credential stealer
-
Threat actors abuse patched FortiClient EMS flaw to push credential stealer
Threat actors are exploiting a patched FortiClient EMS flaw to push a credential stealer disguised as a Fortinet update, according to a technical analysis from Arctic Wolf. The campaign affects managed endpoints and can expose browser data, cookies and saved credentials.
-
Compromised Nx Console VS Code extension targeted developers in supply chain breach
A compromised Nx Console VS Code extension spread credential-stealing malware to developers after being published on the Microsoft marketplace. The incident affected more than 2.2 million installations and prompted update and credential-rotation warnings.
-
Researchers find 10 typosquatted npm packages delivering cross‑platform credential stealer
Researchers reported a set of 10 typosquatted npm packages, uploaded on July 4, 2025 and downloaded over 9,900 times, that deploy an obfuscated, multi-stage information stealer which harvests credentials from browsers and system keyrings on Windows, Linux and macOS.
-
Iran-linked MuddyWater used compromised email to deliver Phoenix backdoor to 100+ MENA government targets, Group-IB says
Group-IB says Iran-linked MuddyWater used a compromised mailbox accessed via NordVPN to phish MENA organisations, deploying weaponised Word documents that installed the Phoenix v4 backdoor across more than 100 government targets and hosting RMM tools and a browser credential stealer on its C2 infrastructure.
