Malicious Packagist Laravel packages install a cross-platform RAT enabling remote shell access and system reconnaissance via C2 server.
SloppyLemming targeted Pakistan and Bangladesh with BurrowShell, a Rust keylogger, and 112 Cloudflare Workers domains in 2025–2026.
Distributed through over 100 GitHub repositories, the BoryptGrab stealer targets browser, wallet, system, and other user data ...