Airstalk Malware: Sophisticated Windows Threat Exploits MDM

Cybersecurity researchers have uncovered Airstalk, a sophisticated Windows malware family available in PowerShell and .NET variants. The malware, linked to a nation-state threat actor, uses legitimate mobile device management infrastructure for covert command-and-control communications. It targets sensitive browser credentials and employs advanced evasion techniques, including the use of a likely stolen certificate. The malware's sophisticated design suggests a well-resourced adversary with advanced capabilities. Organizations utilizing business process outsourcing services are particularly at risk due to the malware's supply chain attack vector.

Latest mentioned: 10-30

Earliest mentioned: 10-29

Sources

gbhackers.com paloaltonetworks.com

Also Read

Beast Ransomware Emerges as Major Cyber Threat

Beast ransomware, a sophisticated Ransomware-as-a-Service (RaaS) operation, has emerged as a significant cybersecurity threat. It employs aggressive network propagation tactics using SMB port scanning to infiltrate and encrypt systems across enterprise environments. The ransomware has targeted organizations worldwide since July 2025, affecting diverse sectors including manufacturing, healthcare, and education. It uses phishing campaigns and the Vidar Infostealer to gain initial access. The malware includes geofencing logic to exclude certain regions, suggesting connections to specific geographical areas. It utilizes the ChaCha20 algorithm for encryption and includes a hidden GUI for manual control. Organizations must prioritize preventive measures and early detection capabilities to defend against this threat.

10-29Read more →