A Chinese APT has targeted business with the Airstalk malware.

A suspected Chinese state-sponsored group, CL-STA-1009, has been targeting business process outsourcing firms using a malware family called Airstalk. The malware, in PowerShell and .NET variants, abuses VMware’s AirWatch MDM API to establish covert command-and-control channels. It harvests browser data, takes screenshots, and uses stolen certificates to evade detection. These attacks are part of a broader supply chain strategy to infiltrate multiple client environments through compromised BPOs.

Read more:

https://www.securityweek.com/chinese-apt-uses-airstalk-malware-in-supply-chain-attacks/