Threat Alerts

A newly discovered macOS infostealer has emerged, purpose-built to harvest sensitive data from Apple machines. Rather than exploiting a technical vulnerability, it relies entirely on social engineering, tricking users into executing a malicious command themselves through a fake CAPTCHA page — a technique known as ClickFix.
The final payload is written in Python and compiled into a native macOS binary, a combination that makes it significantly harder to analyze and detect compared to typical Python-based malware. This marks the first documented macOS campaign to pair ClickFix delivery with this type of compiled Python stealer.
The malware was initially tracked under a different internal name before the operator’s panel became publicly visible, exposing its true identity. The infection chain is straightforward but effective: a user lands on a deceptive page, follows what appears to be a routine verification step, and unknowingly triggers the malware’s execution. The combination of a low-friction delivery method with a technically obfuscated payload reflects a growing trend of threats that prioritize accessibility for operators while raising the bar for defenders.

Two versions of a widely used Python telephony SDK were published to PyPI in March 2026 containing malicious code injected into a core client file. With over one million downloads per month, the compromise carries significant supply chain risk for any developer or organization relying on the package.
The PyPI publishing credentials were stolen and used to upload trojaned versions directly to the package registry, while the source repository remained completely clean — a pattern consistent with previous attacks by the same threat actor. The malicious versions were uploaded manually using a stolen API token, bypassing the repository’s automated release pipeline entirely, as evidenced by a mismatch in the upload tool fingerprint. Only a single file was modified across both malicious versions, with 74 lines of injected code split across three points: imports at the top, an encoded payload variable in the middle, and attack functions appended after the legitimate class definitions.
The malicious code executes at module scope the moment the package is imported, requiring no explicit function call from the user. Both Windows and Linux/macOS attack paths use the same delivery technique: payloads are hidden inside WAV audio files by packing base64-encoded, XOR-encrypted data into a valid WAV container. The file passes basic file-type checks, effectively evading network security tools that inspect HTTP traffic for known malicious patterns. Once decoded, the payload either drops a persistent executable on Windows or harvests credentials on Linux/macOS, with stolen data encrypted using AES-256-CBC and an RSA-4096 public key before exfiltration. Attribution to the same threat group behind a prior, similar PyPI compromise is supported by an identical RSA public key found byte-for-byte in both attacks, as well as a shared archive naming convention used during exfiltration. The WAV steganography delivery technique is new to this campaign, suggesting the actor is actively evolving their methods.

CISA has added CVE-2025-53521 affecting F5 BIG-IP APM to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. The vulnerability enables unauthenticated remote code execution when an APM access policy is configured on a virtual server, positioning internet-facing authentication infrastructure as a high-risk target. Exploitation can result in root-level access to the appliance, creating opportunities for credential interception, persistence, and lateral movement from a highly privileged edge device.

From an attack chain perspective, exploitation is performed remotely without authentication by sending crafted traffic to a vulnerable BIG-IP APM virtual server. This triggers memory corruption within the Traffic Management Microkernel (TMM), allowing attackers to execute arbitrary code with elevated privileges. Operating within the APM data plane, threat actors can directly interact with authentication and session management processes, enabling access to session tokens and credential material. This level of control allows manipulation of access policies, session hijacking, and use of the device as a pivot point into internal networks, effectively bypassing perimeter security controls. Observed post-exploitation activity in related reporting includes the use of backdoors to establish persistent command-and-control over encrypted channels. While no specific threat actor has been formally attributed, prior compromise of F5’s internal environment by a sophisticated nation-state actor increases the likelihood of rapid weaponization and continued targeting of exposed BIG-IP deployments.

Following the escalation triggered by Operation Epic Fury, cyber activity linked to the conflict continues to expand, with increased reconnaissance, cybercrime-linked tooling, and coordinated operations by Iranian-aligned actors and hacktivist groups.

– Stealth-Focused Intrusion Patterns Emerging:
Recent activity shows emphasis on persistent access, credential compromise, and indirect targeting via third-party ecosystems rather than overt disruption.
– Telegram-Based C2 and Bot Infrastructure Usage:
MuddyWater-linked campaigns observed leveraging Telegram bot frameworks and automated communication channels for covert command-and-control.
– Malicious Application-Based Access Techniques:
Handala campaigns include fake application deployment targeting Windows users to establish persistence and collect sensitive data.
– Continued Targeting of Industrial and Critical Systems:
Iranian-aligned actors linked to ICS/OT reconnaissance and potential access claims, including exposure of industrial control interfaces.
– Geographic Diversification of Hacktivist Campaigns:
Groups such as NoName057(16), Keymous+ and DieNet expanded operations across Europe and the Middle East targeting public services and enterprises.