Chinese Hackers Deploy 'Airstalk' Malware in Supply Chain Attacks Targeting Business Outsourcing Firms

Suspected Chinese group targets BPO firms with Airstalk malware, exploiting AirWatch APIs for covert data theft from browsers.

By Content Team

Nov 3, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A suspected Chinese state-sponsored group called CL-STA-1009 is targeting business process outsourcing (BPO) companies with sophisticated malware called Airstalk, according to Palo Alto Networks. BPO firms make attractive targets because they handle critical systems for multiple clients simultaneously, giving attackers a gateway to numerous organizations.

The Airstalk malware comes in PowerShell and .NET variants that abuse AirWatch mobile device management APIs to communicate covertly with command servers. The malware steals browser data from Chrome, Edge, and Island Browser, takes screenshots, and harvests cookies and browsing history. Both versions use likely stolen certificates and altered timestamps to avoid detection within corporate networks.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

SonicWall Blames Nation-State for Customer Portal Breach

Nov 6, 2025

Washington Post Confirms Oracle Hack Exposed 10,000 Employee Records

Nov 15, 2025

Japanese E-commerce Giant Askul Hit by Ransomware Attack, 700,000 Records Stolen

Dec 16, 2025

Critical SmarterMail Vulnerability Allows Remote Code Execution

Dec 30, 2025