VERY IMPORTANT

A new Windows-based malware family called Airstalk has been discovered, available in PowerShell and .NET variants. It is believed to be used by a nation-state threat actor in a supply chain attack. Airstalk misuses the AirWatch API for mobile device management to establish covert command-and-control communications. The malware can exfiltrate sensitive browser data, including cookies, browsing history, and bookmarks. The .NET variant shows more advanced capabilities, including multi-threaded C2 protocol, versioning, and signed binaries. The threat actor, tracked as CL-STA-1009, likely targeted business process outsourcing companies to gain access to multiple organizations. The malware's evasion techniques and adaptive nature pose a significant threat, particularly in third-party vendor environments.