RC RANDOM CHAOS

malware analysis

2 posts

A reverse shell dressed as a Firefox patch
Article

A reverse shell dressed as a Firefox patch

Inside the 2025 AUR compromise: how CHAOS RAT shipped in fake browser packages, why update automation made it worse, and how to audit PKGBUILDs in 30 seconds.

The malware leaked itself, not the defenders.
Article

The malware leaked itself, not the defenders.

Needle cryptostealer shipped with a plaintext API key in the Rust binary. One string exposed 1932 victims and the withdrawal config.