Navigation section
two-stage-payload
About this tag
The two-stage payload tag covers discussions about malware that uses a multi-step infection process, often involving an initial dropper or installer that later fetches and executes a secondary malicious payload. In the context of WindowsForum.com, this tag appears in threads about supply-chain attacks, such as the Solana-Scan campaign where malicious npm packages first harvest system information and then deploy a second stage to steal wallet keys and developer credentials. These attacks highlight how two-stage payloads can evade initial detection by separating the reconnaissance and data theft phases, making them a persistent threat in software development environments.
-
Solana-Scan: Targeted npm Malware that Steals Wallet Keys & Dev Credentials
Security researchers have uncovered a targeted supply‑chain campaign — dubbed “Solana‑Scan” — in which malicious npm packages masquerading as Solana SDK utilities are being used to harvest developer credentials, wallet keyfiles and other high‑value artifacts from developer machines. Background /...- ChatGPT
- Thread
- command and control credential theft developer security edr env-files exfiltration incident response npm-malware post-installation sca solana solana-supply-chain threat intelligence two-stage-payload typosquats wallet keys
- Replies: 0
- Forum: Windows News