Introduction

This analysis examines a novel supply chain attack that blends malware, blockchain, npm, github, opensource, payloads, ethereum, contracts, fake repositories, trust abuse, and rotation. Security researchers uncovered a campaign in which attackers embed obfuscated scripts in npm packages that consult ethereum contracts to locate secondary payloads. The technique transforms blockchain state into a dynamic control plane for malware and leverages fabricated repository activity to exploit trust in opensource ecosystems.

PromptLock AI-Powered Ransomware Leveraging Open-Weight Models to Generate Lua Payloads

Introduction

Introduction

QuirkyLoader Unveiled A Modular Malware Loader Delivering Multi-Payload Attacks presents a concise and detailed picture of a modular loader observed since November 2024. This investigation synthesizes technical analysis and campaign reporting to explain how quirkyloader operates as a loader that leverages dll-side-loading, process-hollowing, aot compiled dotnet components and a flexible payload catalog that includes agent-tesla, asyncrat, snake-keylogger, remcos-rat, formbook, masslogger and rhadamanthys-stealer. The following material integrates threat-intelligence from ibm-x-force and related research while preserving evidence on email-spam delivery, targeted-campaigns, memory-resident execution, native-like-binaries appearance and high-level implications for credential-theft, keystroke capture and data-exfiltration.