APT36 uses AI malware, Crazy gang abuses RMM, malicious Stripe package, Aeternum botnet on Polygon

Multiple threat actors are actively employing diverse and sophisticated techniques to compromise systems and evade detection. These include state-sponsored groups leveraging AI-generated malware, ransomware gangs abusing legitimate remote management tools, supply chain attacks targeting developers, and botnets utilizing blockchain technology for command and control. The variety of methods highlights the evolving threat landscape and the need for vigilance across multiple attack vectors. ## Latest Update Bitdefender Labs uncovered APT36, a Pakistan-linked group, using AI-generated 'vibeware' against Indian government and defense personnel. The group abuses Google Sheets for C2, blending malicious traffic with legitimate cloud services. ## Timeline * 2026-02-11: The Crazy ransomware gang was observed abusing employee monitoring software (Net Monitor) and SimpleHelp for persistence and remote access in corporate networks. * 2026-02-25: A malicious NuGet package, 'Stripe.net.Metrics', was discovered targeting Stripe developers by harvesting sensitive information and sending it to a remote server. * 2026-02-27: The Aeternum botnet was found using Polygon smart contracts for its command-and-control infrastructure, making it difficult to disrupt. * 2026-03-05: APT36 (Transparent Tribe), linked to Pakistan, is using AI-generated 'vibeware' to target Indian government and defense personnel, using Google Sheets for C2. ## What to Watch * Monitor for unusual RMM tool usage, especially in conjunction with employee monitoring software, as it may indicate ransomware pre-positioning. * Be wary of typosquatting attacks in open-source package repositories and verify the authenticity of packages before installation. * Track blockchain activity for potential C2 communications, as this method offers resilience against traditional takedown efforts.