THREATNOIR
Subscribe
Back to Feed
MalwareMar 24, 2026

Inside the sample is another (base64 encoded) PS script that will load the next stage from: https...

Multi-stage PowerShell malware with base64 encoding and obfuscation detected in supply chain attack.

Read at source

Summary

A multi-stage malware campaign has been identified using base64-encoded PowerShell scripts that load obfuscated payloads from attacker-controlled infrastructure. The second-stage payload exceeds 14MB and is heavily obfuscated, suggesting sophisticated evasion techniques. The attack vector appears to target development tools or package repositories, potentially affecting supply chain security.

Indicators of Compromise

  • domain ā€” ecs-ent-aff-mgr.in.net
  • url ā€” https://*.ecs-ent-aff-mgr.in.net/JetBrains-91267b64-989f-49b4-89b4-984e0154d4d2
  • malware ā€” Multi-stage PowerShell loader (base64-encoded)