SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer
Summary
A new SmartLoader campaign distributes a trojanized Oura MCP Server to deploy the StealC information stealer. The attackers cloned a legitimate Oura MCP Server and built a deceptive installer to trick users into installing the malicious software.
IFF Assessment
FOE
The article describes a new malware campaign that actively compromises systems.
Severity
8.1
High
(AI Estimated)
Defender Context
This campaign highlights the increasing sophistication of attackers using trojanized software to distribute malware. Defenders should monitor network traffic for unusual connections related to Oura MCP servers and implement application whitelisting to prevent the execution of unauthorized software. Users should be educated on the risks of downloading software from unofficial sources.