216.73.217.19

AppSuite, OneStart & ManualFinder: The Nexus of Deception

· Published 16/09/2025 14:42 · Modified 16/09/2025 17:14

Export JSON

Essential information

Published
16/09/2025 14:42
Modified
16/09/2025 17:14
Tags
2025-09-16 appsuite browser extension browserassistant cloudfront desktopbar infrastructure manualfinder node.js onestart powershell
Related entities
8 techniques (mitre), 5 malware

Description

This analysis reveals connections between three seemingly distinct malicious programs: , , and . The investigation uncovers shared server and similar installation patterns, indicating that these programs are likely created by the same threat actor. , initially a browser based on Chromium, evolved from earlier versions that used node.exe to run malicious JavaScript. The actors behind these programs have been active for years, distributing malware disguised as various utilities such as games, recipe finders, and manual finders. The report highlights the adaptability of these threat actors, who easily morph their software to take new forms and evade detection.

External references