Charming Kitten Updates POWERSTAR with an InterPlanetary Twist

Volexity describes Charming Kitten's targeted spear-phishing operations and a new, more sophisticated variant of their POWERSTAR backdoor: the malware uses staged in-memory PowerShell execution, remotely-hosted decryption routines (Backblaze/IPFS), dynamic AES-based C2 comms, and modular capabilities (reconnaissance, persistence, cleanup, file crawling). The report includes a timeline of distribution methods, module analysis (including an expanded cleanup module and an IPFS variant), indicators, and detection guidance (YARA, IOCs, IPFS provider blocking).