Netcrook
08 June 2026
When a Stealer Comes Wrapped Like a Legit App
A reported Lucid Stealer build uses a Node.js Single Executable Application wrapper, showing how familiar software packaging can blur the line between benign delivery and criminal tooling.
Fast-Flux Domains Put Law Firm Extortion on a Moving Target
Silent Ransom Group is tied to attacks on U.S. law firms, and its use of DNS fast flux shows how criminal infrastructure can be made harder to block without changing the victim side of the playbook.
Lucid Stealer’s New Shell: Why a Node.js Wrapper Changes the Theft Game
A malware build described as Lucid Stealer blends browser credential theft, wallet targeting, and Discord token harvesting with a legitimate Node.js packaging format that can make the payload harder to recognize at a glance.
When AI Workflows Become Malware Drop Zones
OpenClaw has surfaced in a cyber-espionage narrative that turns trusted AI-agent workflows into an attack surface for payload delivery, evasion, and credential risk.
Edge of the Network, Edge of Trust: BRICKSTORM Turns a Firewall Into a Foothold
A reported pfSense compromise shows how a perimeter device can become a quiet persistence point when attackers aim for infrastructure that security teams do not watch like a workstation.