Research, News, and Perspectives

Cyber Crime

Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet

TrendAI™ Research analyzed an intrusion where threat actors used the EtherHiding technique to route ClearFake payload delivery through smart contracts on the BNB Smart Chain testnet. The attack chain ended with two simultaneously deployed stealers, SectopRAT and ACRStealer alongside an on-chain execution tracker that confirmed each victim compromise in real time.

Latest News 26/05/2026

Save to Folio

Latest News 26/05/2026

Save to Folio

Malware

Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware

Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections.

Research 22/05/2026

Save to Folio

Research 22/05/2026

Save to Folio

Cyber Crime

One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign

A solo Russian-speaking threat actor ran a 5-year Telegram channel and, starting September 2025, used AI to automate its content, credential theft, and a cryptocurrency fraud scheme targeting American audiences.

Research 21/05/2026

Save to Folio

Research 21/05/2026

Save to Folio

Cyber Threats

Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud

In this blog entry, researchers from the TrendAI™ MDR team discuss how they mapped the full end-to-end operation of SHADOW-WATER-063’s Banana RAT banking malware by analyzing server-side artifacts and victim-side data.

Latest News 19/05/2026

Save to Folio

Latest News 19/05/2026

Save to Folio

Artificial Intelligence (AI)

Agentic Governance: Why It Matters Now

AI agents now act inside the trust boundary with real credentials, and agentic governance is what keeps them from quietly breaking things at machine speed.

18/05/2026

Save to Folio

18/05/2026

Save to Folio

Cyber Threats

Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft

Our research examines the April 22 Checkmarx KICS and April 24 elementary-data incidents as part of a broader TeamPCP supply chain campaign. Across both cases, the actor abused trusted CI/CD and release workflows to steal credentials at scale.

Research 13/05/2026

Save to Folio

Research 13/05/2026

Save to Folio

Artificial Intelligence (AI)

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we have observed of AI agents executing attacks from initial access to data exfiltration.

Research 11/05/2026

Save to Folio

Research 11/05/2026

Save to Folio

Cyber Threats

What Is the Instructure Canvas Breach? Impact, Risks, and What Institutions Should Do

The Instructure Canvas breach affects universities, K–12 school districts, and teaching hospitals globally. This blog entry intends to provide context and practical guidance.

10/05/2026

Save to Folio

10/05/2026

Save to Folio

Artificial Intelligence (AI)

Supporting the National Cyber Strategy: How TrendAI™ Helps

A deeper look at the first three pillars and outlining how our capabilities directly support government agencies working to bring this strategy to life.

Expert Perspective 06/05/2026

Save to Folio

Expert Perspective 06/05/2026

Save to Folio

Cyber Threats

InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise

Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disables security features, achieves persistence, and connects to attacker-controlled C&C servers for additional payloads.

Research 05/05/2026

Save to Folio

Research 05/05/2026

Save to Folio