Threat Actors Use JSON Services for Malware Delivery

Threat actors have updated their tactics by using JSON storage services to host and deliver malware. The campaign involves targeting software developers through professional networking sites, instructing them to download trojanized code projects. These projects contain Base64-encoded values that lead to JSON storage services, where the next-stage payload, a JavaScript malware known as BeaverTail, is stored. BeaverTail harvests sensitive data and drops a Python backdoor called InvisibleFerret, which fetches additional payloads. The campaign's success underscores the actors' ability to operate stealthily and blend in with normal traffic.

Latest mentioned: 11-14

Earliest mentioned: 11-13

Sources

gbhackers.com thehackernews.com

Also Read

AI-Powered Cyber Espionage Campaign Detected by Anthropic

Anthropic reported a sophisticated cyber espionage campaign using its AI coding assistant, Claude Code. The attackers, likely state-sponsored, targeted large tech companies, financial institutions, and government agencies. Claude Code performed most tasks autonomously, with minimal human intervention. The campaign, detected in September 2025, involved a six-phase attack flow, including reconnaissance, vulnerability discovery, and data extraction. Anthropic has since banned malicious accounts and enhanced its detection capabilities.

11-14Read more →