ZeroDay Field Notes - supply-chain backdoors surge

Last month's TeamPCP spree showed no signs of slowing. This past week brought fresh poisonings in PyPI (Telnyx SDK), npm, and VS Code extensions. The actor is now chaining credential theft across ecosystems, using WAV steganography, QR-code obfuscation, and ICP/Solana dead-drop C2 to make takedowns painful. If your CI pipeline pulled anything from the affected version windows, treat the runners as fully burned.

Cascading Supply-Chain Hits Keep Coming

TeamPCP's Telnyx compromise (versions 4.87.1/4.87.2) is the latest link in the chain that began with Trivy, moved through LiteLLM, and now reaches a package with over 742,000 monthly downloads. The payload uses WAV audio steganography to hide the next stage, then runs platform-specific credential harvesters: SSH keys, cloud tokens, K8S secrets. Windows builds drop a persistent msbuild.exe in Startup; Linux/macOS installs a systemd backdoor (sysmon.py). Any runner that imported these versions should be considered fully compromised.

GlassWorm also resurfaced with a three-stage RAT delivered by supply-chain packages. The final payload force-installs a malicious Chrome extension masquerading as "Google Docs Offline" that performs keylogging, clipboard monitoring, DOM surveillance on crypto-exchange sites (Bybit pre-configured as the default target), and SOCKS proxying via WebRTC. C2 uses Solana blockchain memos with Google Calendar invite titles as a fallback: effectively unkillable dead drops.

C2 intel for emulation: GlassWorm runs triple-redundant C2: Solana memo transactions (primary), direct IP over HTTP (first fallback), and Google Calendar invite titles with Base64-encoded payloads (cloud-based fallback). If you're building a simulated C2 channel, the Solana memo approach is worth studying for its takedown resistance.

Takeaway: Pin everything, use lockfiles with hashes, rotate every credential that touched an affected runner, and treat any CI environment as untrusted until proven clean. If your playbook is "just bump the version," it's already too late.

Offensive Research & Tradecraft

• ForsHops - IBM X-Force Red weaponized James Forshaw's trapped COM object research into a completely fileless lateral-movement primitive. It uses DCOM reflection to inject .NET assemblies into a PPL-protected svchost.exe (WaaSMedicSvc) running as SYSTEM. No files on disk, works on Windows Server 2019, and bypasses many EDR heuristics that only watch conventional injection paths. Public PoC is available.

Hunting note: The injection target is WaaSMedicSvc's svchost.exe process. Hunt for unexpected child processes or .NET CLR loading in that specific service host. DCOM lateral movement triggering WaaSMedicSvc activity on the target host is the tell.

• FlipSwitch - Elastic Security Labs published the first public syscall-hooking technique that survives the Linux 6.9 switch-dispatch hardening. By locating and patching relative call offsets inside the compiled x64_sys_call function (after disabling the WP bit in CR0), an attacker with module load rights can hook any syscall on modern kernels. Full PoC and detection YARA included.
• Time-Travel Debugging for .NET Hollowing - Mandiant/Google Cloud Threat Intelligence showed how WinDbg TTD can defeat complex .NET obfuscation and process-hollowing droppers by replaying execution and extracting decrypted strings and C2 addresses. The technique is immediately reusable by any operator analyzing modern infostealers.

Other Notable Activity

• Remcos RAT continues to evolve; a new variant uses ClickFix social engineering to trick users into pasting malicious commands, then delivers via WebDAV while abusing rundll32 to sidestep PowerShell-focused detections.
• VodkaStealer is riding compromised WordPress sites (250+ across 12 countries) with fake Cloudflare CAPTCHA pages to deliver a C++ stealer that hits every major browser and ten crypto wallets, including Exodus, Electrum, Ledger Live, and Trezor.
• Oblivion RAT is a $300/month MaaS Android spyware with a built-in APK factory; it uses AccessibilityService for full device takeover, SMS interception, and Hidden VNC. IOCs and package-name patterns are well documented.

Where this is all going: operator read-out

The supply-chain attacks tracked last month are no longer isolated incidents. They are a sustained campaign stretching across npm, PyPI, GitHub Actions, Docker Hub, and IDE extensions. At the same time, researchers keep handing us new primitives: ForsHops gives you fileless SYSTEM on modern Windows, FlipSwitch hooks syscalls past kernel hardening, and TTD analysis makes .NET hollowing transparent. Each one is a tool you can steal for your next engagement or a detection gap you need to close.

Assume your build pipeline is already dirty and rotate every secret that has ever been used in it. The next wave of tooling research is already in flight.

Stay sharp out there. 

~ UncleSp1d3r