The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Airstalk Used in Supply Chain Attacks

Nov 7, 2025 12:58:20 PM / by The Hivemind posted in Threat Bulletin, Supply Chain Attack, PowerShell malware, Airstalk Malware, Browser Exfiltration, AirWatch API, MDM Abuse, Nation-State Actor, .NET Malware, CL-STA-1009

0 Comments

Verticals Targeted: Business Process Outsourcing (BPO)
Regions Targeted: Not Specified
Related Families: None

Executive Summary

Airstalk is a new Windows malware family deployed by a suspected nation-state actor in supply chain attacks, leveraging AirWatch API for covert C2 to exfiltrate browser data. Available in PowerShell and .NET variants, the malware highlights evolving threats to third-party vendors.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More