SmartLoader Hackers Clone Oura MCP Project to Distribute StealC Malware
Researchers from Straiker’s AI Research (STAR) Labs uncovered a sophisticated SmartLoader malware campaign where hackers cloned the legitimate Oura MCP server. This malicious operation targeted users, tricking them into downloading a trojanized version that installed the StealC info-stealer, aimed at capturing sensitive information such as developer credentials and cryptocurrency wallets.
The attackers created a deceptive GitHub ecosystem, including fake forks and contributors to enhance credibility. They built an intricate web of AI-generated accounts that mimicked genuine community interest. By excluding the original author from the malicious repository, they avoided scrutiny before submitting the infected package to public MCP registries.
This alarming shift signals a new threat landscape where traditional malware tactics are applied to multi-cloud platforms. Experts highlight the urgent need for heightened security measures in developer environments to prevent credential theft and supply chain compromises, as AI assistants become integral to enterprise workflows.
