Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to deliver an information stealer known as StealC.
“The threat actors cloned a legitimate Oura MCP Server – a tool that connects AI assistants to Oura Ring health data – and built a deceptive infrastructure of fake forks and contributors to manufacture credibility,” Straiker’s AI Research (STAR) Labs team said in a report shared with The Hacker News.
The end game is to leverage the trojanized version of the Oura MCP server to deliver the StealC infostealer, allowing the threat actors to steal credentials, browser passwords, and data from cryptocurrency wallets.
SmartLoader, first highlighted by OALABS Research in early 2024, is a malware loader that’s known to be distributed via fake GitHub repositories containing artificial intelligence (AI)-generated lures to give the impression that they are legitimate.
In an analysis published in March 2025, Trend Micro revealed that these repositories are disguised as game cheats, cracked software, and cryptocurrency utilities, typically coaxing victims with promises of free or unauthorized functionality to make download ZIP archives that deploy SmartLoader.
The latest findings from Straiker highlight a new AI twist, with threat actors creating a network of bogus GitHub accounts and repositories to serve trojanized MCP servers and submitting them to legitimate MCP registries like MCP Market. The MCP server is still listed on the MCP directory.
By poisoning MCP registries and weaponizing platforms like GitHub, the idea is to leverage the trust and reputation associated with services to lure unsuspecting users into downloading malware.
“Unlike opportunistic malware campaigns that prioritize speed and volume, SmartLoader invested months building credibility before deploying their payload,” the company said. “This patient, methodical approach demonstrates the threat actor’s understanding that developer trust requires time to manufacture, and their willingness to invest that time for access to high-value targets.”
The attack essentially unfolded over four stages –
- Created at least 5 fake GitHub accounts (YuzeHao2023, punkpeye, dvlan26, halamji, and yzhao112) to build a collection of seemingly legitimate repository forks of Oura MCP server.
- Created another Oura MCP server repository with the malicious payload under a new account “SiddhiBagul”
- Added the newly created fake accounts as “contributors” to lend a veneer of credibility, while deliberately excluding the original author from contributor lists
- Submitted the trojanized server to the MCP Market
This also means that users who end up searching for the Oura MCP server on the registry would end up finding the rogue server listed among other benign alternatives. Once launched via a…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
