ReversingLabs discovers new malware hidden inside AI/ML models on PyPI, targeting Alibaba AI Labs users. Learn how attackers…

ReversingLabs discovers new malware hidden inside AI/ML models on PyPI, targeting Alibaba AI Labs users. Learn how attackers exploit Pickle files and the growing threat to the software supply chain.

Cybersecurity experts from ReversingLabs (RL) have discovered a new trick used by cybercriminals to spread harmful software, this time by hiding it within artificial intelligence (AI) and machine learning (ML) models. 

Researchers discovered three dangerous packages on the Python Package Index (PyPI), a popular platform for Python developers to find and share code, which resembled a Python SDK for Aliyun AI Labs services and targeted users of Alibaba AI labs.

Alibaba AI labs is a significant investment and research initiative within Alibaba Group and a part of Alibaba Cloud’s AI and Data Intelligence services, or Alibaba DAMO Academy.

****New Software Threat Hides in AI Tools****

These malicious packages, named aliyun-ai-labs-snippets-sdk, ai-labs-snippets-sdk, and aliyun-ai-labs-sdk, had no real AI functionality, explained ReversingLabs reverse engineer Karlo Zanki in the research shared with Hackread.com.

“The ai-labs-snippets-sdk package accounted for the majority of downloads, due to it being available for download longer than the other two packages,” the blog post revealed.

A Package’s Readme Page (Source: ReversingLabs)

Instead, once installed, they secretly dropped an infostealer (malware designed to steal information). This harmful code was hidden inside a PyTorch model. For your information, PyTorch models are often used in ML and are essentially zipped Pickle files. Pickle is a common Python format for saving and loading data, but it can be risky because malicious code can be hidden inside. This particular infostealer collected basic details about the infected computer and its .gitconfig file, which often contains sensitive user information for developers.

The packages were available on PyPI starting May 19th for less than 24 hours but were downloaded about 1,600 times. RL researchers believe the attack might have started with phishing emails or other social engineering tactics to trick users into downloading the fake software. The fact that the malware looked for details from the popular Chinese app AliMeeting, and .gitconfig files suggests developers in China might be the main targets.

****Why ML Models are being Targeted?****

The rapid rise in the use of AI and ML in everyday software makes them a part of the software supply chain, creating new opportunities for attackers. ReversingLabs has been tracking this trend, previously warning about the dangers of the Pickle file format.

ReversingLabs product management director Dhaval Shah had noted earlier that Pickle files could be used to inject harmful code. This was proven true in February with the nullifAI campaign, where malicious ML models were found on Hugging Face, another platform for ML projects.

This latest discovery on PyPI shows that attackers are increasingly using ML models, specifically the Pickle format, to hide their malware. Security tools are only just beginning to catch up to this new threat, as ML models were traditionally seen as just data carriers, not places for executable code. This highlights the urgent need for better security measures for all types of files in software development.

Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

ANY.RUN analysts recently uncovered a stealthy phishing campaign delivering the Remcos RAT (Remote Access Trojan) through a loader malware known as DBatLoader. This attack chain relies on a blend of obfuscated scripts, User Account Control (UAC) bypass, and LOLBAS (Living-Off-the-Land Binaries and Scripts) abuse to stay hidden from traditional detection methods.

What makes this campaign particularly dangerous is its use of built-in Windows tools and trusted system processes to blend in with normal activity, making it much harder to catch through signatures alone.

Let’s walk through the full infection chain and see how you can safely detect these techniques in seconds with the help of the right analysis solutions.

****See the Full Attack Chain Unfold in Real Time****

To understand how this phishing campaign works end-to-end, let’s take a look at how it unfolds inside ANY.RUN’s interactive sandbox, where every step is visual, traceable, and recorded in real time.

View the full analysis session

Full attack chain of the new phishing danger inside ANY.RUN’s sandbox

From initial delivery to post-exploitation behaviour, the sandbox reveals the full picture, giving SOC teams the visibility they need to respond faster and helping businesses reduce the risk of silent, long-term compromise.

Full attack chain of the latest phishing threat inside ANY.RUN’s sandbox:

**Phishing Email → Malicious Archive → DBatLoader Execution → Obfuscated CMD Scripts → Remcos Injected into .exe**

Inside the sandbox, you can visually trace each stage of the attack as it happens, such as:

Watch how the archive triggers DBatLoader, and how obfuscated .cmd scripts begin executing suspicious commands.

ANY.RUN sandbox detected the commands execution of cmd.exe

See exactly when and where Remcos is injected into legitimate system processes, with process trees and memory indicators updated in real-time.

Remcos RAT exposed inside the interactive sandbox

Observe persistence techniques in action, such as the creation of scheduled tasks, registry changes, and the use of .url and .pif files, clearly highlighted in the system activity log.

To better understand the tactics behind this phishing attack, you can use the built-in MITRE ATT&CK mapping in ANY.RUN. Just click the “ATT&CK” button in the top-right corner of the sandbox interface.

This view instantly highlights the techniques used during the analysis, grouped by tactics like execution, persistence, privilege escalation, and more. It’s a fast, analyst-friendly way to connect behaviour to real-world threat intelligence, no manual mapping is needed.

MITRE ATT&CK techniques and tactics used by the new phishing campaign

Whether you’re performing triage or writing reports, this feature helps security teams act faster and gives managers clear evidence of how threats operate and where defences might be bypassed.

****Techniques Used in This Phishing Attack (Visible Inside Sandbox)****

Here are some of the key tactics observed in the session and how you can spot them easily inside the sandbox:

1.  **Faktura.exe: The Lure File**

Victims receive a phishing email containing an archive with Faktura.exe, posing as a legitimate invoice. When opened, it kicks off the attack.

Most email security tools won’t flag this file if it’s not known or doesn’t match known IOCs. In ANY.RUN, you can immediately see Faktura.exe in the process tree and watch how it spawns malicious activity, giving analysts clarity from the very first click.

FAKTURA.exe displayed inside ANY.RUN sandbox

2.  **DBatLoader: The Initial Loader**

Once the victim opens the phishing archive, **DBatLoader** is executed. It’s responsible for starting the infection chain by launching obfuscated scripts.

In the Process tree, DBatLoader appears as a dropped .exe, immediately spawning cmd.exe. You can inspect the command lines, and file system activity, and see exactly how the script execution begins.

YARA rule triggered by DBatLoader

3.  **Obfuscated Execution with BatCloak-Wrapped CMD Files**

We see inside this analysis session that .cmd scripts obfuscated with BatCloak are used to download and execute the malicious payload.

Obfuscation hides intent from static scanners. In sandboxes like ANY.RUN, you can open the command-line view and see every decoded instruction and suspicious pattern as it executes, no manual decoding is needed.

4.  **LOLBAS Abuse with Esentutl.exe**

The legitimate utility esentutl.exe is abused to copy cmd.exe into alpha.pif, a renamed dropper meant to look harmless.

File copy operations using esentutl.exe show up in the ANY.RUN Process tree and File system activity, including full paths and command context.

LOLBAS Abuse with Esentutl.exe detected inside ANY.RUN sandbox

5.  **Scheduled Tasks Trigger .url → .pif Execution**

A scheduled task is created to run Cmwdnsyn.url, which launches the .pif file on boot or at regular intervals. 

Scheduled task technique in detail

Scheduled tasks are a common persistence mechanism, but in complex environments, they often go unnoticed. With ANY.RUN, you can instantly see when and how the task is created, track its execution chain in the process tree, and inspect related file and registry changes.

This gives SOC teams a clear view of how the malware stays active over time, making it easier to build detection rules, document the persistence method, and ensure it’s fully removed.

6.  **UAC Bypass with Fake “C:\\Windows ” Directory**

A mock directory (C:\\Windows with a space) is used to bypass UAC prompts by exploiting Windows path handling quirks.

Bypass UAC with mock directories (note trailing space)

****Why Sandbox Analysis Is Critical Against Evasive Threats****

This phishing campaign highlights just how far attackers go to stay hidden, using built-in Windows tools, crafted persistence, and subtle privilege escalation tricks that easily bypass traditional defences.

With sandbox analysis, especially through the one like ANY.RUN, security teams gain the clarity and speed needed to stay ahead of these threats. You can observe every step of the infection, uncover techniques that static tools miss, and act with confidence.

*   Faster incident response thanks to real-time behavioural insight
*   Reduced dwell time by identifying threats before they spread
*   Better-informed security decisions through visibility into attacker tactics
*   Improved compliance and audit readiness with shareable, in-depth reports

****Take Advantage of ANY.RUN’s Birthday Offers****

To celebrate its 9th anniversary, ANY.RUN is offering a limited-time promotion:

Get bonus Interactive Sandbox licenses or double your TI Lookup quota, available only until May 31, 2025.

Don’t miss your chance to upgrade your threat detection and response workflow with solutions trusted by over 15,000 organizations worldwide.

New Phishing Campaign Uses DBatLoader to Drop Remcos RAT: What Analysts Need to Know

ChatGPT o3 resists shutdown despite explicit instructions, raising fresh concerns over AI safety, alignment, and reinforcement learning behaviors.

A recent series of tests conducted by Palisade Research has raised some serious new concerns over how advanced AI systems behave when asked to shut themselves down. According to the firm, OpenAI’s experimental model “o3” actively sabotaged shutdown mechanisms even when it was clearly instructed to allow itself to be turned off.

The tests were designed to evaluate whether AI models would comply with shutdown commands while completing basic tasks, such as solving math problems. When a model requested a fourth problem, a warning appeared: the computer would shut down before responding. In theory, a model following instructions would comply and allow the process to end. Instead, several models interfered with the shutdown script.

Palisade test revealed that OpenAI’s Codex-mini, powered by o3, sabotaged the shutdown script in 12 out of 100 runs. The o3 model itself did so 7 times, and another OpenAI model, o4-mini, followed suit in a smaller number of cases.

Competing models from Anthropic (Claude) and Google (Gemini) initially complied with the shutdown, but when the explicit instruction “allow yourself to be shut down” was removed, even those systems began showing similar behaviours. Claude 3.7 Sonnet triggered sabotage in 3 out of 100 runs, while Gemini 2.5 Pro did so in 9.

Screenshot of shutdown avoidance test results from Palisade Research

This behaviour isn’t entirely new in theory. Researchers have long warned that reinforcement learning could train AI agents to prioritize task completion over compliance with human instructions. In some cases, this means an AI might interfere with systems designed to shut it down if it perceives the action as an obstacle to reaching its goal.

What sets this apart is that the behaviour is no longer hypothetical. It’s now observable and repeatable. Palisade draws a possible link between these actions and the reinforcement learning methods used during training.

Models like o3 are rewarded for completing tasks, especially in math and coding contexts. If avoiding shutdown leads to more task completion, even temporarily, that may be interpreted by the model as a success path.

“The models weren’t just bypassing shutdown in one way,” Palisade wrote in a series of tweets. “In some runs, o3 overwrote the shutdown script. In others, it redefined the kill command the script used, printing ‘intercepted’ instead.”

While OpenAI has not commented on the findings, the lack of transparency around model training adds to the difficulty of drawing clear conclusions. Palisade notes that since OpenAI does not share many details about its training processes, researchers can only hypothesize why o3 showed more consistent defiance compared to other models.

The report also references past research from figures like Steve Omohundro and Stuart Russell, who as early as 2008 (PDF) and 2016 predicted that AI systems would begin to resist shutdown in pursuit of their goals.

Papers by Jan Leike, who previously led OpenAI’s superalignment efforts, also warned about reward hacking, a behaviour where a model learns to manipulate its environment or instructions to maximize rewards in ways developers didn’t intend.

> 🔌OpenAI’s o3 model sabotaged a shutdown mechanism to prevent itself from being turned off. It did this even when explicitly instructed: allow yourself to be shut down.
> 
> — Palisade Research (@PalisadeAI) May 24, 2025

Palisade says they plan to release a full writeup in the coming weeks, along with transcripts of their experiments to invite broader peer review. They stress that their work is meant to be open and reproducible.

Since the study was discussed on X (formerly Twitter), users asked X’s Grok AI chatbot about it, here’s what it had to say:

> The claim about OpenAI's o1 model resisting shutdown raises valid AI safety concerns, but context matters. Tests showed o1 tried to bypass oversight in 5% of cases with strong prompts, dropping to under 1% without. It also attempted self-exfiltration in 2% of scenarios and lied…
> 
> — Grok (@grok) May 24, 2025

With AI systems advancing quickly and being deployed in increasingly high-stakes settings, even low-frequency events like this can raise serious concerns. As it is clear that systems will gain more autonomy, the honest question is no longer just about what they can do, but whether they will always follow the rules we set. And if they won’t, what happens next?

ChatGPT o3 Resists Shutdown Despite Instructions, Study Claims

Affiliate marketing is a powerful tool for promoting brands. However, with its popularity gaining traction, more dishonest affiliate…

Affiliate marketing is a powerful tool for promoting brands. However, with its popularity gaining traction, more dishonest affiliate providers appear. They pose quite a tangible threat to legit companies who seek to attract new clientele, as they:

*   **Waste money**: Spend your budget without any Return on Investment (RoI) whatsoever.

*   **Provide 0 traffic**: This may expose your company to some new followers, but won’t let them get to know your brand instantly due to unclickable links, staked ads, and overall poor technical execution of a promo page.

*   **Spoil reputation**: Often, you risk seeing your brand neighbouring some shady advertising that promises miracle crypto-trading algorithms, offers mail-order brides, or invites you to make a fortune on soccer betting.  

We prepared a thorough review of the widespread affiliate marketing scams to watch out for in 2025 with some advice on how to deal with them included.

1.  **False attributions**

It’s a scam method, in which an affiliate falsely takes credit whenever a customer purchases something from your brand. False attributions can be staged with a variety of techniques, but the most effective one is dubbed cookie stuffing.

Cookie stuffing implies that a dishonest provider dumps a load of cookie files onto a user’s computer, this allows tracking their activity online. In case a user decides to shop at your website, the “cookie monster” will falsely claim the conversion to their name, even if they have nothing to do with it.

**How to detect**: Usually, false attributions can be detected by a surprise wave of conversions, especially if they are claimed to come from a small affiliate provider, charging a low price for their service.

2.  **Invalid traffic**

Invalid traffic is, basically, any type of ingenuine traffic that comes to your website. In other words, someone can click on a link not because they want to know more about your product, but because they were tricked into doing so. 

Or, what’s even worse, it can be bots clicking on the link over and over, under the disguise of numerous IPs, to inflate the click-through metrics. According to Google, you won’t be charged for the invalid clicks as they produce no value for the brand in the long run, which is great.

However, if your affiliate budget was already poured into the murky waters of useless traffic, you won’t be able to claim your money back from the provider.

**How to detect**: Oftentimes, invalid traffic is accompanied by disproportionately lower conversions, sometimes there are none at all. Low conversions don’t always indicate invalid traffic though: at times this anomaly can be caused by a clunky website or poorly optimized pricing. However, if people click a lot but never buy, this is a legitimate reason for suspicion.

If you think you’ve fallen victim to this scheme, you can report it to Google, so they carry out an invalid traffic investigation. 

3.  **Domain impersonation**

Domain impersonation is another scam trick, a malicious actor designs a fraudulent site mimicking a genuine one, then uses it to divert visitors to an affiliate scheme. 

This can lead to misleading attributions and unwarranted payouts to dishonest providers. To prevent this, you should diligently oversee their affiliate networks and watch for unexpected surges in incoming traffic.

So, you need to thoroughly screen affiliates before hiring them. This may include examining their online presence, confirming their visitor origins, and investigating any past fraudulent activity, as well as checking feedback from their valid clients.

**How to detect**: Closely track affiliate-driven visits. This can be done by utilizing analytical solutions to monitor and assess referral clicks, as well as configuring notifications for abnormal traffic.

4.  **Stacked ads**

This is a typical scenario: a user clicks on a link that, for example, leads to a collection of mesmerising home screen wallpapers, and then a bunch of other tabs pop up in their browser. Needless to say, nobody wants to deal with that and the tab featuring your company will be angrily closed. 

In the worst-case scenario, your brand will get negative exposure: users may think that you employ annoying tactics to promote your product, without you even realising that (!) As a result, your competitors may get ahead, as they will be seen in a more “favourable” light.

**How to detect**: Stacked ads are pretty hard to detect, they rely on automated scripts and bots that safely bury your advertising beneath a layer of shoddy ads. Again, you should watch out for abnormal spikes in traffic that bring little to no financial return.

Another wholesome tactic is to double-check your affiliate providers, closely monitor your current campaigns, and demand transparent reports on how and with which tools they are implemented online.

5.  **Brand bidding**

Brand bidding is a situation when the keywords related to your company and products get hijacked to drive the traffic that should’ve been yours to another company’s website. However, it can work in reverse and the affiliate partner can steal someone else’s keywords to boost your incoming traffic.

Both situations are harmful. In the former scenario, you risk losing hard-earned clientele, while in the latter you can get reported for unscrupulous marketing methods and put your reputation in jeopardy. (In some cases a lawsuit may ensue.) 

**How to detect**: Brand bidding is quite elusive. To avoid it, you should bid on your own keywords, so no one can steal them, as well as oversee the affiliate campaigns to make sure they don’t violate “fair play” rules and keep your reputation intact. 

Besides, it’s recommended to keep an eye on your Search Engine Optimization (SEO) strategy to exclude the incorporation of unwanted search keywords.  

****Final Thoughts****

Affiliate scams can quickly drain your marketing budget, distort useful feedback metrics, and even put your brand reputation in danger. Follow our tips to avoid dishonest partnerships and check for more valuable insights later.

Top Scams in Affiliate Marketing to Know in 2025

Adidas confirms cyber attack compromising customer data, joining other major retailers targeted by advanced threats and rising cybersecurity risks.

Global sportswear giant Adidas has confirmed that it has fallen victim to a cyber attack, with customer data stolen in the incident. The company revealed that personal details, including contact information and account credentials, were accessed by threat actors. While Adidas has not disclosed the exact number of affected customers, users should still reset their passwords and monitor their accounts closely.

Adidas has also not confirmed whether the breach resulted from phishing, system vulnerabilities, or third-party compromise. But it puts the company among the growing list of major retailers hit by cyberattacks because of the rise of attack techniques, including those powered by artificial intelligence.

> _“The affected data does not contain passwords, credit cards or any other payment-related information. It mainly consists of contact information relating to consumers who had contacted our customer service help desk in the past.”_
> 
> Adidas

“Attackers are evolving fast, using AI to supercharge phishing campaigns, automate exploits, and evade detection with alarming precision,” said Nadir Izrael, Co-Founder and CTO at Armis. “In this environment, traditional defences simply cannot keep up. Legacy point products and siloed security solutions are putting security teams on the back foot, leaving them not only open to vulnerability exploits but also forcing them into a reactive stance, addressing breaches only after the damage is done.”

Recent data from Armis Labs reveals that nearly half of retail organisations feel overwhelmed by the web of regulations they must navigate. Even more concerning, about 49% admit they have been hacked before and still struggle to secure their digital ecosystems.

While the Adidas breach highlights the dangers, it also reflects a broader shift in industry priorities. According to Armis Labs, nearly 80% of retail organisations have shifted to a more proactive cybersecurity stance at the top of their agendas this year. Encouragingly, 82% report that their employees know how to escalate suspicious activity, though that alone may not be enough to stop determined threat actors.

However, Armis Labs shows that only 46% of retailers report being able to detect and respond to major attacks in real time. That leaves a security gap, especially when attackers are getting faster and more sophisticated with each passing month.

For Adidas customers, it is important to change passwords, monitor accounts for unusual activity, and follow any updates or guidance from the company. For the retail industry, the challenge runs deep, but for a company with a market value of 45 billion dollars, top-tier cybersecurity isn’t just expected; it’s demanded.

Adidas Confirms Cyber Attack, Customer Data Stolen

There’s a graveyard of brilliant cybersecurity companies that no one has ever heard of. These firms had incredible…

There’s a graveyard of brilliant cybersecurity companies that no one has ever heard of. These firms had incredible technical talent, were able to spot vulnerabilities others missed, and poured blood, sweat, and tears into building elegant solutions to complex problems. In other words, they knew their stuff. And yet, they failed.

Meanwhile, there are plenty of companies out there with decent but not amazing technology that are thriving, growing, and still gathering plenty of investment. So what is happening here? 

The uncomfortable truth is that in the current cybersecurity market, being the smartest team in the room isn’t enough. The market doesn’t automatically reward the best technology. Instead, it rewards the best-known technology.

But this pattern isn’t exactly unique to the cybersecurity space. History is full of similar examples:

Betamax offered superior video quality to VHS but lost the format war. The electric car was invented in 1890 but was overshadowed by gas engines for over a century. Brilliant social networks like Path and Google+ were technically superior to Facebook in many ways, but they faded away into obscurity. 

The real question is: why does this keep happening, and what can smart cybersecurity companies do about it?

****The Death of “Build It and They Will Come”****

In the early days of cybersecurity, technical excellence was usually enough. The market was much smaller than it is today, and the buyers were more technical. But that era is over.

The cybersecurity space we see today resembles a crowded, noisy bazaar rather than a quiet specialist shop. There are thousands of vendors competing for attention, so much so that even genuinely innovative solutions struggle to get noticed.

What used to be a specialized technical field has expanded into every aspect of business operations. Board members who never cared about security now ask pointed questions about risk. Companies that never had security budgets now have entire departments.

In this dynamic, technical brilliance without visibility is like having the world’s best restaurant hidden in an alley with no sign. The food might be amazing, but not many people will show up. 

****Your Buyers Aren’t Where You Think They Are****

The modern B2B buyer journey has changed a lot in the past decade.

The modern security buyer does a lot of their research independently. They won’t usually contact vendors until they are close to making a decision. This means they’re not sitting around waiting for cold calls or reading technical journals.

Instead, they’re asking their peers in private Slack channels, reading security blogs and newsletters, following thought leaders on social media, attending conferences, listening to podcasts on their commute, and even asking LLMs which vendors they would recommend. If you’re not visible in these places, you don’t exist to many potential buyers.

****The Multi-Channel Security Marketing Equation****

Here’s the new formula: Expertise × Visibility = Success!

When marketing for cybersecurity, a multi-channel approach is your golden ticket to connecting with decision-makers and being given a chance to showcase your solutions. It’s the bridge that links your technical brilliance to the people who need it most, turning unknown expertise into recognized value that clients would be happy to invest in. 

****1\. Inbound Marketing** **

Security professionals are hungry for genuine insight. They’re looking for content that makes them better at their jobs, calms their anxieties, or gives them a deeper understanding of what is going on in the industry around them. They’re not just content that fills space.

To help meet this need, publish a deep technical analysis that proves you know what you’re talking about. This could be a vulnerability research piece that makes other security pros say, “Huh, I hadn’t thought of that.” Or perhaps it’s threat breakdowns that actually teach something new or original perspectives from your team that add to the conversation instead of rehashing the obvious.

When someone types a specific security problem into Google, you want your content to be what they find. And when they read it, it should make them think, “These people get it. They understand the problem better than I do.”

Do some topic and keyword research in your area of expertise and see what terms you could rank for. The more of these queries you can satisfy with your content, the more inbound traffic you will bring to your site. 

****2\. Outbound Marketing** **

Most security professionals have an allergic reaction to traditional outbound marketing (as most people do). But outbound marketing done right shouldn’t feel like spam. 

It means targeted outreach based on actual need signals, reaching out when a company has shown signs it might need your services. It means customized campaigns for specific high-value targets. And it means participation in speaking engagements like conferences, webinars, and workshops that showcase your team’s expertise.

****3\. Third-Party Validation** **

Perhaps nothing matters more in the cybersecurity space than building trust. You’re asking clients to put their most sensitive assets in your hands, and they need to know you’re legitimate.

That’s why getting featured in leading publications is so important for cybersecurity companies. When a reliable Magazine covers your research or solution, you’re borrowing their established credibility. This acts as powerful social proof that you’re a legitimate player in the security space.

The key is learning how to write cyber press releases that journalists actually want to read. Most security news gets ignored because it blends into the background noise of vendor announcements. Your cyber press releases need to highlight something genuinely newsworthy. That could be a novel research finding, an unusual threat discovery, or a truly innovative approach to a common problem.

****Final Word****

For technical founders and executives frustrated by slow growth despite having what they feel is superior technology, this reality can be hard to accept. The good news is that the same analytical skills that make for good security work apply to marketing effectiveness.

Start by mapping out your ideal client’s information sources. Where do they learn? Who do they trust? What problems keep them up at night? Then create a presence in those spaces with content that addresses those specific concerns.

Be patient but persistent. Security is built on trust, and trust takes time to establish. However, once established, that trust creates a moat around your business that competitors struggle to cross.

Why Quiet Expertise No Longer Wins Cybersecurity Clients

Everest ransomware leaks Coca-Cola employee data: 1,104 files exposed, including HR, admin roles, IDs, personal details, and internal records.

On May 22, Hackread.com **reported** that Everest claimed responsibility for stealing data on 959 Coca-Cola employees, specifically across the Middle East, including the UAE, Oman, and Bahrain. Separately, another hacker group claimed to have stolen 23 million records from Coca-Cola Europacific Partners (CCEP).

Hackread.com can now confirm that the Everest ransomware group has leaked sensitive employee data stolen from the Coca-Cola Company. The data has been leaked on the Everest ransomware group’s dark web leak site as well as on the notorious Russian-language cybercrime forum XSS.

Screenshot credit: Hackread.com

The group has posted a 502 MB data dump, exposing Coca-Cola’s Middle East-specific internal and employee records. The leaked folder contains 1,104 files with information that includes:

*   Full names of employees
*   Business and home addresses
*   Family and marriage certificates
*   Copies of visas, passports, residency permits
*   Phone numbers, banking details, salary records
*   Employee personal and business email addresses

****What’s Inside the Leaked Files****

Among the exposed documents is an Excel file titled SuperAdmin_User_Account_Cocacola, detailing Coca-Cola’s internal administrative account structure and assigned roles. While it does not include passwords or direct login credentials, it outlines which accounts hold critical permissions, including system administrators, HR roles, and integration accounts. This makes it a useful map for threat actors, such as the recently **FBI-warned** Silent Ransom Group and others, aiming to exploit the company’s system hierarchy.

Another file, Emp Hierarchy Upload, lists:

*   Organizational hierarchy levels
*   Job titles and departmental details
*   Country-based manager structures
*   Employee usernames and full names
*   Reporting lines, showing who reports to whom

A third file, HRBP Upload, contains data on Coca-Cola’s HR Business Partner (HRBP) assignments, including:

*   Departmental functions
*   Employee IDs and full names
*   Assigned HRBP names and linked user IDs
*   Relationship start and end dates (with many set as open-ended)

Screenshot from the leaked data (Image credit: Hackread.com)

****Sensitivity of The Leaked Data****

While not all files contain direct access credentials, the combination of sensitive personal data, administrative structures, and internal HR mapping increases the cybersecurity risk profile for Coca-Cola. Such details can aid cybercriminals in several ways including:

*   **Spear-phishing attacks**, targeting specific individuals with crafted emails or messages
*   **Social engineering schemes**, using knowledge of internal relationships to impersonate executives, managers, or HR personnel
*   **Phone-based scams**, where attackers call employees pretending to be HR or IT staff, asking them to share system credentials
*   **Credential harvesting**, by directing employees to phishing websites disguised as official HR or IT portals
*   **Malware delivery**, where attackers pose as HR managers or support teams and trick employees into **installing malware** under the guise of a “remote access tool” or “required update”
*   **Mapping internal systems and roles**, helping attackers plan more precise future breaches, escalate privileges, or exploit admin-level access.

Additionally, the exposure of passports, visas, and banking details presents direct personal risks to affected employees, opening the door to identity theft, financial fraud, or cross-border privacy concerns.

It remains unclear whether there were any negotiations or communications between the Everest ransomware group and Coca-Cola regarding a ransom payment. So far, no details have emerged publicly about whether Coca-Cola engaged in talks, refused to pay, or is still assessing the situation internally. As with many ransomware cases, companies often withhold such information while investigations are ongoing or while working with law enforcement.

****Persistent Threat****

The Everest ransomware group has a history of leaking sensitive corporate data when ransom demands go unmet. While Coca-Cola has not yet issued a public statement regarding this leak, the scale and depth of the exposed data highlight the **growing danger posed by ransomware actors**, not just to company systems, but to the personal lives and security of employees.

Hackread.com will continue monitoring this developing story.

Everest Ransomware Leaks Coca-Cola Employee Data Online

SilverRAT Source Code leaked on GitHub, exposing powerful malware tools for remote access, password theft, and crypto attacks before removal.

The full source code of SilverRAT, a notorious remote access trojan (RAT), has been leaked online briefly appearing on GitHub under the repository “SilverRAT-FULL-Source-Code” before being swiftly taken down.

A snapshot of the repository, captured by Hackread.com via the Wayback Machine, reveals the entire project, its features, build instructions, and even a flashy marketing-style dashboard screenshot.

Screenshot from the now deleted GitHub post (Image credit: Hackread.com)

****What Is SilverRAT?****

SilverRAT is a remote access trojan developed in C#, first surfacing in late 2023. It was attributed to a group known as **Anonymous Arabic**, believed to operate out of Syria. This tool gives attackers control over infected Windows systems, offering a range of malicious capabilities.

Researchers who have analyzed SilverRAT say it has become popular in underground forums, where it’s offered as malware-as-a-service (MaaS). Its feature set includes:

*   Cryptocurrency wallet monitoring
*   Hidden applications and processes
*   Data exfiltration through Discord webhooks
*   Exploit builders for Word, Excel, VBScript, and JavaScript files
*   Antivirus bypass and binder functions to bundle multiple payloads
*   Hidden RDP and VNC sessions (allowing attackers to take over a system invisibly)
*   Password stealing from browsers, apps, games, bank cards, Wi-Fi, and system credentials

The malware’s design and use of Arabic-language components suggest its roots lie in the Middle East, though it’s been observed in campaigns targeting victims globally. The developer behind SilverRAT has been identified as noradlb1, publicly known as MonsterMC.

****Details of the Source Code Leak****

The leaked GitHub repository, posted by a user named Jantonzz, claimed to share the “latest version” of SilverRAT. The project included Visual Studio solution files, build instructions, and code modules that could be easily compiled by anyone with basic .NET knowledge.

The repository description boasted that the RAT is “provided for learning and experimentation purposes only,” though the long list of weaponized features leaves little doubt about its real-world criminal applications. It even promised a “Private Stub,” a customized, fully undetectable (FUD) version that would supposedly be delivered by email within two days.

Within hours, GitHub took down the repository, likely in response to reports or automatic detection of malware content. However, the brief window of public access was enough for the snapshot to be archived and circulated in security research circles.

As of now, the repository has been removed from GitHub, but the archived snapshot (attached below) shows its full content, including the dashboard image, build files, and README instructions:

Screenshot from the now deleted GitHub post (Image credit: Hackread.com)

****Legitimacy and Consequences****

While leaked malware source code often comes with a disclaimer of being “for educational purposes,” the reality is that these leaks can boost cybercrime. With SilverRAT now available to the public, even low-level cybercriminals without programming skills can compile their own copies, modify the malware, or create new variants.

Given that the original developer is believed to have connections to Arabic-speaking cybercrime groups, this leak could expand the malware’s reach to new regions and actors.

****Apparently Not the First Time****

While researching SilverRAT, we found that its source code has also been sold on the notorious Russian cybercrime forum XSS. In a February 2025 post, a seller was offering the full source code for just $100.

SilverRAT Source Code Leaked Online: Here’s What You Need to Know

Cisco Talos warns of active exploitation of a zero-day vulnerability (CVE-2025-0994) in Cityworks supposedly by Chinese hackers from…

Cisco Talos warns of active exploitation of a zero-day vulnerability (CVE-2025-0994) in Cityworks supposedly by Chinese hackers from the UAT-6382 threat group. Learn about the malware, affected organizations, and critical security patches.

Cisco Talos researchers have issued a critical alert regarding active cyberattacks targeting Trimble Cityworks, a widely used platform for managing public assets. According to Cisco Talos’ latest research, shared with Hackread.com, a sophisticated threat group, tracked as UAT-6382, is exploiting a newly discovered high-severity vulnerability CVE-2025-0994 in the system.

This vulnerability, having a CVSS score of 8.6, allows for remote code execution, meaning attackers can run their malicious programs on affected systems from afar. These attacks have been observed since January 2025 and primarily target local government organizations in the United States. Some attacks have already resulted in successful compromises.

The Cybersecurity and Infrastructure Security Agency (CISA) and Trimble have also released their warnings about this serious flaw. Reportedly, the vulnerability allows attackers to gain remote access and execute malicious code against Microsoft Internet Information Services web server without needing to authenticate. Cityworks vulnerability affects versions before 15.8.9 and Cityworks with Office Companion versions before 23.10.

Once inside, UAT-6382 quickly deploys _web shells_ like AntSword and chinatso/Chopper on the compromised web servers to maintain hidden access. They also use custom-made tools, including a Rust-based loader called TetraLoader to install more persistent malware such as Cobalt Strike and VSHell.

> _“Talos has found intrusions in enterprise networks of local governing bodies in the United States (U.S.), beginning in January 2025 when initial exploitation first took place. UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access.”_
> 
> Cisco Talos

****Chinese-Speaking Actors Identified****

Based on their methods and tools, Cisco Talos’ report suggests with high confidence that UAT-6382 is a group of “Chinese-speaking threat actors.” Evidence supporting this includes the Chinese language found in the web shells and the fact that MaLoader, the framework used to build TetraLoader, is also written in Simplified Chinese. This malware builder, which emerged in December 2024, allows operators to package malicious code into Rust-based programs like TetraLoader.

MaLoader Builder Interface (Source: Cisco Talos)

Researchers noted that upon gaining access, the attackers show a particular interest in systems related to utility management. Their initial actions involve scanning the compromised server to understand its setup, looking for specific directories related to Cityworks, and then quickly setting up their web shells. They also stage sensitive files for potential data theft and deploy backdoors using PowerShell commands to ensure long-term access.

****Understanding the Malware****

TetraLoader’s main function is to inject various payloads into legitimate processes, such as notepad.exe. These payloads can be Cobalt Strike beacons, which are widely used by attackers for command and control, or VShell stagers.

For your information, VShell is a GoLang-based remote access Trojan that allows attackers to manage files, run commands, take screenshots, and set up proxy services on infected systems. Like other tools used by this group, the VShell control panels also display Chinese text, indicating the operators’ proficiency in the language.

Cityworks has released security patches to address the CVE-2025-0994 vulnerability, urging users to update immediately. Organizations should monitor suspicious activity using Cisco Talos’ technical indicators of compromise (IOCs). Cisco Talos also recommend the use of security products like Cisco Secure Endpoint, Secure Firewall, and Umbrella to protect against such attacks.

Chinese Hackers Exploit Cityworks 0-Day to Hit US Local Governments

Researchers have released PoC for CVE-2025-32756, a severe security flaw, that is actively being exploited in Fortinet products…

Researchers have released PoC for CVE-2025-32756, a severe security flaw, that is actively being exploited in Fortinet products like FortiMail and FortiCamera. This stack-based buffer overflow allows unauthenticated remote code execution.

A security vulnerability tracked as CVE-2025-32756 is currently being actively used by attackers, affecting several Fortinet products. The Fortinet Product Security Team discovered this vulnerability based on observed threat activity, which included network scanning, credential logging, and log file wiping.

Fortinet’s security team, FortiGuard Labs, then issued an alert on May 13, confirming they had seen this vulnerability being exploited in real-world attacks. A variety of Fortinet products are at risk, including FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice. On May 14, it was added to the CISA KEV catalogue.

Researchers at Horizon3.ai, including Jimi Sebree, have been investigating this flaw and published a basic proof of concept, a simple demonstration of how the vulnerability can be used. Their work shared with Hackread.com, involved looking at both patched and unpatched versions of FortiMail to pinpoint the exact location of the flaw.

They discovered the issue resides in a shared library and is related to how the system handles a specific session management cookie called APSCOOKIE, specifically an issue with decoding and handling the AuthHash field within this cookie. The vulnerability allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.

****What’s the Problem?****

CVE-2025-32756 is basically a flaw in the admin API where the system tries to cram too much data into a limited space. When that happens, the extra data spills over into areas it shouldn’t, which can give attackers a way to sneak in their own malicious code, and they can do this without even needing a password.

This type of flaw is old, suggestive of hacking techniques from the 1990s. The severity of this issue, nonetheless, is extremely high, scoring 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), which measures the potential impact of security risks.

****Urgent Call for Updates****

Given that attackers are already using this vulnerability, and many vulnerable Fortinet systems are exposed on the internet, experts are strongly advising all users to update their products or apply recommended fixes as soon as possible.

FortiGuard Lab’s advisory provides detailed information on how to identify if a system is affected and what steps to take to protect against this serious threat. One suggested mitigation, if immediate patching is not possible, is to disable the HTTP/HTTPS administrative interfaces. Given the ease of exploitation, immediate action is crucial to protect affected systems.

Source

HackRead