{"data":{"id":"a54ed065-56b5-4381-a6ff-bbf2c14f9151","title":"SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer","summary":"Cybersecurity researchers discovered a SmartLoader campaign where attackers created fake GitHub accounts and a trojanized Model Context Protocol server (a tool that connects AI assistants to external data and services) posing as an Oura Health tool to distribute StealC infostealer malware. The attackers spent months building credibility by creating fake contributors and repositories before submitting the malicious server to legitimate registries, targeting developers whose systems contain valuable data like API keys and cryptocurrency wallet credentials.","solution":"Organizations are recommended to inventory installed MCP servers, establish a formal security review before installation, verify the origin of MCP servers, and monitor for suspicious egress traffic and persistence mechanisms.","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/02/smartloader-attack-uses-trojanized-oura.html","publishedAt":"2026-02-17T12:42:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain","model_poisoning"],"issueType":"news","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Oura Health","Oura MCP Server","MCP Market","StealC","SmartLoader"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity"],"aiComponentTargeted":"plugin","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}