#Unit 42
8 stories taggedUnit 42.

Fake Pirated Software Ads Are Draining Passwords and Hijacking Computers to Mine Crypto
A campaign uncovered by Palo Alto Networks researchers is tricking people into downloading malware disguised as cracked software, stealing saved passwords while quietly running up victims' electricity bills.

Fake IT Helpdesk Calls on Microsoft Teams Are Planting EtherRAT on Company PCs
Attackers pose as internal support staff over Teams voice calls, then walk employees through installing remote-access tools that drop a Node.js trojan.

AI Assistants Are Inventing Fake Web Addresses — and Criminals Are Buying Them Up
Researchers at Palo Alto Networks found that AI tools routinely make up plausible-sounding website addresses that don't exist. Criminals are registering those addresses before anyone notices — and one already built a full fraud operation using the same AI trick.

Phantom Squatting: When Attackers Camp on the Domains LLMs Hallucinate
Unit 42 documents a pre-positioning tactic where actors register non-existent domains that chatbots keep suggesting, then wait for the traffic to arrive.

TinyRCT Backdoor Surfaces in CL-STA-1062 Intrusions Across Southeast Asia
Palo Alto Networks ties the previously undocumented implant to a Chinese-speaking cluster targeting state-owned energy and government entities.

Bucket Squatting in Vertex AI SDK Opened Cross-Tenant RCE Window
A staging-bucket naming flaw in two versions of Google's Vertex AI Python SDK let attackers pre-register a victim's expected bucket and swap in a malicious pickle model before the platform could retrieve the original.

'Pickle in the Middle': Vertex AI SDK Bug Let Outsiders Hijack Model Uploads
Unit 42 researchers describe a bucket-squatting flaw in Google's Python SDK that handed code execution inside Vertex AI's serving stack to attackers with no project access.

FlutterShell: A macOS Backdoor Wrapped in Flutter, Dropped by Ad Clicks
Unit 42 traces a malvertising operation to the same crew behind JSCoreRunner, this time hiding a backdoor inside Flutter-built Mac apps.