Hello and welcome to the Thursday, October 16th, 2025 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the sands.edu undergraduate certificate program

in Applied Cybersecurity. Xavier today explains an infestiler written in Python and how it deals

with clipboard content. One of the standard features of infestilers is stealing data from the clipboard, often focusing on things like passwords that maybe copy-pasted or maybe Cryptocoin addresses that are also often copy-pasted because who wants to type in a long random string like this.

Some Infoen Steelers actually automatically recognize some of these string patterns as they're

being copy-pasted to be more selective when it comes to actually ex-filtrating the data.

But not everything on the clipboard is text.

You can also copy-paste images.

And that's what Xavier's Malabar is focusing on here.

In this example, the Python script actually looks also for images

that may be transferred via the clipboard,

and then exfiltrates them via Telegram,

another very common command control channel for Info Steelers like this.

And then we got some bad news for people using products made by F5. F5 today disclosed

that they were breached. They claim an unspecified nation-state actor for the breach,

and the breach apparently did last quite some

extended time, like at least months. As part of the breach, source code was stolen from F5,

and probably most importantly, also information about unpatched vulnerabilities was stolen. And that, of course, is something

that affects users of their products. Remember, their products include products like, for

example, their big IP series, but also EngineX is being maintained by F5. So if you're using

any F5 products like this, definitely pay attention.

...