id":"CVE-2026-41952"}],"_cs_exploited":false,"_cs_products":["Cyber Protect Cloud Agent"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","acronis","agent"],"_cs_type":"advisory","_cs_vendors":["Acronis"],"content_html":"\u003cp\u003eMultiple vulnerabilities exist within the Acronis Cyber Protect Cloud Agent that could allow an authenticated attacker, either locally or remotely, to escalate their privileges. The vulnerabilities are within the core functionality of the Acronis agent, and successful exploitation could lead to elevated access within the target system. The advisory does not specify the exact nature of the vulnerabilities, but the potential impact of privilege escalation is significant for defenders, as it allows attackers to perform actions they would normally be restricted from doing, such as installing software, modifying data, and accessing sensitive information.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains initial access to a system with a valid, but low-privileged, account. This could be achieved through phishing, compromised credentials, or other means.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a vulnerable version of the Acronis Cyber Protect Cloud Agent running on the system.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages one of the unspecified vulnerabilities within the Acronis agent through local interaction with the Acronis agent service.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation of the vulnerability allows the attacker to bypass access controls and execute code with elevated privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker uses their newly acquired privileges to install malicious software, such as a keylogger or remote access trojan.\u003c/li\u003e\n\u003cli\u003eThe attacker uses their privileges to access sensitive data, such as user credentials, financial records, or intellectual property.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes persistence on the system by creating a new privileged account or modifying existing system configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised system as a pivot point to further compromise other systems within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could allow attackers to gain complete control over affected systems. The number of potential victims is widespread, as Acronis Cyber Protect Cloud Agent is used by numerous organizations for data protection and backup purposes. If an attacker successfully escalates privileges, they can steal sensitive data, install malware, disrupt critical services, and compromise the entire network. The consequences could include significant financial losses, reputational damage, and legal liabilities.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor for suspicious processes spawned by the Acronis Cyber Protect Cloud Agent that do not align with normal activity.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u003ccode\u003eSuspiciousAcronisChildProcess\u003c/code\u003e to detect unusual child processes spawned by the Acronis agent.\u003c/li\u003e\n\u003cli\u003eInvestigate any unauthorized modifications to system configurations or user accounts, particularly those performed by the Acronis Cyber Protect Cloud Agent using the \u003ccode\u003eRegistryModificationByAcronis\u003c/code\u003e Sigma rule.\u003c/li\u003e\n\u003cli\u003eApply the latest patches and updates to Acronis Cyber Protect Cloud Agent as soon as they become available from the vendor.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T10:19:14Z","date_published":"2026-04-30T10:19:14Z","id":"/briefs/2026-05-acronis-privesc/","summary":"Multiple vulnerabilities in Acronis Cyber Protect Cloud Agent can be exploited by a local or remote, authenticated attacker to escalate privileges.","title":"Acronis Cyber Protect Cloud Agent Multiple Vulnerabilities Allow Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-05-acronis-privesc/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Windows","Adobe Acrobat Update Task","Sure Click","Secure Access Client","CtxsDPS.exe","Openvpn-gui.exe","Veeam Endpoint Backup","Cisco Secure Client","Concentr.exe","Receiver","AnalyticsSrv.exe","Redirector.exe","Download Navigator","Jabra Direct","Vmware Workstation","Eset Security","iTunes","Keepassxc.exe","Globalprotect","Pdf24.exe","Vmware Tools","Teams"],"_cs_severities":["medium"],"_cs_tags":["persistence","defense-evasion","windows"],"_cs_type":"advisory","_cs_vendors":["Microsoft","Adobe","HP","Intel","Acronis","Java","Citrix","OpenVPN","Veeam","Cisco","Epson","Jabra","VMware","ESET","iTunes","KeePassXC","Palo Alto Networks","PDF24"],"content_html":"\u003cp\u003eThe Windows Installer (msiexec.exe) is a legitimate system tool used for installing, updating, and removing software on Windows systems. Adversaries can abuse msiexec.exe to establish persistence mechanisms by creating malicious scheduled tasks or modifying registry run keys. This allows them to execute arbitrary code during system startup or user logon. This technique is attractive to attackers due to msiexec.exe being a trusted Windows binary, potentially evading detection by security solutions that focus on flagging unknown or suspicious processes. The use of msiexec.exe for persistence can be difficult to detect without specific monitoring rules, as it is a common and legitimate system process. This activity can be observed across various Windows versions and is frequently integrated into automated attack frameworks and scripts.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains initial access to a compromised system, potentially through phishing, exploitation of a vulnerability, or stolen credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages msiexec.exe to create a new scheduled task using the \u003ccode\u003eschtasks.exe\u003c/code\u003e command, setting it to execute a malicious script or binary.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker uses msiexec.exe in conjunction with \u003ccode\u003ereg.exe\u003c/code\u003e or PowerShell to modify registry keys under \u003ccode\u003eHKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\u003c/code\u003e or \u003ccode\u003eHKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\u003c/code\u003e, adding a pointer to their malicious executable.\u003c/li\u003e\n\u003cli\u003eThe created scheduled task or registry entry points to a malicious payload, such as a reverse shell or a downloader.\u003c/li\u003e\n\u003cli\u003eThe system is restarted, or the user logs on, triggering the execution of the newly created scheduled task or the malicious binary through the modified registry run key.\u003c/li\u003e\n\u003cli\u003eThe malicious payload executes, establishing a persistent foothold for the attacker on the compromised system.\u003c/li\u003e\n\u003cli\u003eThe attacker can now perform further actions, such as data exfiltration, lateral movement, or deployment of ransomware.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows the adversary to maintain persistent access to the compromised system. This can lead to data theft, system compromise, deployment of ransomware, or use of the system as a staging point for further attacks within the network. A single compromised system can be used to pivot and compromise additional systems, leading to a widespread security breach. The impact can include financial losses, reputational damage, and disruption of business operations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process creation events for msiexec.exe spawning \u003ccode\u003eschtasks.exe\u003c/code\u003e or \u003ccode\u003ereg.exe\u003c/code\u003e to create scheduled tasks or modify registry run keys (reference: rules in this brief).\u003c/li\u003e\n\u003cli\u003eImplement and tune the Sigma rules provided in this brief to detect suspicious msiexec.exe activity related to persistence mechanisms.\u003c/li\u003e\n\u003cli\u003eReview and audit existing scheduled tasks and registry run keys for any suspicious entries or anomalies.\u003c/li\u003e\n\u003cli\u003eEnable file integrity monitoring (FIM) on critical system directories, including the Windows Task Scheduler directory and registry run key locations (reference: event.category == \u0026ldquo;file\u0026rdquo; and file.path \u0026hellip; and event.category == \u0026ldquo;registry\u0026rdquo; and registry.path \u0026hellip; in the rule query).\u003c/li\u003e\n\u003cli\u003eImplement application control policies to restrict the execution of unauthorized or unknown executables (reference: rule query).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-09-05T14:17:05Z","date_published":"2024-09-05T14:17:05Z","id":"/briefs/2024-09-msiexec-persistence/","summary":"Adversaries may establish persistence by abusing the Windows Installer (msiexec.exe) to create scheduled tasks or modify registry run keys, allowing for malicious code execution upon system startup or user logon.","title":"Persistence via Windows Installer (Msiexec)","url":"https://feed.craftedsignal.io/briefs/2024-09-msiexec-persistence/"}],"language":"en","title":"CraftedSignal Threat Feed — Acronis","version":"https://jsonfeed.org/version/1.1"}