ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

Anthropic's Claude chatbot became a malware distribution vector this week after threat actors created malicious links that redirected users to trojanized downloads. The attack exploited the platform's URL sharing functionality to deceive users into executing payloads under the guise of legitimate AI conversations.

npm package repositories hosted NastyC2, a collection of malicious packages designed to establish command-and-control infrastructure. Attackers uploaded these packages with names mimicking legitimate libraries, allowing them to slip past initial security reviews and infect developer environments across multiple projects.

Device-code phishing campaigns targeted users authenticating through OAuth flows. Attackers harvested device codes and redirected legitimate authentication attempts, gaining unauthorized access to cloud services and enterprise applications without triggering traditional security alerts.

macOS systems faced fileless attacks that executed entirely in memory, avoiding disk-based detection signatures. These attacks leveraged legitimate system processes to run malicious code, leaving minimal forensic evidence and complicating incident response efforts.

Cloud management tools intended as administrative helpers became attack surfaces when threat actors exploited authentication weaknesses. Once compromised, these agents granted attackers shell-level access to entire cloud infrastructure, treating validated administrative interfaces as open command shells.

Browser extensions distributed through unofficial channels siphoned search queries and user data. These add-ons bypassed standard extension store vetting processes by using misleading descriptions, then transmitted intercepted traffic to command servers.

Edge network devices remained exposed across multiple organizations, with outdated firmware and default credentials enabling lateral movement into core networks. Exposed management interfaces provided attackers direct paths to routing and filtering systems.

Poisoned npm packages continued flooding repositories faster than security teams could flag them. Attackers registered packages with typosquatting variations and legitimate-sounding names, waiting weeks before injecting malicious code during updates.

This pattern reflects attackers treating popular platforms, development tools, and