AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

highnews

security

Source: The Hacker NewsFebruary 17, 2026

Summary

Cybersecurity researchers discovered a SmartLoader campaign where attackers created fake GitHub accounts and a trojanized Model Context Protocol server (a tool that connects AI assistants to external data and services) posing as an Oura Health tool to distribute StealC infostealer malware. The attackers spent months building credibility by creating fake contributors and repositories before submitting the malicious server to legitimate registries, targeting developers whose systems contain valuable data like API keys and cryptocurrency wallet credentials.

Solution / Mitigation

Organizations are recommended to inventory installed MCP servers, establish a formal security review before installation, verify the origin of MCP servers, and monitor for suspicious egress traffic and persistence mechanisms.

Classification

Attack Type

Supply ChainModel Poisoning

Attack SophisticationAdvanced

Impact (CIA+S)

confidentiality

Affected Vendors

HuggingFace

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Similar attackTechCrunch

high

CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling

First tracked: February 17, 2026 at 11:00 AM

Classified by LLM (prompt v3) · confidence: 92%