Malware

Threat actors have used a multi-stage framework deploying a remote access trojan and a fake information-stealing Google Docs Offline extension for Chrome in yet another twist to the GlassWorm campaign, The Hacker News reports.

Intrusions harnessing the PolyShell exploit impacting Adobe Commerce and Magento Open Source instances have already compromised 56.7% of all vulnerable e-commerce stores since widespread exploitation commenced last week, reports BleepingComputer.

Infosecurity Magazine reports that multiple malicious npm packages with downloader capability have shown bogus installation logs to stealthily inject cryptocurrency wallet and sensitive information-stealing malware as part of the new Ghost campaign that commenced in early February.

Intrusions weaponizing searches for illicit tax-related documents to spread trojanized ConnectWise ScreenConnect installers that facilitate a bring your own vulnerable driver attack have been launched against individuals across the U.S. as part of a widespread malvertising campaign that has been underway since January, The Hacker News reports.

BleepingComputer reports that U.S. education technology firm Infinite Campus has disclosed a data breach stemming from the hack of an employee's Salesforce account after the ShinyHunters threat operation threatened to leak data purportedly pilfered from the popular K-12 student information system provider on March 25.

An Android spyware operation known as ClayRat that briefly gained traction in Russia has imploded within months of its launch, undone by security blunders and the arrest of its suspected developer, according to The Record, a news site by cybersecurity firm Recorded Future.

North Korean threat operation WaterPlum, which runs the Contagious Interview campaign, has leveraged malicious VS Code projects to deliver the new StoatWaffle malware since December, reports The Hacker News.

TrioTech International, a California-based global semiconductor back-end solutions provider offering manufacturing, testing, and distribution services, has disclosed that its Singaporean subsidiary has been compromised in a March 11 ransomware attack, which has been claimed by the Gunra ransomware operation, according to SecurityWeek.