Researchers at BlackFog have detailed OnyxC2, a new malware-as-a-service sold on cybercrime forums that packages professional-grade data theft for as little as $250 a month, with a $500 premium tier adding hidden-desktop control and a $6,000 buyout option. It ships with a polished control panel and ready-made lures disguised as FinePrint, Windows Settings, a fake Windows update, and a game installer. Its payloads slipped past VirusTotal scanning when first uploaded and were still undetected weeks later, and builds use AES-256 encryption. The low price and turnkey design lower the barrier for less-skilled criminals to run capable infostealing campaigns.
McAfee has detailed WeedHack, a malware-as-a-service infostealer campaign that has infected more than 116,000 systems since January by targeting Minecraft players. The malware spreads through malicious Minecraft mods, clients, cheats, and utilities promoted via YouTube videos (some with voice-over narration and thousands of views) and SEO poisoning of keywords matching popular clients like Meteor, Wurst, LiquidBounce, and Impact. WeedHack averages 2,000-3,000 infections daily, mostly in the US, Germany, India, and the UK, across 240+ distribution URLs and 3,820 unique malicious JAR files. It offers customers a dashboard to view stolen credentials and victim data. Some fake sites even link to legitimate GitHub repos to fabricate credibility.
Ukrainian cyberpolice working with US law enforcement have identified an 18-year-old man from Odesa as the suspected operator of an infostealer operation that ran from 2024 through 2025 against customers of a California online retailer. The malware harvested 28,000 customer accounts; the operators used about 5,800 of them to make $721,000 in unauthorized purchases, leaving the retailer with around $250,000 in direct losses including chargebacks. The suspect ran the back-end infrastructure for processing and selling stolen session tokens. Police searched two residences and seized computers, phones, and bank cards. No arrest has been announced yet.
After TeamPCP dumped the Shai-Hulud worm's source code on GitHub last week with the note 'Here We Go Again - Let the Carnage Continue,' a new actor under the npm name deadcode09284814 has published four malicious packages typosquatting Axios and friends. One package, chalk-tempalte, contains an almost-unmodified copy of the leaked worm, exfiltrating GitHub tokens, cloud configs, and crypto wallet data to a remote C2 and creating a public GitHub repo titled 'A Mini Sha1-Hulud has Appeared.' Another package, axois-utils, adds a Go-based DDoS bot called Phantom Bot that floods HTTP, TCP, and UDP. OXsecurity, which discovered the campaign, counted about 2,678 combined downloads.
SentinelOne has documented a new variant of the SHub macOS infostealer family called Reaper. Victims are lured through fake WeChat and Miro installers hosted on typo-squatted Microsoft domains, then prompted to run what looks like an Apple security update. Reaper avoids macOS Tahoe's new Terminal protections by routing its commands through the applescript:// URL scheme. Once running, it steals browser credentials, crypto wallets, dev configs, iCloud data, and Telegram sessions, replaces legitimate Exodus, Ledger, and Trezor wallet apps with backdoored copies, and installs a persistent fake Google Software Update LaunchAgent that gives the attacker an ongoing remote shell. Files larger than 85MB are uploaded in 70MB chunks.
Flare published a deep profile of REMUS, the 64-bit infostealer that emerged in early 2026 after Lumma Stealer's core operators were doxxed in late 2025. Gen Threat Labs links REMUS directly to Lumma's codebase through 'Tenzor' transitional builds from September 2025, identical string obfuscation, anti-VM checks via cpuid leaf 0x40000000, and a refined Application-Bound Encryption bypass for Chromium browsers. The malware harvests browser passwords, cookies, autofill, crypto wallets, and clipboard data, and uses EtherHiding (blockchain-based C2 resolution) for resilience. Flare's 128-post analysis of REMUS forum activity from Feb 12 to May 8 shows the operation has moved from rapid feature expansion into platform stabilization, with active customer-facing MaaS development.
Hackers are buying Google ads that look like they go to claude.ai - and they do go to a real claude.ai page. But the page is a shared Claude chat dressed up as 'Apple Support' walking users through installing Claude on a Mac. The instructions tell people to paste a command into Terminal that quietly downloads MacSync, a Mac infostealer that grabs saved browser passwords, cookies, and contents of macOS Keychain (where Mac stores logins and keys). Because both the ad and the page are real claude.ai links, there is no fake domain to spot. Researcher Berk Albayrak first reported the campaign; BleepingComputer found a second active variant.
Follow-up: this is the origin-story update to the Vercel breach disclosed April 19 (which our publication did not cover at the time). Hudson Rock traced the initial compromise to a Context.ai employee whose laptop was infected by Lumma Stealer malware in February 2026 after the user downloaded Roblox 'auto-farm' scripts and game-exploit executors - a notorious delivery vector for infostealers. The malware harvested that employee's Google Workspace credentials plus access keys and logins for Supabase, Datadog, and Authkit. The haul also included the support@context.ai account, letting the attacker escalate inside Context.ai, reach its AWS environment, and then pivot through compromised Google Workspace OAuth tokens into a Vercel employee's enterprise workspace that had granted the 'AI Office Suite' app 'Allow All' permissions. The attacker (ShinyHunters, now selling the data for $2M on BreachForums) read Vercel environment variables not flagged as 'sensitive.' Google pulled the Context.ai Chrome extension (ID omddlmnhcofjbnbflmjginpjjblphbgk) on March 27 - it embedded an OAuth grant for read access to users' entire Google Drive. The lesson is brutal: one employee's personal risky behavior on a work device cascaded through four SaaS platforms into a supply-chain breach that a threat actor is now auctioning.
A new supply-chain worm is loose on npm, stealing developer credentials and republishing itself automatically from whichever compromised account it lands on. Socket and StepSecurity identified the attack in packages published by Namastex Labs, a company that builds agentic AI tooling, with 16 package versions confirmed malicious so far and the first poisoned release (pgserve 1.1.11 on April 21 at 22:14 UTC) followed by two more the same day. The injected code grabs tokens, API keys, SSH keys, credentials for cloud services, CI/CD systems, container registries, and LLM platforms, plus Kubernetes and Docker configs, then rifles through Chrome and Firefox for cryptocurrency wallet data including MetaMask, Exodus, Atomic Wallet, and Phantom. If the malware finds an npm publish token in environment variables or ~/.npmrc, it identifies every package the victim can publish, injects itself into each, bumps the version, and republishes - a worm in the literal sense. It applies the same trick to PyPI via a .pth-based payload if Python credentials are present, making this a cross-ecosystem threat. Socket and StepSecurity note the techniques mirror TeamPCP's CanisterWorm attacks but stop short of definitive attribution.
Kaspersky researchers uncovered CrystalRAT, a new malware-as-a-service sold via Telegram and promoted on YouTube with a tiered subscription model. Built in Go, it combines remote access via VNC, keylogging, clipboard hijacking for crypto wallet theft, browser credential stealing from Chromium/Yandex/Opera, and data harvesting from Steam, Discord, and Telegram. Each buyer gets a uniquely encrypted build using ChaCha20, making detection harder. Kaspersky warns that new versions are still shipping, and the victim count is likely to grow.