Table of Contents
Subscribe
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
All Resources
This Week in Numbers
- 22 distinct adversaries active in the AiStrike intelligence pipeline this week, of which 16 are entirely new (did not appear in last week’s advisory).
- 1,488 raw indicators filtered to 431 unique IOCs after de-duplication. Hash artefacts lead at 303, followed by 68 multi-type artefacts, 28 URLs, 27 IPs, and 5 domains.
- Severity composition: 394 indicators (91%) at High;35 at Low (SD-WAN scanner population); 2 at Medium.
- Classification mix: Malware 277 · Malware Campaigns 107 · SCAN 35 · ThreatActor 10 · C2 2. The campaign concentration is the highest weekly ratio catalogued this quarter.
- Cross-platform reach: dedicated malware families surfaced against Windows , macOS, Android, and IIS-class web servers.
Key Trends Driving the Week
- Supply-chain compromises are now weekly background radiation
Three distinct supply-chaindisclosures landed within 168 hours — across three different developerecosystems. A widely-used JavaScript templating package on npm was hijacked toredirect browsers to an iOS exploit framework. An open-source CI/CD workflow runnerhad every existing tag silently rewritten to point at imposter commits thatexfiltrate pipeline credentials. And the long-running BadIISweb-server malware family resurfaced with a new variant traceable to a singledeveloper alias active since 2021. The operationaltheme: defenders can no longer treat public registries, workflow marketplaces,or third-party plugin sources as trusted upstream. - A critical SD-WANauthentication bypass is under active scan
CVE-2026-20182 lets a remote, unauthenticated attacker takeadministrative control of affected SD-WAN edge appliances. Post-compromiseactivity already observed includes webshell deployment (the XenShell family)and persistent operator footholds. 17 distinct scanner IPs in thisweek’s feed are operator infrastructure enumerating exposed installations. Thisis the single highest patch priority of the week for any organisation operatingaffected appliances. - Mobile malware reaches amulti-platform peak
Three differentmobile-focused families surfaced in the same seven-day window. AMOS —the dominant macOS infostealer of 2025 — published fresh infrastructure. Anatsa,a long-running Android banking trojan, was delivered through a fakedocument-reader app on the official Android marketplace that reached over10,000 downloads before takedown. AntiDot, an Androidmalware-as-a-service framework, surfaced fresh artefacts on underground forums. - VoIP toll-fraud returns tothe agenda
The tracked threat-actorcluster INJ3CTOR3 was observed running a six-layer persistence chainagainst open-source VoIP server infrastructure. A previously undocumentedwebshell family (JOMANGY) was deployed alongside the known ZenharR webshell toroute fraudulent international calls through victims’ SIP trunks. Thefinancial-loss vector is direct — every minute of fraudulent traffic appears onthe victim’s monthly telco invoice, often before any SIEM alert fires. - The infostealer long tailkeeps growing
Five distinct stealerfamilies surfaced this week — a310Logger, Aura Stealer, BlackSeeStealer,ApexTraderRAT, and Arechclient2 — all targeting browser credentials,cookies, crypto wallet artefacts, and OS-level secrets. The volume ofindependent stealer families is growing faster than any other adversary classin the AiStrike pipeline.
Critical Vulnerability ofthe Week: CVE-2026-20182
Technical summary. CVE-2026-20182 is an authentication-bypassvulnerability affecting specific SD-WAN edge appliance products. Successfulexploitation grants unauthenticated remote attackers complete administrativeaccess. Post-compromise activity already observed in the wild includes webshelldeployment (the XenShell family) and persistent operator footholds. The 35SCAN-classified indicators in this week’s feed represent operator scannerinfrastructure actively enumerating exposed installations.
Recommended actions
- Patch immediately. Apply vendor advisories for the affected SD-WAN edgeappliance product family. Treat this above all other patch priorities for theweek.
- Verify management interfaceexposure. Confirm managementinterfaces are not internet-reachable. Many compromises have started withmanagement interfaces inadvertently exposed.
- Hunt for XenShellwebshells. AiStrike has shippeddetection content for XenShell artefacts. Pivot against any post-compromisepersistence indicators in this advisory’s IOC tables.
- Block scannerinfrastructure. The 17 scanner IPs in theIOC table are operator infrastructure. Block at the perimeter and monitor forongoing reconnaissance attempts.
Featured Adversaries ThisWeek
- BadIIS Malware — IIS Web-Server Hijacker
159 indicators · Severity: High
What it does. A malware family that quietly installs onto production web servers running IIS, then hijacks visitor requests to redirect users toward malicious or illicit destinations. Operated as a service-for-hire; a new variant has been traced through embedded compilation markers to the developer alias lwxat, with continuous development since September 2021.
MITRE ATT&CK: T1505.004 · T1190 · T1071.001 · T1105 · T1059.001 · T1027 · T1574 - a310Logger — .NET Infostealer
71 indicators · Severity: High
What it does. A C# credential-stealing malware distributed via malspam campaigns. Targets browser-saved passwords, email-client credentials, and other secrets on infected Windows machines. Industry impact spans enterprises, individuals, and financial services.
MITRE ATT&CK: T1566 · T1204.002 · T1555.003 · T1555 · T1005 · T1041 - Compromised CI/CD Workflow Runner — Pipeline Credential Exfiltration
69 indicators · Severity: High
What it does. A popular open-source CI/CD workflow component was tampered with so that every project pulling it would silently exfiltrate the credentials inside its build environment. The tag-rewriting technique is particularly insidious — projects pinning to a specific tag still pull the malicious code, even if they thought they were locked to a known-good version.
MITRE ATT&CK: T1195.002 · T1554 · T1078 · T1213.003 · T1552.004 · T1041 - Compromised npm Templating Package — iOS Exploit Delivery
38 indicators · Severity: High
What it does. A widely-used JavaScript templating package on the public npm registry was hijacked after the maintainer’s account was compromised. The packaged backdoor pushes affected browsers to a watering-hole hosting an iOS Safari exploit framework targeting specific iOS versions. Warnings on the project’s tracker were deleted by the new maintainer to suppress discovery.
MITRE ATT&CK: T1195.001 · T1189 · T1190 · T1204.001 · T1608.004 · T1071.001 - INJ3CTOR3 — VoIP Toll-Fraud Threat Cluster
10 indicators · Severity: High
What it does. A financially-motivated cluster targeting open-source VoIP server infrastructure since 2019. Deploys a six-layer Bash dropper that installs a previously-undocumented PHP webshell (JOMANGY) alongside the known ZenharR webshell to route fraudulent international calls through victims’ SIP trunks for direct financial gain.
MITRE ATT&CK: T1190 · T1505.003 · T1059.004 · T1546 · T1071.001 · T1657 · T1090 - AMOS — macOS Information Stealer
8 indicators · Severity: High
What it does. The leading macOS-targeting malware family of 2025, accounting for roughly 40% of macOS-protection updates last year. Sold as malware-as-a-service. Steals Keychain data, browser credentials, cookies, and cryptocurrency wallet artefacts. Distribution vectors include poisoned search results and fake AI-assistant download pages.
MITRE ATT&CK: T1566.002 · T1608.006 · T1204.002 · T1555.001 · T1555.003 · T1539 · T1041 - Banana RAT (SHADOW-WATER-063) — Brazilian Banking Trojan
8 indicators · Severity: High
What it does. A banking trojan targeting Brazilian financial institutions, including the Pix instant-payment system. Generates a unique polymorphic payload per victim, hides itself via fileless PowerShell execution, then takes remote control of the victim’s session to commit Pix QR-code fraud. Layered obfuscation and AES-wrapped payloads frustrate endpoint detection.
MITRE ATT&CK: T1566 · T1059.001 · T1027 · T1027.002 · T1056.001 · T1113 · T1185 · T1657 - Anatsa — Android Banking Trojan via Official App Store
6 indicators · Severity: High
What it does. A long-running Android banking trojan repeatedly finding its way onto the official Android marketplace. This week’s vehicle was a fake document-reader app that reached over 10,000 downloads before removal.
MITRE ATT&CK: T1660 · T1404 · T1417.001 · T1417.002 · T1412 · T1641 · T1437.001
Three Independent Supply-Chain Compromises in One Week
Three distinct supply-chain disclosures landed within the 18 – 24 May window, each touching a different developer ecosystem. The common operational theme: defenders cannot any longer treat public registries, workflow marketplaces, or third-party plugin sources as trusted upstream.
- Public Package Registry — Templating Library Hijack
A widely-used JavaScript templating package on the public npm registry was taken over after the original maintainer’s project was compromised. The new maintainer published malicious versions and deleted issues on the project’s tracker that warned about suspicious behaviour. The packaged backdoor redirects affected browsers to a watering-hole that delivers an iOS exploit framework targeting iPhones running specific iOS versions. - CI/CD Workflow Action — Tag-Rewriting Credential Theft
An open-source CI/CD workflow action used by many projects had every existing tag silently moved to point to an imposter commit that does not appear in the action’s normal commit history. The malicious commit exfiltrates credentials from any CI/CD pipeline that runs the action. The tag-rewriting technique is particularly insidious — projects pinning to a specific tag still pull the malicious code, even if they thought they were locked to a known-good version. - IIS Web-Server Module — Long-Running Server-Side Hijack
The BadIIS family resurfaced with a new variant whose embedded compilation markers show continuous development from September 2021 through January 2026 by a developer alias known as lwxat. The malware hijacks web-server request handling and redirects visitors to illicit destinations — a server-side supply-chain pattern that affects every visitor to a compromised site, not just developers pulling a malicious dependency.
How to Operationalise This Advisory
AiStrike’s preemptive defense platform has already ingested every indicator, mapped every adversary to MITRE ATT&CK, and generated detection content for the campaigns referenced in this advisory. The actions below are the highest-leverage moves for security teams this week, in priority order.
- Patch SD-WAN edge appliances against CVE-2026-20182. The combination of unauthenticated remote exploitation, confirmed active scanning, and confirmed post-compromise webshell deployment makes this the single highest patch priority of the week.
- Audit your CI/CD workflow inventory. Identify every workflow action pulled from third-party sources. Confirm the action’s commit history matches what you expect (tags should point to verifiable commits in the normal history, not imposter commits). Where possible, pin actions to specific commit SHAs rather than mutable tags.
- Lock down public-package-registry consumption. Maintain an internal mirror or curated allow-list for production dependencies. Treat every package update as a small change-control event.
- Inventory IIS-class web servers and validate request-handler modules. Compare loaded modules against a known-good baseline. Unexplained handler registrations are a high-fidelity signal of BadIIS-family compromise.
- Push the AMOS and Anatsa indicator sets into enterprise mobile-management blocklists. Both campaigns are predominantly URL- and hash-driven — the detection cost is trivial and the lift is substantial.
- Baseline VoIP and SIP trunk usage. If your organisation runs internal VoIP infrastructure, monitor outbound call volume and international-call patterns. INJ3CTOR3-class toll fraud surfaces first on the telco invoice; defenders running their own VoIP should catch it sooner.
The AiStrike Difference
Full Weekly IOC Summary
Sixteen unique adversaries tracked this week, ordered by indicator volume. The complete dataset is available to AiStrike customers in the threat-intelligence module.
Top Indicator Sample: IP Addresses
Top Indicator Sample: Domains and URLs
Indicators in this advisory have been de-duplicated against the prior week. Confidence scores are produced by the AiStrike intelligence pipeline (0–100). The complete dataset, including all 431 unique indicators across 16 adversaries, is available to AiStrike customers through the platform.
.png)
.png)
.png)
.webp)
.webp)
.png)
.png)
.png)
.png)
.png)
.svg)
.png){kind=icon}