malware analysis
2 posts
Article
A reverse shell dressed as a Firefox patch
Inside the 2025 AUR compromise: how CHAOS RAT shipped in fake browser packages, why update automation made it worse, and how to audit PKGBUILDs in 30 seconds.
Article
The malware leaked itself, not the defenders.
Needle cryptostealer shipped with a plaintext API key in the Rust binary. One string exposed 1932 victims and the withdrawal config.