https://threatprophet.com/tags/onedrive/Recent content in Onedrive on ThreatProphetHugo -- 0.163.0en-usWed, 03 Jun 2026 00:00:00 +0000https://threatprophet.com/posts/2026-06-03-pawcommerce/Wed, 03 Jun 2026 00:00:00 +0000https://threatprophet.com/posts/2026-06-03-pawcommerce/Analysis of a PawCommerce-themed recruitment lure that delivered a OneDrive-hosted ZIP with dual execution routes: VS Code task-driven Git hook execution and an NPM postinstall/bootstrap path leading to modular Node.js credential theft, wallet collection, file exfiltration, clipboard monitoring, and Socket.IO command-and-control.