BPO Beware: Airstalk Malware Airs Your Dirty Laundry in Supply Chain Attacks!

A suspected Chinese state-sponsored threat actor, CL-STA-1009, is making headlines with its AirWatch API-abusing malware, Airstalk. Targeting business process outsourcing entities, this covert operation uses sneaky tactics and stolen certificates. It’s like cybercriminals went to hacking comedy school and graduated with honors—minus the diploma and cap and gown.

3P
Published: November 3, 2025 10:34 amAdded: November 3, 2025 at 2:49 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that the secret to a successful supply chain attack could be found in the fine print of mobile device management APIs? Move over, James Bond – the real espionage action is happening in your smartphone’s settings!

Key Points:

  • Suspected Chinese threat actor, tracked as CL-STA-1009, targets BPO entities.
  • Two malware variants dubbed Airstalk, written in PowerShell and .NET, are used.
  • Malware exploits AirWatch API for covert communication with C&C servers.
  • Targets Chrome, Microsoft Edge, and Island Browser to steal browser data.
  • Employs defense techniques like revoked certificates and altered timestamps.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?