In March, JFrog Security Research documented a malware campaign titled GhostClaw/GhostLoader.
Since the original documentation of this campaign, Jamf Threat Labs examined multiple GitHub repositories associated with this same activity, including at least eight newly identified samples.
While analyzing these repositories, Jamf uncovered additional infrastructure and previously undocumented infection vectors, demonstrating that this campaign extends beyond the npm-based delivery mechanisms described in earlier research.
Jamf says this shift in distribution broadens the infection pool beyond developers installing packages from npm to include any user or automated workflow willing to execute commands sourced from online instructions. You can read the complete report here.
I hope you’ll help support Apple World Today by becoming a patron. Almost all our income is from Patreon support and sponsored posts. Patreon pricing ranges from $2 to $10 a month. Thanks in advance for your support.
