Infinity Stealer ClickFix के ज़रिए macOS को निशाना बनाता है, Red Menshen BPFDoor इम्प्लांट्स टेलीकॉम में मिले, LangChain की गंभीर CVEs सामने आईं
नया Infinity Stealer मैलवेयर ClickFix लूर्स और Nuitka-कम्पाइल्ड Python के ज़रिए macOS को निशाना बनाता है। चीन से जुड़ा Red Menshen टेलीकॉम नेटवर्क में कर्नेल-लेवल BPFDoor इम्प्लांट्स तैनात करता है। LangChain/LangGraph की तीन गंभीर कमज़ोरियाँ एंटरप्राइज़ AI सिस्टम को ख़तरे में डालती हैं। TeamPCP ने WAV स्टेगनोग्राफ़ी से Telnyx PyPI पैकेज को कम्प्रोमाइज़ किया।
🍎 Infinity Stealer: New macOS Malware Uses ClickFix + Nuitka to Evade Detection
⚠️ Active Threat — macOS Users at Risk
Malwarebytes has documented the first macOS campaign combining ClickFix social engineering with a Nuitka-compiled Python infostealer. The malware evades static analysis by producing a native binary with no obvious bytecode layer.
A sophisticated new info-stealing malware dubbed Infinity Stealer has been discovered targeting macOS systems through ClickFix lures — fake CAPTCHA pages that mimic Cloudflare's human verification to trick users into executing malicious terminal commands.
How the Attack Works
The infection chain begins when a victim visits the domain update-check[.]com, which presents a convincing Cloudflare verification prompt. The page instructs the user to paste a base64-obfuscated curl command into the macOS Terminal, effectively bypassing all OS-level protections.
The decoded command writes a stage-2 Nuitka loader to /tmp, removes the quarantine flag via xattr, and executes it via nohup. The loader is an 8.6 MB Mach-O binary containing a 35 MB zstd-compressed archive with the final Infinity Stealer payload (UpdateHelper.bin).
What It Steals
- Browser credentials from Chromium-based browsers and Firefox
- macOS Keychain entries — stored passwords, certificates, and keys
- Cryptocurrency wallets — private keys and seed phrases
- Developer secrets — plaintext credentials in
.envfiles - Screenshots — captured for visual intelligence
All stolen data is exfiltrated via HTTP POST to the C2 server, with a Telegram notification sent to the attackers upon successful exfiltration.
Why Nuitka Matters
Unlike PyInstaller (which bundles Python bytecode), Nuitka compiles Python source code to C, producing a genuine native binary. This eliminates the bytecode layer that security tools typically analyze, making reverse engineering significantly harder and detection rates lower.
Defender Action: Block the domain update-check[.]com. Remind users to never paste commands from websites into Terminal. Monitor for suspicious nohup executions and xattr -d com.apple.quarantine calls. Consider endpoint detection rules for large Mach-O binaries in /tmp.
🇨🇳 Red Menshen: China-Linked APT Deploys "Stealthiest Digital Sleeper Cells" in Telecoms
🔶 Nation-State Espionage — Telecom Infrastructure
Rapid7 has uncovered an ongoing campaign by Red Menshen (Earth Bluecrow / DecisiveArchitect) embedding kernel-level BPFDoor implants in telecom networks across the Middle East and Asia to spy on government communications.
A long-running espionage campaign attributed to the China-nexus threat group Red Menshen has been operating inside telecom provider networks since at least 2021, using some of the most sophisticated stealth techniques ever documented in telecommunications environments.
What Makes BPFDoor So Dangerous
The group's signature tool, BPFDoor, operates at the kernel level using Berkeley Packet Filter (BPF) functionality to inspect network traffic directly inside the Linux kernel. Unlike conventional malware:
- No listening ports — completely invisible to port scans
- No C2 beaconing — generates zero outbound traffic
- Activation by magic packet — dormant until triggered by a specially crafted network packet
- Masquerades as system processes — blends into normal operations
Rapid7 described these implants as "some of the stealthiest digital sleeper cells" ever encountered.
Attack Chain
Initial access targets internet-facing infrastructure from vendors including Ivanti, Cisco, Juniper, Fortinet, VMware, Palo Alto Networks, and Apache Struts. After gaining a foothold, the group deploys:
- CrossC2 — Linux beacon framework for post-exploitation
- Sliver — open-source C2 framework
- TinyShell — lightweight Unix backdoor
- Keyloggers and brute-force tools for credential harvesting
The BPFDoor controller can also operate within the victim's environment, sending activation packets to other internal implants for lateral movement — creating a mesh of hidden backdoors across the network.
Defender Action: Audit Linux systems for unexpected BPF filters using bpftool. Monitor for anomalous raw socket creation. Review edge device firmware and patch status for Ivanti, Cisco, Fortinet, and Palo Alto products. Deploy network traffic analysis capable of detecting magic packet patterns.
🤖 LangChain & LangGraph: Three Critical CVEs Expose Enterprise AI Systems
⚠️ Critical Vulnerabilities — Patch Immediately
Three independently exploitable vulnerabilities in LangChain and LangGraph can leak filesystem data, environment secrets, and conversation histories. Combined weekly downloads exceed 84 million.
Security researcher Vladimir Tokarev of Cyera has disclosed three serious vulnerabilities in LangChain and LangGraph, two of the most widely used frameworks for building LLM-powered applications. Each flaw exposes a different class of enterprise data.
| CVE | CVSS | Type | Impact |
|---|---|---|---|
CVE-2026-34070 |
7.5 | Path Traversal | Arbitrary file read via prompt-loading API |
CVE-2025-68664 |
9.3 | Deserialization | API key and environment secret leakage |
CVE-2025-67644 |
7.3 | SQL Injection | Arbitrary SQL against SQLite checkpoints |
Exploitation Details
CVE-2026-34070 exploits the prompt-loading API in langchain_core/prompts/loading.py. By supplying a crafted prompt template with path traversal sequences, an attacker can read arbitrary files — including Docker configurations and private keys.
CVE-2025-68664 (also known as "LangGrinch") tricks the application into interpreting user input as a pre-serialized LangChain object. This deserialization flaw can siphon all API keys and environment secrets from the deployment.
CVE-2025-67644 targets the LangGraph SQLite checkpoint implementation. By manipulating metadata filter keys, an attacker can inject arbitrary SQL queries to access conversation histories — potentially containing sensitive business data, PII, or internal deliberations.
Patched Versions
- CVE-2026-34070:
langchain-core >= 1.2.22 - CVE-2025-68664:
langchain-core 0.3.81or1.2.5 - CVE-2025-67644:
langgraph-checkpoint-sqlite 3.0.1
Defender Action: Immediately update all LangChain and LangGraph dependencies. Audit AI application deployments for exposed prompt-loading endpoints. Review environment variable access patterns and secrets management for LLM applications.
📦 TeamPCP Strikes Again: Telnyx PyPI Package Compromised with WAV Steganography
The prolific threat actor TeamPCP — already responsible for supply chain attacks on Trivy, KICS, and LiteLLM — has compromised the Telnyx Python SDK on PyPI. Malicious versions 4.87.1 and 4.87.2 were published on March 27, 2026, and the project is now quarantined.
Three-Stage Attack Chain
- Stage 1 — Delivery: Malicious code injected into
telnyx/_client.pyactivates on package import - Stage 2 — Steganography: Downloads a
.WAVfile from C2 containing XOR-obfuscated payloads hidden in audio data - Stage 3 — Collection: In-memory credential harvester targeting browser data, SSH keys, cloud tokens, and environment variables
The entire chain operates in a self-destructing temporary directory, leaving near-zero forensic artifacts. On Windows, the payload persists via the Startup folder as msbuild.exe. On Linux/macOS, it runs in-memory and exfiltrates as tpcp.tar.gz via HTTP POST to 83.142.209[.]203:8080.
Defender Action: Pin Telnyx to version 4.87.0 or lower. Audit CI/CD pipelines for any installation of 4.87.1 or 4.87.2. Block the C2 IP 83.142.209[.]203. Review all TeamPCP-affected packages: Trivy, KICS, LiteLLM, and now Telnyx.
📊 Threat Landscape Summary
| Threat | Category | Severity | Target |
|---|---|---|---|
| Infinity Stealer | Malware | High | macOS users |
| Red Menshen / BPFDoor | APT / Espionage | Critical | Telecom infrastructure |
| LangChain/LangGraph CVEs | Vulnerability | Critical (9.3) | AI/ML enterprise deployments |
| TeamPCP / Telnyx | Supply Chain | High | Python developers |
🔑 Key Takeaways
- ClickFix is becoming the dominant social engineering technique for macOS malware delivery. The combination with Nuitka compilation raises the bar significantly for defenders.
- Nation-state actors are living inside telecom networks using kernel-level implants that are invisible to conventional security tools. BPFDoor represents a class of threats that requires kernel-aware detection capabilities.
- AI framework security is critical infrastructure now. With 84+ million weekly downloads, LangChain/LangGraph vulnerabilities have blast radius comparable to Log4j-class issues.
- TeamPCP is the most prolific supply chain attacker of 2026 so far, with four major package compromises in March alone. Audio steganography for payload delivery is their evolving signature.