Airstalk Malware: Sophisticated Windows Threat Targets Supply Chains

Cyber Security News by CyberSum.net

Published on October 31, 2025 at 06:00 AM

4 sources

Palo Alto Networks’ Unit 42 has discovered Airstalk, a sophisticated Windows malware family that uses VMware AirWatch APIs for covert command-and-control. Available in PowerShell and .NET variants, Airstalk is believed to be used by a nation-state threat actor in supply chain attacks. The malware steals browser data, credentials, and screenshots while evading detection through legitimate cloud service abuse. It targets organizations through trusted third-party vendors, with a focus on business process outsourcing (BPO) providers. The malware's advanced evasion techniques include using stolen certificates and manipulating PE timestamps.

Also Read

Lampion Banking Trojan Evolves with New Social Engineering Tactics

A cybercriminal group has refined its malware campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, active since 2019, targets Portuguese-speaking banks and uses complex infection methods to evade detection. Researchers have noted significant tactical evolution, including the use of ClickFix lures and compromised email accounts. The infection chain involves multiple obfuscated Visual Basic script stages, with the final payload being a 700MB DLL file designed to evade analysis. The threat actors maintain sophisticated infrastructure to support their operations, demonstrating a commitment to stealth and evasion.

By Cyber Security News by CyberSum.netOctober 31, 2025 at 09:00 AM