What happened
Cybersecurity researchers have uncovered a sophisticated SmartLoader malware campaign in which threat actors distributed a trojanized version of a Model Context Protocol (MCP) server connected to Oura Health’s ecosystem. The compromised server is used to deploy the StealC infostealer, enabling attackers to capture credentials, browser-stored passwords, and cryptocurrency wallet data.
Who is affected
Developers and organizations using or experimenting with open‑source MCP servers, particularly those tied to Oura’s tools and registries, are at risk, as threat actors infiltrated trusted repositories and lured users into downloading malicious ZIP archives.
Why CISOs should care
This incident highlights the increasing sophistication of supply chain threats and how attackers build credibility through fake accounts and repositories to compromise trusted development tooling. It underscores the risk of malware distribution through seemingly legitimate open‑source software, which can lead to credential theft, compromised infrastructure access, and data exfiltration.
3 practical actions
- Maintain an up‑to‑date inventory of third‑party and open‑source components (including MCP servers) and their sources before deployment.
- Establish formal security review and provenance verification for any external tool or repository, and use code signing or cryptographic verification where possible.
- Monitor for anomalous egress traffic, persistence mechanisms, and unexpected credential use that may indicate malware activity.