EvilBit Threat Digest - Gateways on Fire, Dependencies with Teeth

If this week had a motto, it'd be: "Your perimeter is a feature. Your build pipeline is a privilege. Your users are still...users." We've got a critical F5 edge RCE under active exploitation, a real-world npm ecosystem compromise with cross-platform RAT behavior, and fresh proof that "paste this into Terminal" scams have fully moved into macOS prime time.

Yes, it's April Fools' Day. No, none of this is a bit. The internet has enough tricks today without us adding to the pile.

Pour something strong. Let's triage.

Priority Triage (do these before your next meeting)

• Patch F5 BIG-IP APM for active RCE and assume exposed boxes may already be owned: NCSC advisory, F5 advisory, F5 IOCs
• Contain the axios/npm supply-chain compromise (developer endpoints + CI runners), pin safe versions (1.14.0 or 0.30.3), rotate secrets: Huntress, Socket, Aikido
• macOS ClickFix is no longer a novelty; it's delivering credential-stealing malware in the open: Malwarebytes

Edge & Web Reality Check (a.k.a. "the internet is still the DMZ")

F5 BIG-IP APM: critical RCE with exploitation confirmed (CVE-2025-53521)

The UK's NCSC put out a rare patch-now-and-investigate warning for CVE-2025-53521, an unauthenticated remote code execution in F5 BIG-IP APM, and they're not being subtle about active exploitation (NCSC, F5 advisory). If APM is your remote access "front desk," this bug is a skeleton key.

The important nuance: this is not just "patch it." F5 published Indicators of Compromise and guidance to help determine whether you've already crossed the line from vulnerability management into incident response (F5 IOCs). Treat internet-exposed APMs like any identity-adjacent edge appliance: patch, validate integrity, and plan for credential/token fallout if exploitation is suspected.

European Commission breach: public web systems, limited detail, high signal

The European Commission confirmed attackers accessed its public web infrastructure (Europa.eu platform) with suspected data exfiltration, while stating internal systems weren't impacted, at least per current scope (The Register, EC statement). The technical specifics are thin, but the pattern isn't: public-facing web stacks remain the easiest "soft underbelly" for persistent access and quiet collection.

Takeaway for defenders: when major orgs say "public systems only," it often means "we're still counting the blast radius." Don't mirror the mistake. Assume your own web tier can be a pivot until you've proven it isn't.

Supply Chain, But Make It Operational (npm edition)

Deep dive: axios npm compromise, phantom dependency, cross-platform RAT behavior

This is the one that should make dev leads stop talking for a minute.

Multiple incident responders and security teams aligned on a supply-chain compromise of axios, specifically malicious releases axios@1.14.1 and axios@0.30.4, with a phantom dependency (plain-crypto-js@4.2.1) used as the delivery rail (Huntress, Socket, StepSecurity, Elastic). This isn't "someone typosquatted a package." This is compromise-at-scale using the ecosystem's own trust. Google's Threat Intelligence Group has since attributed the compromise to a North Korea-nexus actor (GTIG), which reframes this from opportunistic supply-chain abuse to state-sponsored targeting of developer infrastructure.

Why the phantom dependency matters: it's the classic magician's misdirection. People audit the famous package; the payload rides in a dependency with a name that sounds like it belongs. That approach also dodges some simplistic "known-bad version of X" guardrails because the attacker can shift logic into transitive resolution.

Impact model (practical, not theoretical):

• Developer workstations become initial access points.
• CI runners become credential concentrators (npm tokens, cloud keys, signing material, SSH keys).
• The compromise can turn build infrastructure into a distribution platform: your own releases, built by your own pipeline, with a little passenger you didn't invite.

What to do right now (without hand-waving):

• Pin to known-good versions (1.14.0 for 1.x users, 0.30.3 for legacy) and use overrides/resolutions to prevent transitive "surprises" (Huntress).
• Rebuild from clean images for affected build agents if you see RAT artifacts or suspicious post-install behavior. "Clean in place" is how you write part two of this story.
• Rotate secrets as if they were exposed, because that's what "developer malware" optimizes for.

And yes, this is another reminder that "we use lockfiles" is not the same sentence as "we enforce lockfiles."

Endpoint campaigns: ClickFix spreads, Linux stays weird, WhatsApp joins the delivery stack

Infiniti Stealer: ClickFix + Nuitka brings "paste-to-compromise" to macOS

Malwarebytes detailed Infiniti Stealer, a macOS infostealer delivered through ClickFix-style social engineering, fake pages that instruct users to run commands in Terminal, then backed by Nuitka-compiled Python to complicate static analysis (Malwarebytes, plus broader pickup from Forbes and GBHackers). The target list is exactly what you'd expect in 2026: browser creds, Keychain data, crypto wallets, developer .env secrets, and screenshots.

This is an UPDATE in spirit: we've covered ClickFix as a Windows-adjacent infection style before. The fresh angle is the macOS maturation: attackers no longer need to beat Gatekeeper if they can convince a human to do the honors. Your controls aren't "Mac vs Windows." Your controls are, "Can users execute an arbitrary shell from web content?"

perfctl: stealthy Linux malware still leaning on old privilege escalation (CVE-2021-4034)

First documented by Aqua in late 2024, perfctl remains an active concern for Linux server fleets. It uses CVE-2021-4034 (polkit pkexec) for privilege escalation and pairs it with stealth/rootkit behavior and TOR-flavored communications (Aqua, NVD, Red Hat). The headline isn't the CVE: it's the operational reminder that attackers love reliable, well-understood escalation on estates that still contain "that one box nobody patches because it's 'stable'."

If you're responsible for Linux fleets: this is your cue to treat "ancient but ubiquitous" as a risk category, not a history lesson.

WhatsApp-delivered VBScript, cloud payloads, MSI backdoors

Microsoft walked through a campaign that uses WhatsApp as the delivery lane for VBScript, leading to cloud-hosted payloads and MSI backdoors, along with renamed utilities to muddy telemetry (Microsoft Security Blog). Messaging platforms have become the new email: less governed, more trusted, and full of "just open this" moments.

The defender move here isn't mystical: reduce script host exposure, tighten what can execute from user-writable paths, and treat cloud storage egress from endpoints like something worth logging with context.

Critical infrastructure tradecraft: ClickOnce as a red-team-proven delivery system

OneClik: abusing ClickOnce + AppDomainManager hijack + AWS-backed C2 patterns

Trellix published a dense report on OneClik, a controlled red team engagement that used ClickOnce deployment vectors, in-memory payloads, and AppDomainManager hijacking, then leaned on AWS services (CloudFront/API Gateway/Lambda patterns) for command-and-control that blends into normal cloud noise (Trellix).

The research dates to mid-2025, but the technique deserves attention because it weaponizes something defenders often categorize as "legacy enterprise convenience." ClickOnce lives in that uncanny valley of "legitimate enough to be allowed" and "weird enough that nobody monitors it well." That's attacker habitat, whether the exercise is simulated or not.

Quick hits worth your attention

• Silver Fox/ValleyRAT goes seasonal again, this time targeting Japanese firms with tax-season lures, a regional tailoring of a theme we've seen used elsewhere (ESET). Same bait, new language, same result: remote access and theft.
• LinkedIn notification-themed phishing continues to harvest credentials via brand-familiar workflows and lookalike infrastructure (Cofense). The "new" part is rarely the phish; it's the speed and volume of cloned, disposable domains.
• F5 exploitation + public web breaches + dev supply-chain compromise all rhyme on one point: the attacker doesn't need a novel exploit if they can reliably hit what you expose and what you trust.

Closing: Trust is still the most-abused protocol

We keep buying defenses for the threats we respect: zero-days, implants, bespoke tooling. Meanwhile, the breaches stack up in the threats we normalize: edge appliances, dependency trees, and humans doing exactly what the dialog box told them.

Blade Runner had replicants. We have package managers. Same vibe, fewer monologues, more incident tickets.

Eyes on the network. Claws at the ready.