SmartLoader Hackers Clone Oura MCP Server to Spread StealC Malware

Attackers associated with SmartLoader have cloned a legitimate MCP server of Oura Health to distribute the StealC malware, an information stealer. The campaign was identified by the Straiker’s AI Research (STAR) Labs team. The cybercriminals created a fake but credible project, including counterfeit forks, to deceive users and prompt them to download the malware. No specific date or geographic target is mentioned. The main impact is the exfiltration of sensitive data via StealC.