Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack

A new Windows-based malware family named Airstalk, with PowerShell and .NET variants, has been identified, potentially used by a nation-state threat actor in a supply chain attack. Airstalk misuses the AirWatch API for covert command-and-control (C2) and is capable of exfiltrating sensitive browser data.

Edward Kiledjian @ekiledjian