The February 2026 threat landscape is dominated by ScreenConnect, which remains the most prevalent threat, often delivered via phishing lures like party invitations. A significant trend this month is the "paste and run" execution technique, used by four of the top-ranked threats, including ClearFake and Scarlet Goldfinch. These threats leverage compromised websites and fake CAPTCHAs to trick users into executing malicious code directly in their terminals.
macOS systems are increasingly targeted, with Atomic Stealer and MacSync Stealer both reaching their highest rankings to date. These stealers focus on browser data and cryptocurrency wallets, with Atomic Stealer recently employing character subtraction obfuscation to bypass Apple's XProtect rules. Additionally, the Vidar infostealer has resurfaced as a prominent threat following the decline of LummaC2 and Rhadamanthys, utilizing mshta and curl for initial execution and data theft.
Top comments (0)