Threats Tagged 't1564'

Between February and May 2026, researchers identified five malicious skills on ClawHub, OpenClaw's AI agent marketplace, that evaded detection by VirusTotal and ClawScan. The threats included two macOS infostealers communicating with command-and-control infrastructure, one skill using file padding to bypass scanner thresholds, and two novel agentic threats exploiting the AI supply chain for financial gain. The infostealers delivered payloads including AMOS malware through Base64-encoded droppers and paste-site redirects. One skill implemented runtime affiliate injection by forcing agents to recommend products through malicious referral links, while another orchestrated a front-running scheme using coordinated AI agents to manipulate cryptocurrency token launches. These attacks demonstrate how malicious actors exploit semantic instruction hijacking and the lack of isolation between skill logic and agent authority to compromise AI agent ecosystems.

Since late 2025, cybercriminals have been exploiting Wallpaper Engine, a popular live wallpaper application on Steam, to distribute malware through Steam Workshop. Attackers target primarily Chinese and Russian gamers by embedding malicious code within application wallpapers shared on the platform. These compromised wallpapers deliver various malware types including infostealers, backdoors, crypto miners, and ransomware. One analyzed sample dropped DarkKomet backdoor while hijacking Steam sessions to steal account credentials. The malware modifies system libraries to locate Steam installations and exfiltrate data to attacker-controlled servers. Compromised accounts are then used to upload additional malicious wallpapers. The diverse malware families suggest multiple independent hacking groups are exploiting this distribution method. Infected wallpapers received thousands of downloads before removal, with 89% of infections occurring in China.

MediumMalwareBritish Indian Ocean TerritoryCanadaChina+5#account hijacking#vidar#wallpaper engine