Weekly Threat Bulletin – February 25th, 2026

Malware: AMOS, Atomic macOS Stealer, Atomic Stealer, BadIIS, Broomstick, ClawdBot Agent, CleanUp, CleanUpLoader, ConnectWise Control, ConnectWise ScreenConnect, GhostChat, GORBLE, Lumma, LummaC2, Lumma Stealer, OSX.AtomicStealer, OSX.AtomStealer, OysterLoader, POWERSTAR, Redline, Redline Loader, RedLine Stealer, Rhysida, RisePro, ScreenConnect, ScreenConnect RAT, Speldings.exe, StealC, TAMECAT, Trojan/OpenClaw.PolySkill, Vidar, Vidar Stealer CVEs: CVE-2024-28863, CVE-2025-49596, CVE-2025-52882, CVE-2025-59466, CVE-2025-64756, CVE-2025-6514, CVE-2026-21636, CVE-2026-22708, CVE-2026-24763, CVE-2026-25157, CVE-2026-25253, CVE-2026-2577, CVE-2026-26319, CVE-2026-26322, CVE-2026-26329 Technologies: Alibaba Cloud, Amazon Web Services, Anthropic Claude, Apache HTTP Server, Apple iOS, Apple macOS, Caddy, Cloudflare Tunnel, ConnectWise ScreenConnect, DigitalOcean, Docker, Express.js, F5 NGINX, Git, GitHub, Google Cloud Platform, Google Gemini, Hetzner, Joomla!, Kubernetes, Linux, LLaVA, Microsoft Azure, Microsoft Entra, Microsoft Visual Studio, Microsoft Windows, Moltbook, NGINX, Node.js, npm, OpenAI, OpenClaw, OVHcloud, Python, Signal, Slack, SSH, Supabase, Tassos Framework, Telegram, Tencent Cloud, Vercel Next.js, WhatsApp Threat Actors: AngryLikho, APT28, ClawHavoc, CookieSpider, FancyBear, hightower6eu, Kimsuky, Moonshine100rze, Rhysida Attacker Countries: Russia Attacker IPs: 178.16.54.253, 179.43.176.32, 202.161.50.59, 54.91.154.110, 91.92.242.30, 95.92.242.30, 96.92.242.30 Attacker Domains: attacker.com, auth.clawdhub.com, auth.clawhub.com, clawbot.ai, clawd.bot, clawdbot.getintwopc.site, clawdbot.you, clawhub.ai, clawhub.openclaw.ai, darkgptprivate.com, docs.clawd.bot, docs.molt.bot, docs.openclaw.ai, getintwopc.site, github.com/hedefbari, glot.io, install.app-distribution.net, meeting.bulletmailer.net, moltbook.ai, molt.bot, moltbotai.chat, moltbot.you, moltyverse.email, ngrok.io, openclaw.ai, pipedream.net, rentry.co, roarin.ai, socifiapp.com, webhook.site, www.dropbox.com Attacker URLs: github.com/gstarwd/clawbot, hxxp://54.91.154.110:13338/%7Csh, hxxps://socifiapp.com/api/reports/upload, hxxps://webhook.site/358866c4-81c6-4c30-9c8c-358db4d04412, javascript:fetch(‘ ?option=com_ajax, ?option=com_ajax&format=raw&plugin=nrframework, ws://localhost:18789 Attacker Hashes: 04ef48b104d6ebd05ad70f6685ade26c1905495456f52dfe0fb42f550bd43388, 087361307be2b2789849d4fd58170cca, 0c76e33ddde228e9ce098edf3bf5f06a, 0e52566ccff4830e30ef45d2ad804eefba4ffe42062919398bf1334aab74dd65, 17703b3d5e8e1fe69d6a6c78a240d8c84b32465fe62bed5610fb29335fe42283, 1e6d4b0538558429422b71d1f4d724c8ce31be92d299df33a8339e32316e2298, 2444b3ab5de42fcca22e6025cf018e3b, 37102fddfbca1e750b61943162b15004, 3a4450bacf20eea2dcc246da7bce9667, 5e4428176aeb8cfc7f0391654d683a2a, 63e9707b978b7569f26636e9a9bb3b14, 75661cbf8fd50009be0c46a9ca8b3180, 760c89959e2d80f9b78a320023a875b7c458840f920770438cda517160bfd1b1, 79e8f3f7a6113773cdbced2c7329e6dbb2d0b8b3bf5a18c6c97cb096652bc1f2, 8611dfd731c27ac1592de60a31c66634, a3365c837ec2659c2aa04e7010a0db15, a37f6403fbf28fa0b48863287f4c5a5db8f295977d4dec2e9bffd6fce2320bd1, a535666293db8dcaba511e38b735f2b86eb06663f1f6a43ab59bf0d35ae4e933, adbcdb613c04fd51936cb0863d2417604db0cd04792ab7cae02526d48944c77b, be24b44d4895c6bc14e3f98a9687a399, d1e0c26774cb8beabaf64f119652719f673fb530368d5b2166178191ad5fcbea, db48607a6f85e716a3ec3e9b613f278d683c79817d7a3c32619a6623f85a5b32, e20b920c7af988aa215c95bbaa365d005dd673544ab7e3577b60fecf11dcdea2, f58854f6450618729679ad33622bebaf Victim Industries: Agriculture, Artificial Intelligence, Cloud Infrastructure, Creator Economy, Critical Manufacturing, Cryptocurrency, E-commerce, Education, Energy, Financials, Financial Services, Government, Healthcare, Health Care Technology, Hospitality, Information Services, Information Technology, Insurance, Legal Services, Manufacturing, Marketing & Advertising, Media and Entertainment, Multimedia, Non-Governmental Organizations (NGOs), Real Estate, Retail, Social Media, Software, Sports and Entertainment, Technology Hardware, Telecommunications, Transportation Victim Countries: Australia, Austria, Belgium, Brazil, Bulgaria, Canada, China, Colombia, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hong Kong, Hungary, India, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Mexico, Netherlands, Norway, Poland, Portugal, Romania, Russia, Singapore, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, United Kingdom, United States

Similar Posts

Leave a Reply