An automated attack campaign with over 10,000 manipulated GitHub repositories targets AI agents to steal credentials and cryptocurrency wallet data using the infostealer StealC.
15 compromised JetBrains plugins masquerade as AI assistants and steal plaintext API keys over unencrypted HTTP connections to IP address 39.107.60.51.
152 Chrome extensions claim in the Web Store to collect no data, but actually track IP addresses, ISP data, and clicks while spoofing organic search engine traffic.
Hacked websites are systematically exploited by DriveSurge as a malware distribution channel using deceptively authentic update and clickbait techniques.